Skip to content

Commit

Permalink
src: do not pass user input to format string
Browse files Browse the repository at this point in the history
PR-URL: nodejs#48973
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
aduh95 authored and Ceres6 committed Aug 14, 2023
1 parent 5e4f469 commit 3eee719
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
7 changes: 4 additions & 3 deletions src/node_file.cc
Original file line number Diff line number Diff line change
Expand Up @@ -3042,10 +3042,11 @@ void BindingData::LegacyMainResolve(const FunctionCallbackInfo<Value>& args) {
return;
}

std::string err_module_message =
"Cannot find package '" + module_path + "' imported from " + module_base;
env->isolate()->ThrowException(
ERR_MODULE_NOT_FOUND(env->isolate(), err_module_message.c_str()));
ERR_MODULE_NOT_FOUND(env->isolate(),
"Cannot find package '%s' imported from %s",
module_path,
module_base));
}

void BindingData::MemoryInfo(MemoryTracker* tracker) const {
Expand Down
8 changes: 8 additions & 0 deletions test/es-module/test-cjs-legacyMainResolve.js
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,14 @@ describe('legacyMainResolve', () => {
);
});

it('should not crash when cannot resolve to a file that contains special chars', () => {
const packageJsonUrl = pathToFileURL('/c/file%20with%20percents/package.json');
assert.throws(
() => legacyMainResolve(packageJsonUrl, { main: null }, packageJsonUrl),
{ code: 'ERR_MODULE_NOT_FOUND' },
);
});

it('should throw when cannot resolve to a file (base not defined)', () => {
const packageJsonUrl = pathToFileURL(
path.resolve(
Expand Down

0 comments on commit 3eee719

Please sign in to comment.