From 75c29f1cb7c181952e6d2415c1e056537b037e2f Mon Sep 17 00:00:00 2001 From: Nick O'Leary Date: Mon, 16 Jul 2018 16:44:33 +0100 Subject: [PATCH] Disallow store names that are not A-Za-z0-9_ --- red/runtime/locales/en-US/runtime.json | 1 + red/runtime/nodes/context/index.js | 3 ++ test/red/runtime/nodes/context/index_spec.js | 29 ++++++-------------- 3 files changed, 13 insertions(+), 20 deletions(-) diff --git a/red/runtime/locales/en-US/runtime.json b/red/runtime/locales/en-US/runtime.json index 32c768438..c0fac42dc 100644 --- a/red/runtime/locales/en-US/runtime.json +++ b/red/runtime/locales/en-US/runtime.json @@ -161,6 +161,7 @@ "error-module-not-loaded": "'__module__' could not be loaded", "error-loading-module": "Error loading context module '__module__': __message__ ", "error-module-not-defined": "'module' is not defined in '__storage__' of settings.contextStorage", + "error-invalid-module-name": "Invalid context store name: '__name__'", "error-invalid-default-module": "Invalid storage '__storage__' is specified as a default storage", "error-use-undefined-storage": "Undefined storage '__storage__' is specified" } diff --git a/red/runtime/nodes/context/index.js b/red/runtime/nodes/context/index.js index 0816303a2..a12943863 100644 --- a/red/runtime/nodes/context/index.js +++ b/red/runtime/nodes/context/index.js @@ -56,6 +56,9 @@ function load() { if (pluginName === "_") { continue; } + if (!/^[a-zA-Z0-9_]+$/.test(pluginName)) { + return reject(new Error(log._("context.error-invalid-module-name", {name:pluginName}))); + } // Check if this is setting the 'default' context to be a named plugin if (pluginName === "default" && typeof plugins[pluginName] === "string") { diff --git a/test/red/runtime/nodes/context/index_spec.js b/test/red/runtime/nodes/context/index_spec.js index 73c36eba0..5ec3ff5d7 100644 --- a/test/red/runtime/nodes/context/index_spec.js +++ b/test/red/runtime/nodes/context/index_spec.js @@ -292,26 +292,6 @@ describe('context', function() { Context.init({contextStorage:{file:{module:"localfilesystem",config:{dir:resourcesDir}}}}); Context.load(); }); - it('should accept special storage name', function(done) { - Context.init({ - contextStorage:{ - "#%&":{module:testPlugin}, - \u3042:{module:testPlugin}, - 1:{module:testPlugin}, - } - }); - Context.load().then(function(){ - var context = Context.get("1","flow"); - var cb = function(){done("An error occurred")} - context.set("sign","sign1","#%&",cb); - context.set("file","file2","\u3042",cb); - context.set("num","num3","1",cb); - stubSet.calledWithExactly("1:flow","sign","sign1",cb).should.be.true(); - stubSet.calledWithExactly("1:flow","file","file2",cb).should.be.true(); - stubSet.calledWithExactly("1:flow","num","num3",cb).should.be.true(); - done(); - }).catch(done); - }); it('should ignore reserved storage name `_`', function(done) { Context.init({contextStorage:{_:{module:testPlugin}}}); Context.load().then(function(){ @@ -326,6 +306,15 @@ describe('context', function() { done(); }).catch(done); }); + + it('should fail when using invalid store name', function(done) { + Context.init({contextStorage:{'Invalid name':"noexist"}}); + Context.load().then(function(){ + done("An error was not thrown"); + }).catch(function(){ + done(); + }); + }); it('should fail when using invalid default context', function(done) { Context.init({contextStorage:{default:"noexist"}}); Context.load().then(function(){