From 34177022cf0fd30bdce46b2467ec4ce06544b001 Mon Sep 17 00:00:00 2001 From: ZYSzys Date: Tue, 11 Feb 2020 14:47:27 +0800 Subject: [PATCH 1/2] fs: validate the input data before opening file --- lib/internal/fs/promises.js | 9 +++++---- test/parallel/test-fs-append-file.js | 24 ++++++++++++++++++++---- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/lib/internal/fs/promises.js b/lib/internal/fs/promises.js index 6517a5ef4be056..12cca60ae30de2 100644 --- a/lib/internal/fs/promises.js +++ b/lib/internal/fs/promises.js @@ -141,10 +141,6 @@ function validateFileHandle(handle) { } async function writeFileHandle(filehandle, data, options) { - if (!isArrayBufferView(data)) { - validateStringAfterArrayBufferView(data, 'data'); - data = Buffer.from(data, options.encoding || 'utf8'); - } let remaining = data.length; if (remaining === 0) return; do { @@ -496,6 +492,11 @@ async function writeFile(path, data, options) { options = getOptions(options, { encoding: 'utf8', mode: 0o666, flag: 'w' }); const flag = options.flag || 'w'; + if (!isArrayBufferView(data)) { + validateStringAfterArrayBufferView(data, 'data'); + data = Buffer.from(data, options.encoding || 'utf8'); + } + if (path instanceof FileHandle) return writeFileHandle(path, data, options); diff --git a/test/parallel/test-fs-append-file.js b/test/parallel/test-fs-append-file.js index 8220d01ca1b2fe..64ca5dae49cd90 100644 --- a/test/parallel/test-fs-append-file.js +++ b/test/parallel/test-fs-append-file.js @@ -129,18 +129,34 @@ const throwNextTick = (e) => { process.nextTick(() => { throw e; }); }; .catch(throwNextTick); } -// Test that appendFile does not accept numbers (callback API). +// Test that appendFile does not accept invalid data type (callback API). [false, 5, {}, [], null, undefined].forEach((data) => { const errObj = { code: 'ERR_INVALID_ARG_TYPE', message: /"data"|"buffer"/ }; + const filename = join(tmpdir.path, 'append-invalid-data.txt'); + + assert.throws( + () => fs.appendFile(filename, data, common.mustNotCall()), + errObj + ); + assert.throws( - () => fs.appendFile('foobar', data, common.mustNotCall()), + () => fs.appendFileSync(filename, data), + errObj + ); + + assert.rejects( + fs.promises.appendFile(filename, data).finally(() => { + // The filename shouldn't exist if throwing error. + assert.throws(() => fs.statSync(filename), { + code: 'ENOENT', + message: /no such file or directory/ + }); + }), errObj ); - assert.throws(() => fs.appendFileSync('foobar', data), errObj); - assert.rejects(fs.promises.appendFile('foobar', data), errObj); }); // Test that appendFile accepts file descriptors (callback API). From 8c7e8c22ca932fb48f768d5ac7bd36cbd15560ab Mon Sep 17 00:00:00 2001 From: ZYSzys Date: Tue, 11 Feb 2020 16:38:55 +0800 Subject: [PATCH 2/2] fixup! fs: validate the input data before opening file --- test/parallel/test-fs-append-file.js | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/test/parallel/test-fs-append-file.js b/test/parallel/test-fs-append-file.js index 64ca5dae49cd90..594a93b7c4cbe2 100644 --- a/test/parallel/test-fs-append-file.js +++ b/test/parallel/test-fs-append-file.js @@ -130,7 +130,7 @@ const throwNextTick = (e) => { process.nextTick(() => { throw e; }); }; } // Test that appendFile does not accept invalid data type (callback API). -[false, 5, {}, [], null, undefined].forEach((data) => { +[false, 5, {}, [], null, undefined].forEach(async (data) => { const errObj = { code: 'ERR_INVALID_ARG_TYPE', message: /"data"|"buffer"/ @@ -147,16 +147,18 @@ const throwNextTick = (e) => { process.nextTick(() => { throw e; }); }; errObj ); - assert.rejects( - fs.promises.appendFile(filename, data).finally(() => { - // The filename shouldn't exist if throwing error. - assert.throws(() => fs.statSync(filename), { - code: 'ENOENT', - message: /no such file or directory/ - }); - }), + await assert.rejects( + fs.promises.appendFile(filename, data), errObj ); + // The filename shouldn't exist if throwing error. + assert.throws( + () => fs.statSync(filename), + { + code: 'ENOENT', + message: /no such file or directory/ + } + ); }); // Test that appendFile accepts file descriptors (callback API).