@squiz/render-runtime-lib 1.2.1-alpha.68 → 1.2.1-alpha.69
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.d.ts +14 -2
- package/lib/index.js +21534 -570
- package/lib/index.js.map +3 -3
- package/lib/migrations/20220704054051_initial.sql +17 -0
- package/lib/test/helpers/fixtures.d.ts +2 -1
- package/lib/test/helpers/stack.d.ts +1 -1
- package/lib/utils/convertFunctionStaticFilesToFqdn.spec.d.ts +1 -0
- package/lib/utils/getManifestPath.d.ts +1 -0
- package/lib/utils/getManifestPath.spec.d.ts +1 -0
- package/lib/utils/isInProductionMode.d.ts +1 -0
- package/lib/utils/isInProductionMode.spec.d.ts +1 -0
- package/lib/webserver/app.d.ts +2 -1
- package/lib/webserver/controllers/test/definition-route-tests.d.ts +1 -0
- package/lib/webserver/controllers/test/render-route-tests.d.ts +1 -0
- package/lib/webserver/controllers/test/static-route-tests.d.ts +1 -0
- package/lib/webserver/index.d.ts +3 -1
- package/lib/worker/bridge.js +25 -15
- package/lib/worker/setup-node-sandbox.js +5 -0
- package/lib/worker/setup-sandbox.js +6 -3
- package/lib/worker/transformer.js +4 -0
- package/lib/worker/worker-root.js +125 -59
- package/lib/worker/worker-root.js.map +3 -3
- package/package.json +9 -8
|
@@ -99,6 +99,8 @@ var require_bridge = __commonJS({
|
|
|
99
99
|
var thisErrorCaptureStackTrace = Error.captureStackTrace;
|
|
100
100
|
var thisSymbolToString = Symbol.prototype.toString;
|
|
101
101
|
var thisSymbolToStringTag = Symbol.toStringTag;
|
|
102
|
+
var thisSymbolIterator = Symbol.iterator;
|
|
103
|
+
var thisSymbolNodeJSUtilInspectCustom = Symbol.for("nodejs.util.inspect.custom");
|
|
102
104
|
var VMError = class extends Error {
|
|
103
105
|
constructor(message, code) {
|
|
104
106
|
super(message);
|
|
@@ -305,7 +307,10 @@ var require_bridge = __commonJS({
|
|
|
305
307
|
class BaseHandler extends SafeBase {
|
|
306
308
|
constructor(object) {
|
|
307
309
|
super();
|
|
308
|
-
this.
|
|
310
|
+
this.objectWrapper = () => object;
|
|
311
|
+
}
|
|
312
|
+
getObject() {
|
|
313
|
+
return this.objectWrapper();
|
|
309
314
|
}
|
|
310
315
|
getFactory() {
|
|
311
316
|
return defaultFactory;
|
|
@@ -362,7 +367,7 @@ var require_bridge = __commonJS({
|
|
|
362
367
|
throw thisUnexpected();
|
|
363
368
|
}
|
|
364
369
|
get(target, key, receiver) {
|
|
365
|
-
const object = this.
|
|
370
|
+
const object = this.getObject();
|
|
366
371
|
switch (key) {
|
|
367
372
|
case "constructor": {
|
|
368
373
|
const desc = otherSafeGetOwnPropertyDescriptor(object, key);
|
|
@@ -402,7 +407,7 @@ var require_bridge = __commonJS({
|
|
|
402
407
|
return this.fromOtherWithContext(ret);
|
|
403
408
|
}
|
|
404
409
|
set(target, key, value, receiver) {
|
|
405
|
-
const object = this.
|
|
410
|
+
const object = this.getObject();
|
|
406
411
|
if (key === "__proto__" && !thisOtherHasOwnProperty(object, key)) {
|
|
407
412
|
return this.setPrototypeOf(target, value);
|
|
408
413
|
}
|
|
@@ -420,7 +425,7 @@ var require_bridge = __commonJS({
|
|
|
420
425
|
throw new VMError(OPNA);
|
|
421
426
|
}
|
|
422
427
|
apply(target, context, args) {
|
|
423
|
-
const object = this.
|
|
428
|
+
const object = this.getObject();
|
|
424
429
|
let ret;
|
|
425
430
|
try {
|
|
426
431
|
context = otherFromThis(context);
|
|
@@ -432,7 +437,7 @@ var require_bridge = __commonJS({
|
|
|
432
437
|
return thisFromOther(ret);
|
|
433
438
|
}
|
|
434
439
|
construct(target, args, newTarget) {
|
|
435
|
-
const object = this.
|
|
440
|
+
const object = this.getObject();
|
|
436
441
|
let ret;
|
|
437
442
|
try {
|
|
438
443
|
args = otherFromThisArguments(args);
|
|
@@ -443,13 +448,13 @@ var require_bridge = __commonJS({
|
|
|
443
448
|
return thisFromOtherWithFactory(this.getFactory(), ret, thisFromOther(object));
|
|
444
449
|
}
|
|
445
450
|
getOwnPropertyDescriptorDesc(target, prop, desc) {
|
|
446
|
-
const object = this.
|
|
451
|
+
const object = this.getObject();
|
|
447
452
|
if (desc && typeof object === "function" && (prop === "arguments" || prop === "caller" || prop === "callee"))
|
|
448
453
|
desc.value = null;
|
|
449
454
|
return desc;
|
|
450
455
|
}
|
|
451
456
|
getOwnPropertyDescriptor(target, prop) {
|
|
452
|
-
const object = this.
|
|
457
|
+
const object = this.getObject();
|
|
453
458
|
let desc;
|
|
454
459
|
try {
|
|
455
460
|
desc = otherSafeGetOwnPropertyDescriptor(object, prop);
|
|
@@ -490,7 +495,7 @@ var require_bridge = __commonJS({
|
|
|
490
495
|
return desc;
|
|
491
496
|
}
|
|
492
497
|
defineProperty(target, prop, desc) {
|
|
493
|
-
const object = this.
|
|
498
|
+
const object = this.getObject();
|
|
494
499
|
if (!thisReflectSetPrototypeOf(desc, null))
|
|
495
500
|
throw thisUnexpected();
|
|
496
501
|
desc = this.definePropertyDesc(target, prop, desc);
|
|
@@ -540,7 +545,7 @@ var require_bridge = __commonJS({
|
|
|
540
545
|
return true;
|
|
541
546
|
}
|
|
542
547
|
deleteProperty(target, prop) {
|
|
543
|
-
const object = this.
|
|
548
|
+
const object = this.getObject();
|
|
544
549
|
try {
|
|
545
550
|
return otherReflectDeleteProperty(object, prop) === true;
|
|
546
551
|
} catch (e) {
|
|
@@ -548,7 +553,7 @@ var require_bridge = __commonJS({
|
|
|
548
553
|
}
|
|
549
554
|
}
|
|
550
555
|
has(target, key) {
|
|
551
|
-
const object = this.
|
|
556
|
+
const object = this.getObject();
|
|
552
557
|
try {
|
|
553
558
|
return otherReflectHas(object, key) === true;
|
|
554
559
|
} catch (e) {
|
|
@@ -556,7 +561,7 @@ var require_bridge = __commonJS({
|
|
|
556
561
|
}
|
|
557
562
|
}
|
|
558
563
|
isExtensible(target) {
|
|
559
|
-
const object = this.
|
|
564
|
+
const object = this.getObject();
|
|
560
565
|
try {
|
|
561
566
|
if (otherReflectIsExtensible(object))
|
|
562
567
|
return true;
|
|
@@ -569,7 +574,7 @@ var require_bridge = __commonJS({
|
|
|
569
574
|
return false;
|
|
570
575
|
}
|
|
571
576
|
ownKeys(target) {
|
|
572
|
-
const object = this.
|
|
577
|
+
const object = this.getObject();
|
|
573
578
|
let res;
|
|
574
579
|
try {
|
|
575
580
|
res = otherReflectOwnKeys(object);
|
|
@@ -579,7 +584,7 @@ var require_bridge = __commonJS({
|
|
|
579
584
|
return thisFromOther(res);
|
|
580
585
|
}
|
|
581
586
|
preventExtensions(target) {
|
|
582
|
-
const object = this.
|
|
587
|
+
const object = this.getObject();
|
|
583
588
|
try {
|
|
584
589
|
if (!otherReflectPreventExtensions(object))
|
|
585
590
|
return false;
|
|
@@ -592,7 +597,7 @@ var require_bridge = __commonJS({
|
|
|
592
597
|
return true;
|
|
593
598
|
}
|
|
594
599
|
enumerate(target) {
|
|
595
|
-
const object = this.
|
|
600
|
+
const object = this.getObject();
|
|
596
601
|
let res;
|
|
597
602
|
try {
|
|
598
603
|
res = otherReflectEnumerate(object);
|
|
@@ -602,6 +607,9 @@ var require_bridge = __commonJS({
|
|
|
602
607
|
return this.fromOtherWithContext(res);
|
|
603
608
|
}
|
|
604
609
|
}
|
|
610
|
+
BaseHandler.prototype[thisSymbolNodeJSUtilInspectCustom] = void 0;
|
|
611
|
+
BaseHandler.prototype[thisSymbolToStringTag] = "VM2 Wrapper";
|
|
612
|
+
BaseHandler.prototype[thisSymbolIterator] = void 0;
|
|
605
613
|
function defaultFactory(object) {
|
|
606
614
|
return new BaseHandler(object);
|
|
607
615
|
}
|
|
@@ -668,7 +676,7 @@ var require_bridge = __commonJS({
|
|
|
668
676
|
this.mock = mock;
|
|
669
677
|
}
|
|
670
678
|
get(target, key, receiver) {
|
|
671
|
-
const object = this.
|
|
679
|
+
const object = this.getObject();
|
|
672
680
|
const mock = this.mock;
|
|
673
681
|
if (thisReflectApply(thisObjectHasOwnProperty, mock, key) && !thisOtherHasOwnProperty(object, key)) {
|
|
674
682
|
return mock[key];
|
|
@@ -910,7 +918,7 @@ var require_compiler = __commonJS({
|
|
|
910
918
|
return removeShebang(code);
|
|
911
919
|
}
|
|
912
920
|
function lookupCompiler(compiler) {
|
|
913
|
-
if (typeof compiler
|
|
921
|
+
if ("function" === typeof compiler)
|
|
914
922
|
return compiler;
|
|
915
923
|
switch (compiler) {
|
|
916
924
|
case "coffeescript":
|
|
@@ -6229,6 +6237,9 @@ ${error.stack}`;
|
|
|
6229
6237
|
let argsOffset;
|
|
6230
6238
|
if (args === null) {
|
|
6231
6239
|
code = body;
|
|
6240
|
+
if (!/\b(?:catch|import|async)\b/.test(code)) {
|
|
6241
|
+
return { __proto__: null, code, hasAsync: false };
|
|
6242
|
+
}
|
|
6232
6243
|
} else {
|
|
6233
6244
|
code = isAsync ? "(async function" : "(function";
|
|
6234
6245
|
if (isGenerator)
|
|
@@ -6647,7 +6658,7 @@ return exports;})`);
|
|
|
6647
6658
|
const allowEval = options.eval !== false;
|
|
6648
6659
|
const allowWasm = options.wasm !== false;
|
|
6649
6660
|
const allowAsync = optAllowAsync && !options.fixAsync;
|
|
6650
|
-
if (sandbox && typeof sandbox
|
|
6661
|
+
if (sandbox && "object" !== typeof sandbox) {
|
|
6651
6662
|
throw new VMError("Sandbox must be object.");
|
|
6652
6663
|
}
|
|
6653
6664
|
const resolvedCompiler = lookupCompiler(compiler);
|
|
@@ -7838,7 +7849,7 @@ var require_nodevm = __commonJS({
|
|
|
7838
7849
|
strict = false,
|
|
7839
7850
|
sandbox
|
|
7840
7851
|
} = options;
|
|
7841
|
-
if (sandbox && typeof sandbox
|
|
7852
|
+
if (sandbox && "object" !== typeof sandbox) {
|
|
7842
7853
|
throw new VMError("Sandbox must be an object.");
|
|
7843
7854
|
}
|
|
7844
7855
|
super({ __proto__: null, compiler, eval: allowEval, wasm });
|
|
@@ -7908,7 +7919,7 @@ var require_nodevm = __commonJS({
|
|
|
7908
7919
|
}
|
|
7909
7920
|
}
|
|
7910
7921
|
call(method, ...args) {
|
|
7911
|
-
if (typeof method
|
|
7922
|
+
if ("function" === typeof method) {
|
|
7912
7923
|
return method(...args);
|
|
7913
7924
|
} else {
|
|
7914
7925
|
throw new VMError("Unrecognized method type.");
|
|
@@ -7981,15 +7992,15 @@ var require_nodevm = __commonJS({
|
|
|
7981
7992
|
static code(script2, filename, options) {
|
|
7982
7993
|
let unresolvedFilename;
|
|
7983
7994
|
if (filename != null) {
|
|
7984
|
-
if (typeof filename
|
|
7995
|
+
if ("object" === typeof filename) {
|
|
7985
7996
|
options = filename;
|
|
7986
7997
|
unresolvedFilename = options.filename;
|
|
7987
|
-
} else if (typeof filename
|
|
7998
|
+
} else if ("string" === typeof filename) {
|
|
7988
7999
|
unresolvedFilename = filename;
|
|
7989
8000
|
} else {
|
|
7990
8001
|
throw new VMError("Invalid arguments.");
|
|
7991
8002
|
}
|
|
7992
|
-
} else if (typeof options
|
|
8003
|
+
} else if ("object" === typeof options) {
|
|
7993
8004
|
unresolvedFilename = options.filename;
|
|
7994
8005
|
}
|
|
7995
8006
|
if (arguments.length > 3) {
|
|
@@ -19690,7 +19701,7 @@ var require_jsonpointer = __commonJS({
|
|
|
19690
19701
|
obj = obj[untilde(pointer[p++])];
|
|
19691
19702
|
if (len === p)
|
|
19692
19703
|
return obj;
|
|
19693
|
-
if (typeof obj !== "object")
|
|
19704
|
+
if (typeof obj !== "object" || obj === null)
|
|
19694
19705
|
return void 0;
|
|
19695
19706
|
}
|
|
19696
19707
|
}
|
|
@@ -20560,12 +20571,12 @@ var require_legacy_streams = __commonJS({
|
|
|
20560
20571
|
if (this.encoding)
|
|
20561
20572
|
this.setEncoding(this.encoding);
|
|
20562
20573
|
if (this.start !== void 0) {
|
|
20563
|
-
if (typeof this.start
|
|
20574
|
+
if ("number" !== typeof this.start) {
|
|
20564
20575
|
throw TypeError("start must be a Number");
|
|
20565
20576
|
}
|
|
20566
20577
|
if (this.end === void 0) {
|
|
20567
20578
|
this.end = Infinity;
|
|
20568
|
-
} else if (typeof this.end
|
|
20579
|
+
} else if ("number" !== typeof this.end) {
|
|
20569
20580
|
throw TypeError("end must be a Number");
|
|
20570
20581
|
}
|
|
20571
20582
|
if (this.start > this.end) {
|
|
@@ -20608,7 +20619,7 @@ var require_legacy_streams = __commonJS({
|
|
|
20608
20619
|
this[key] = options[key];
|
|
20609
20620
|
}
|
|
20610
20621
|
if (this.start !== void 0) {
|
|
20611
|
-
if (typeof this.start
|
|
20622
|
+
if ("number" !== typeof this.start) {
|
|
20612
20623
|
throw TypeError("start must be a Number");
|
|
20613
20624
|
}
|
|
20614
20625
|
if (this.start < 0) {
|
|
@@ -22892,7 +22903,7 @@ var require_LoadedComponent = __commonJS({
|
|
|
22892
22903
|
return `${this.getUniqueComponentSlug()}-${functionName}`;
|
|
22893
22904
|
}
|
|
22894
22905
|
getFullFunctionEntryPointFilePath(functionEntryPath) {
|
|
22895
|
-
return path_1.default.join(this.componentFilesRoot,
|
|
22906
|
+
return path_1.default.resolve(path_1.default.join(this.componentFilesRoot, functionEntryPath));
|
|
22896
22907
|
}
|
|
22897
22908
|
};
|
|
22898
22909
|
exports.LoadedComponent = LoadedComponent;
|
|
@@ -23054,14 +23065,11 @@ var require_loadManifest = __commonJS({
|
|
|
23054
23065
|
var ManifestValidationError = class extends Error {
|
|
23055
23066
|
};
|
|
23056
23067
|
exports.ManifestValidationError = ManifestValidationError;
|
|
23057
|
-
async function loadManifest(
|
|
23058
|
-
const manifestPath = path_1.default.join(componentRoot, componentName, version, "manifest.json");
|
|
23068
|
+
async function loadManifest(manifestPath) {
|
|
23059
23069
|
if (await fs_extra_1.default.pathExists(manifestPath)) {
|
|
23060
23070
|
const { manifest, validation } = await readManifest(manifestPath);
|
|
23061
23071
|
if (!validation.isValid) {
|
|
23062
23072
|
throw new ManifestValidationError(validation.message);
|
|
23063
|
-
} else if (version !== manifest.version) {
|
|
23064
|
-
throw new error_1.InternalServerError(`manifest version miss match, expected version ${version} does not equal loaded version ${manifest.version}`);
|
|
23065
23073
|
} else {
|
|
23066
23074
|
return manifest;
|
|
23067
23075
|
}
|
|
@@ -23074,7 +23082,7 @@ var require_loadManifest = __commonJS({
|
|
|
23074
23082
|
const manifestValidationResult = (0, validateManifest_1.validateManifest)(manifest);
|
|
23075
23083
|
return { manifest, validation: manifestValidationResult };
|
|
23076
23084
|
}
|
|
23077
|
-
async function findComponentManifests(directory, nesting =
|
|
23085
|
+
async function findComponentManifests(directory, nesting = 10) {
|
|
23078
23086
|
if (await isComponentDirectory(directory)) {
|
|
23079
23087
|
return [await tryReadManifest(directory)];
|
|
23080
23088
|
}
|
|
@@ -23091,16 +23099,53 @@ var require_loadManifest = __commonJS({
|
|
|
23091
23099
|
return fs_extra_1.default.pathExists(path_1.default.join(directory, "manifest.json"));
|
|
23092
23100
|
}
|
|
23093
23101
|
async function tryReadManifest(directory) {
|
|
23094
|
-
|
|
23095
|
-
|
|
23096
|
-
|
|
23097
|
-
|
|
23098
|
-
|
|
23102
|
+
try {
|
|
23103
|
+
const { manifest, validation } = await readManifest(path_1.default.join(directory, "manifest.json"));
|
|
23104
|
+
if (validation.isValid) {
|
|
23105
|
+
return { directory, manifest, status: "valid" };
|
|
23106
|
+
} else {
|
|
23107
|
+
return {
|
|
23108
|
+
directory,
|
|
23109
|
+
manifest,
|
|
23110
|
+
validationError: new ManifestValidationError(validation.message),
|
|
23111
|
+
status: "invalid"
|
|
23112
|
+
};
|
|
23113
|
+
}
|
|
23114
|
+
} catch (e) {
|
|
23115
|
+
let message = "Unknown error occurred";
|
|
23116
|
+
if (e instanceof Error && e.message) {
|
|
23117
|
+
message = e.message;
|
|
23118
|
+
}
|
|
23119
|
+
return {
|
|
23120
|
+
directory,
|
|
23121
|
+
manifest: void 0,
|
|
23122
|
+
validationError: new ManifestValidationError(message),
|
|
23123
|
+
status: "invalid"
|
|
23124
|
+
};
|
|
23099
23125
|
}
|
|
23100
23126
|
}
|
|
23101
23127
|
}
|
|
23102
23128
|
});
|
|
23103
23129
|
|
|
23130
|
+
// ../component-lib/lib/util/isPathTryingToAccessOutsideOfRoot.js
|
|
23131
|
+
var require_isPathTryingToAccessOutsideOfRoot = __commonJS({
|
|
23132
|
+
"../component-lib/lib/util/isPathTryingToAccessOutsideOfRoot.js"(exports) {
|
|
23133
|
+
"use strict";
|
|
23134
|
+
var __importDefault = exports && exports.__importDefault || function(mod) {
|
|
23135
|
+
return mod && mod.__esModule ? mod : { "default": mod };
|
|
23136
|
+
};
|
|
23137
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
23138
|
+
exports.isPathTryingToAccessOutsideOfRoot = void 0;
|
|
23139
|
+
var path_1 = __importDefault(require("path"));
|
|
23140
|
+
function isPathTryingToAccessOutsideOfRoot(rootPath, filePath) {
|
|
23141
|
+
const resolvedRoot = path_1.default.resolve(rootPath);
|
|
23142
|
+
const joinedPath = path_1.default.join(resolvedRoot, filePath);
|
|
23143
|
+
return !joinedPath.includes(resolvedRoot);
|
|
23144
|
+
}
|
|
23145
|
+
exports.isPathTryingToAccessOutsideOfRoot = isPathTryingToAccessOutsideOfRoot;
|
|
23146
|
+
}
|
|
23147
|
+
});
|
|
23148
|
+
|
|
23104
23149
|
// ../component-lib/lib/loaders/loadComponent.js
|
|
23105
23150
|
var require_loadComponent = __commonJS({
|
|
23106
23151
|
"../component-lib/lib/loaders/loadComponent.js"(exports) {
|
|
@@ -23115,25 +23160,37 @@ var require_loadComponent = __commonJS({
|
|
|
23115
23160
|
var LoadedComponent_1 = require_LoadedComponent();
|
|
23116
23161
|
var loadManifest_1 = require_loadManifest();
|
|
23117
23162
|
var fs_1 = require("fs");
|
|
23118
|
-
|
|
23163
|
+
var isPathTryingToAccessOutsideOfRoot_1 = require_isPathTryingToAccessOutsideOfRoot();
|
|
23164
|
+
var error_1 = require_error();
|
|
23165
|
+
async function loadComponent(componentManifestPath, componentName, componentVersion, componentRootUrl, executor, loadInProductionMode) {
|
|
23119
23166
|
var _a;
|
|
23120
|
-
const
|
|
23121
|
-
const
|
|
23167
|
+
const componentRootPath = path_1.default.resolve(componentManifestPath, "..");
|
|
23168
|
+
const manifest = await (0, loadManifest_1.loadManifest)(componentManifestPath);
|
|
23122
23169
|
const staticFileLocationRoot = ((_a = manifest["static-files"]) === null || _a === void 0 ? void 0 : _a["location-root"]) || "";
|
|
23123
|
-
if (
|
|
23170
|
+
if ((0, isPathTryingToAccessOutsideOfRoot_1.isPathTryingToAccessOutsideOfRoot)(componentRootPath, staticFileLocationRoot)) {
|
|
23124
23171
|
throw new Error(`access to a static file location root outside the parent directory in "${manifest.name} ${manifest.version}" is not alllowed`);
|
|
23125
23172
|
}
|
|
23126
23173
|
for (const func of manifest.functions) {
|
|
23127
|
-
await assertFuncEntryFilesAreValid(
|
|
23174
|
+
await assertFuncEntryFilesAreValid(componentRootPath, manifest, func);
|
|
23128
23175
|
if (func.output["response-type"] === "html" && staticFileLocationRoot) {
|
|
23129
|
-
await assertStaticFilesAreValid(
|
|
23176
|
+
await assertStaticFilesAreValid(componentRootPath, manifest, func, staticFileLocationRoot);
|
|
23177
|
+
}
|
|
23178
|
+
}
|
|
23179
|
+
const component = new LoadedComponent_1.LoadedComponent(manifest, componentRootPath, componentRootUrl, executor);
|
|
23180
|
+
if (loadInProductionMode) {
|
|
23181
|
+
const manifest2 = component.getManifest();
|
|
23182
|
+
if (componentVersion !== manifest2.version) {
|
|
23183
|
+
throw new error_1.InternalServerError(`manifest version miss match, expected version ${componentVersion} does not equal loaded version ${manifest2.version}`);
|
|
23184
|
+
}
|
|
23185
|
+
if (componentName !== manifest2.name) {
|
|
23186
|
+
throw new error_1.InternalServerError(`manifest name miss match, expected name ${componentVersion} does not equal loaded name ${manifest2.name}`);
|
|
23130
23187
|
}
|
|
23131
23188
|
}
|
|
23132
|
-
return
|
|
23189
|
+
return component;
|
|
23133
23190
|
}
|
|
23134
23191
|
exports.loadComponent = loadComponent;
|
|
23135
23192
|
async function assertFuncEntryFilesAreValid(componentRoot, manifest, func) {
|
|
23136
|
-
if (
|
|
23193
|
+
if ((0, isPathTryingToAccessOutsideOfRoot_1.isPathTryingToAccessOutsideOfRoot)(componentRoot, func.entry) || !await isReadable(componentRoot, func.entry)) {
|
|
23137
23194
|
throw new Error(`access to component "${func.name}'s" entry file "${func.entry}" outside the parent directory in "${manifest.name} ${manifest.version}" is not alllowed`);
|
|
23138
23195
|
}
|
|
23139
23196
|
}
|
|
@@ -23144,15 +23201,11 @@ var require_loadComponent = __commonJS({
|
|
|
23144
23201
|
if (staticFile.file.startsWith("http://") || staticFile.file.startsWith("https://")) {
|
|
23145
23202
|
continue;
|
|
23146
23203
|
}
|
|
23147
|
-
if (
|
|
23204
|
+
if ((0, isPathTryingToAccessOutsideOfRoot_1.isPathTryingToAccessOutsideOfRoot)(staticFileRoot, staticFile.file) || !await isReadable(staticFileRoot, staticFile.file)) {
|
|
23148
23205
|
throw new Error(`access to a static file "${staticFile.file}" for "${func.name}" outside the parent directory in "${manifest.name} ${manifest.version}" is not alllowed`);
|
|
23149
23206
|
}
|
|
23150
23207
|
}
|
|
23151
23208
|
}
|
|
23152
|
-
async function isPathTraversing(basePath, file) {
|
|
23153
|
-
const filePath = path_1.default.join(basePath, file);
|
|
23154
|
-
return !filePath.includes(basePath);
|
|
23155
|
-
}
|
|
23156
23209
|
async function isReadable(basePath, file) {
|
|
23157
23210
|
try {
|
|
23158
23211
|
await fs_extra_1.default.access(path_1.default.join(basePath, file), fs_1.constants.R_OK);
|
|
@@ -27744,7 +27797,7 @@ var require_stream_readable = __commonJS({
|
|
|
27744
27797
|
debug("ondata");
|
|
27745
27798
|
increasedAwaitDrain = false;
|
|
27746
27799
|
var ret = dest.write(chunk);
|
|
27747
|
-
if (
|
|
27800
|
+
if (false === ret && !increasedAwaitDrain) {
|
|
27748
27801
|
if ((state.pipesCount === 1 && state.pipes === dest || state.pipesCount > 1 && indexOf(state.pipes, dest) !== -1) && !cleanedUp) {
|
|
27749
27802
|
debug("false write response, pause", src._readableState.awaitDrain);
|
|
27750
27803
|
src._readableState.awaitDrain++;
|
|
@@ -27886,7 +27939,7 @@ var require_stream_readable = __commonJS({
|
|
|
27886
27939
|
}
|
|
27887
27940
|
Readable.prototype.pause = function() {
|
|
27888
27941
|
debug("call pause flowing=%j", this._readableState.flowing);
|
|
27889
|
-
if (this._readableState.flowing
|
|
27942
|
+
if (false !== this._readableState.flowing) {
|
|
27890
27943
|
debug("pause");
|
|
27891
27944
|
this._readableState.flowing = false;
|
|
27892
27945
|
this.emit("pause");
|
|
@@ -29875,7 +29928,7 @@ var require_stream_readable2 = __commonJS({
|
|
|
29875
29928
|
debug("ondata");
|
|
29876
29929
|
increasedAwaitDrain = false;
|
|
29877
29930
|
var ret = dest.write(chunk);
|
|
29878
|
-
if (
|
|
29931
|
+
if (false === ret && !increasedAwaitDrain) {
|
|
29879
29932
|
if ((state.pipesCount === 1 && state.pipes === dest || state.pipesCount > 1 && indexOf(state.pipes, dest) !== -1) && !cleanedUp) {
|
|
29880
29933
|
debug("false write response, pause", src._readableState.awaitDrain);
|
|
29881
29934
|
src._readableState.awaitDrain++;
|
|
@@ -30017,7 +30070,7 @@ var require_stream_readable2 = __commonJS({
|
|
|
30017
30070
|
}
|
|
30018
30071
|
Readable.prototype.pause = function() {
|
|
30019
30072
|
debug("call pause flowing=%j", this._readableState.flowing);
|
|
30020
|
-
if (this._readableState.flowing
|
|
30073
|
+
if (false !== this._readableState.flowing) {
|
|
30021
30074
|
debug("pause");
|
|
30022
30075
|
this._readableState.flowing = false;
|
|
30023
30076
|
this.emit("pause");
|
|
@@ -32362,7 +32415,7 @@ var require_common = __commonJS({
|
|
|
32362
32415
|
function setopts(self2, pattern, options) {
|
|
32363
32416
|
if (!options)
|
|
32364
32417
|
options = {};
|
|
32365
|
-
if (options.matchBase && pattern.indexOf("/")
|
|
32418
|
+
if (options.matchBase && -1 === pattern.indexOf("/")) {
|
|
32366
32419
|
if (options.noglobstar) {
|
|
32367
32420
|
throw new Error("base matching requires globstar");
|
|
32368
32421
|
}
|
|
@@ -36800,7 +36853,7 @@ var require_core3 = __commonJS({
|
|
|
36800
36853
|
}
|
|
36801
36854
|
var isDir = data.type === "directory";
|
|
36802
36855
|
if (data.name) {
|
|
36803
|
-
if (typeof data.prefix === "string" && data.prefix
|
|
36856
|
+
if (typeof data.prefix === "string" && "" !== data.prefix) {
|
|
36804
36857
|
data.name = data.prefix + "/" + data.name;
|
|
36805
36858
|
data.prefix = null;
|
|
36806
36859
|
}
|
|
@@ -37983,9 +38036,9 @@ var require_crc32 = __commonJS({
|
|
|
37983
38036
|
var CRC32;
|
|
37984
38037
|
(function(factory) {
|
|
37985
38038
|
if (typeof DO_NOT_EXPORT_CRC === "undefined") {
|
|
37986
|
-
if (typeof exports
|
|
38039
|
+
if ("object" === typeof exports) {
|
|
37987
38040
|
factory(exports);
|
|
37988
|
-
} else if (typeof define
|
|
38041
|
+
} else if ("function" === typeof define && define.amd) {
|
|
37989
38042
|
define(function() {
|
|
37990
38043
|
var module3 = {};
|
|
37991
38044
|
factory(module3);
|
|
@@ -40546,9 +40599,21 @@ var require_joinAbsoluteUrlPath = __commonJS({
|
|
|
40546
40599
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
40547
40600
|
exports.joinAbsoluteUrlPath = void 0;
|
|
40548
40601
|
function joinAbsoluteUrlPath(...args) {
|
|
40549
|
-
|
|
40602
|
+
const [rootUrl] = args;
|
|
40603
|
+
const url = new URL(getSanitisedString(args), "http://example.com");
|
|
40604
|
+
if (urlIsAbsolute(rootUrl)) {
|
|
40605
|
+
return url.toString();
|
|
40606
|
+
} else {
|
|
40607
|
+
return url.pathname.replace(/(^\/|\/$)/g, "");
|
|
40608
|
+
}
|
|
40550
40609
|
}
|
|
40551
40610
|
exports.joinAbsoluteUrlPath = joinAbsoluteUrlPath;
|
|
40611
|
+
function getSanitisedString(subdirs) {
|
|
40612
|
+
return subdirs.map((dir) => dir.replace(/(^\.\/+)|(^\/+|\/+$)/g, "")).join("/");
|
|
40613
|
+
}
|
|
40614
|
+
function urlIsAbsolute(url) {
|
|
40615
|
+
return url.match(/^http(s?):\/\//);
|
|
40616
|
+
}
|
|
40552
40617
|
}
|
|
40553
40618
|
});
|
|
40554
40619
|
|
|
@@ -40687,6 +40752,7 @@ var require_lib6 = __commonJS({
|
|
|
40687
40752
|
__exportStar(require_v12(), exports);
|
|
40688
40753
|
__exportStar(require_parseEnvVarForVar(), exports);
|
|
40689
40754
|
__exportStar(require_getNodeEnv(), exports);
|
|
40755
|
+
__exportStar(require_isPathTryingToAccessOutsideOfRoot(), exports);
|
|
40690
40756
|
}
|
|
40691
40757
|
});
|
|
40692
40758
|
|