Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(jest): revert CVE-2023-46809 to allow openpgp tests to pass #27409

Merged
merged 2 commits into from
Feb 19, 2024
Merged

test(jest): revert CVE-2023-46809 to allow openpgp tests to pass #27409

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3b002e7
test(jest): revert `CVE-2023-46809` to allow openpgp tests to pass
viceice Feb 19, 2024
68e3cb6
test: fix args
viceice Feb 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,9 @@
"generate": "run-s 'generate:*'",
"generate:imports": "node tools/generate-imports.mjs",
"git-check": "node tools/check-git-version.mjs",
"jest": "NODE_OPTIONS=\"--experimental-vm-modules\" LOG_LEVEL=fatal GIT_ALLOW_PROTOCOL=file jest --logHeapUsage",
"jest:vscode": "NODE_OPTIONS=\"$NODE_OPTIONS --experimental-vm-modules\" LOG_LEVEL=fatal GIT_ALLOW_PROTOCOL=file jest --logHeapUsage",
"jest:14": "run-s 'jest {@}' --",
"jest:16": "run-s 'jest {@}' --",
"jest-debug": "NODE_OPTIONS=\"--inspect-brk --experimental-vm-modules\" jest --testTimeout=100000000",
"jest": "node tools/jest.mjs",
"jest:vscode": "node tools/jest.mjs",
"jest-debug": "NODE_OPTIONS='$NODE_OPTIONS --inspect-brk' node tools/jest.mjs --testTimeout=100000000",
"lint": "run-s ls-lint type-check eslint prettier markdown-lint git-check doc-fence-check",
"lint-fix": "run-s eslint-fix prettier-fix markdown-lint-fix",
"ls-lint": "ls-lint",
Expand Down
28 changes: 28 additions & 0 deletions tools/jest.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
import { spawnSync } from 'node:child_process';
import { argv, env, version } from 'node:process';
import semver from 'semver';

// needed for tests
env.GIT_ALLOW_PROTOCOL = 'file';
// reduce logging
env.LOG_LEVEL = 'fatal';

const args = ['--experimental-vm-modules'];

/*
* openpgp encryption is broken because it needs PKCS#1 v1.5
* - #27375
* - https://nodejs.org/en/blog/vulnerability/february-2024-security-releases#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
*
* Sadly there is no way to suppress `SECURITY WARNING: Reverting CVE-2023-46809: Marvin attack on PKCS#1 padding` warining
*/
if (semver.satisfies(version, '^18.19.1 || ^20.11.1 || >=21.6.2')) {
args.push('--security-revert=CVE-2023-46809');
}

args.push('node_modules/jest/bin/jest.js', ' --logHeapUsage');

// add other args after `node tools/jest.mjs`
args.push(...argv.slice(2));

spawnSync('node', args, { stdio: 'inherit', env });
Loading