Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

fix: better input validation for add #1656

Closed
wants to merge 2 commits into from
Closed

fix: better input validation for add #1656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c0bb784
fix: better input validation for add
Oct 23, 2018
f23eda9
chore: update interface-ipfs-core dependency
Nov 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@
"execa": "^1.0.0",
"form-data": "^2.3.3",
"hat": "0.0.3",
"interface-ipfs-core": "~0.86.0",
"interface-ipfs-core": "~0.87.0",
"ipfsd-ctl": "ipfs/js-ipfsd-ctl#update-dag-pb-to-not-have-cid-property",
"ncp": "^2.0.0",
"qs": "^6.5.2",
Expand Down
24 changes: 16 additions & 8 deletions src/core/components/files-regular.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ const waterfall = require('async/waterfall')
const isStream = require('is-stream')
const isSource = require('is-pull-stream').isSource
const Duplex = require('readable-stream').Duplex
const OtherBuffer = require('buffer').Buffer
const isString = require('lodash/isString')
const CID = require('cids')
const toB58String = require('multihashes').toB58String
const errCode = require('err-code')
Expand Down Expand Up @@ -292,15 +292,23 @@ module.exports = function (self) {

options = options || {}

const ok = Buffer.isBuffer(data) ||
isStream.readable(data) ||
Array.isArray(data) ||
OtherBuffer.isBuffer(data) ||
typeof data === 'object' ||
isSource(data)
// Buffer, pull stream or Node.js stream
const isBufferOrStream = obj => Buffer.isBuffer(obj) || isStream.readable(obj) || isSource(obj)
// An object like { content?, path? }, where content isBufferOrStream and path isString
const isContentObject = obj => {
if (typeof obj !== 'object') return false
// path is optional if content is present
if (obj.content) return isBufferOrStream(obj.content)
// path must be a non-empty string if no content
return Boolean(obj.path) && isString(obj.path)
}
// An input atom: a buffer, stream or content object
const isInput = obj => isBufferOrStream(obj) || isContentObject(obj)
// All is ok if data isInput or data is an array of isInput
const ok = isInput(data) || (Array.isArray(data) && data.every(isInput))

if (!ok) {
return callback(new Error('first arg must be a buffer, readable stream, pull stream, an object or array of objects'))
return callback(new Error('invalid input: expected buffer, readable stream, pull stream, object or array of objects'))
}

// CID v0 is for multihashes encoded with sha2-256
Expand Down