mirror of
https://github.com/pnpm/pnpm.git
synced 2026-05-29 19:20:04 -04:00
26a7d633bf
* fix(patching/apply-patch): reject patch paths that escape the patched directory A malicious .patch file with `diff --git a/../../X` headers could otherwise write, delete, or rename files outside the patched package as the user running `pnpm install`. * refactor(patching/apply-patch): narrow caught errors via util.types.isNativeError Drops the `any`-typed catch + eslint-disable in favor of the cross-realm-safe narrowing pattern documented in CLAUDE.md. * refactor(patching/apply-patch): replace error helper with PatchPathEscapesError class * chore(patching/apply-patch): reword comment to satisfy cspell
89 lines
2.7 KiB
TypeScript
89 lines
2.7 KiB
TypeScript
import fs from 'node:fs'
|
|
import path from 'node:path'
|
|
|
|
import { beforeEach, describe, expect, it, jest } from '@jest/globals'
|
|
import { tempDir } from '@pnpm/prepare'
|
|
import { fixtures } from '@pnpm/test-fixtures'
|
|
|
|
const f = fixtures(import.meta.dirname)
|
|
|
|
const originalModule = await import('@pnpm/logger')
|
|
jest.unstable_mockModule('@pnpm/logger', () => {
|
|
return {
|
|
...originalModule,
|
|
globalWarn: jest.fn(),
|
|
}
|
|
})
|
|
|
|
const { globalWarn } = await import('@pnpm/logger')
|
|
const { applyPatchToDir } = await import('@pnpm/patching.apply-patch')
|
|
|
|
beforeEach(() => {
|
|
jest.mocked(globalWarn).mockClear()
|
|
})
|
|
|
|
function prepareDirToPatch () {
|
|
const dir = tempDir()
|
|
f.copy('patch-target.txt', path.join(dir, 'patch-target.txt'))
|
|
return dir
|
|
}
|
|
|
|
describe('applyPatchToDir()', () => {
|
|
it('should succeed when patch is applicable', () => {
|
|
const patchFilePath = f.find('applicable.patch')
|
|
const successfullyPatched = f.find('successfully-patched.txt')
|
|
const patchedDir = prepareDirToPatch()
|
|
expect(
|
|
applyPatchToDir({
|
|
patchFilePath,
|
|
patchedDir,
|
|
})
|
|
).toBe(true)
|
|
const patchTarget = path.join(patchedDir, 'patch-target.txt')
|
|
expect(fs.readFileSync(patchTarget, 'utf-8')).toBe(fs.readFileSync(successfullyPatched, 'utf-8'))
|
|
})
|
|
it('should fail when patch fails to apply', () => {
|
|
const patchFilePath = f.find('non-applicable.patch')
|
|
const patchedDir = prepareDirToPatch()
|
|
expect(() => {
|
|
applyPatchToDir({
|
|
patchFilePath,
|
|
patchedDir,
|
|
})
|
|
}).toThrow(`Could not apply patch ${patchFilePath} to ${patchedDir}`)
|
|
expect(fs.readFileSync(path.join(patchedDir, 'patch-target.txt'), 'utf-8')).toBe(fs.readFileSync(f.find('patch-target.txt'), 'utf-8'))
|
|
})
|
|
it('should fail on invalid patch', () => {
|
|
const patchFilePath = f.find('invalid.patch')
|
|
expect(() => {
|
|
applyPatchToDir({
|
|
patchFilePath,
|
|
patchedDir: tempDir(),
|
|
})
|
|
}).toThrow(`Applying patch "${patchFilePath}" failed: hunk header integrity check failed`)
|
|
})
|
|
it('should fail if the patch file is not found', () => {
|
|
expect(() => {
|
|
applyPatchToDir({
|
|
patchFilePath: 'does-not-exist.patch',
|
|
patchedDir: tempDir(),
|
|
})
|
|
}).toThrow('Patch file not found')
|
|
})
|
|
it('should reject a patch whose paths escape the patched directory', () => {
|
|
const patchFilePath = f.find('path-traversal.patch')
|
|
const patchedDir = tempDir()
|
|
const sentinel = path.join('/tmp', 'pnpm-patch-traversal-pwned')
|
|
try {
|
|
fs.unlinkSync(sentinel)
|
|
} catch {}
|
|
expect(() => {
|
|
applyPatchToDir({
|
|
patchFilePath,
|
|
patchedDir,
|
|
})
|
|
}).toThrow(/patch path escapes target dir/)
|
|
expect(fs.existsSync(sentinel)).toBe(false)
|
|
})
|
|
})
|