forked from OpenUserJS/OpenUserJS.org
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Start abstracting some validations (OpenUserJS#1847)
* Catch a few more instances of an invalid key check Applies to OpenUserJS#944
- Loading branch information
Showing
3 changed files
with
140 additions
and
72 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
'use strict'; | ||
|
||
// Define some pseudo module globals | ||
var isPro = require('../libs/debug').isPro; | ||
var isDev = require('../libs/debug').isDev; | ||
var isDbg = require('../libs/debug').isDbg; | ||
|
||
//--- Library inclusions | ||
var cleanFilename = require('../libs/helpers').cleanFilename; | ||
var patternHasSameOrigin = require('../libs/helpers').patternHasSameOrigin; | ||
var isFQUrl = require('../libs/helpers').isFQUrl; | ||
|
||
// | ||
|
||
// Determine validity of a Key | ||
function validKey(aAuthorName, aScriptName, aIsLib, aKeyName, aKeyValue) { | ||
var keyValue = null; | ||
var keyValueUtf = null; | ||
var matches = null; | ||
var rAnyLocalMetaUrl = new RegExp( | ||
'^' + patternHasSameOrigin + | ||
'/(?:meta|install|src/scripts)/(.+?)/(.+?)\.(?:meta|user)\.js$' | ||
); | ||
var rSameOrigin = new RegExp( | ||
'^' + patternHasSameOrigin | ||
); | ||
|
||
switch (aKeyName) { | ||
case 'updateURL': | ||
if (aIsLib) { | ||
if (aKeyValue) { | ||
return false; | ||
} | ||
} else { | ||
if (process.env.FORCE_BUSY_UPDATEURL_CHECK === 'true') { | ||
// `@updateURL` must be exact here for OUJS hosted checks and must exist | ||
// e.g. no `search`, no `hash` | ||
|
||
if (aKeyValue) { | ||
|
||
// Check for decoding error | ||
try { | ||
keyValueUtf = decodeURIComponent(aKeyValue); | ||
} catch (aE) { | ||
return false; | ||
} | ||
|
||
// Validate `author` and `name` (installNameBase) to this scripts meta only | ||
matches = keyValueUtf.match(rAnyLocalMetaUrl); | ||
if (matches) { | ||
if (cleanFilename(aAuthorName, '').toLowerCase() + | ||
'/' + cleanFilename(aScriptName, '') === matches[1].toLowerCase() + | ||
'/' + matches[2]) | ||
{ | ||
// Same script | ||
// fallsthrough | ||
} else { | ||
return false; | ||
} | ||
} else { | ||
// Allow offsite checks | ||
|
||
if (!isFQUrl(aKeyValue)) { | ||
return false; | ||
} | ||
|
||
keyValue = new URL(aKeyValue); | ||
if (rSameOrigin.test(keyValue.origin)) { | ||
return false; | ||
} | ||
} | ||
} else { | ||
if (!aIsLib) { | ||
return false; | ||
} | ||
} | ||
} else { | ||
// Nominal tests | ||
|
||
if (aKeyValue) { | ||
if (!isFQUrl(aKeyValue)) { | ||
return false; | ||
} | ||
} | ||
} | ||
} | ||
|
||
break; | ||
default: | ||
} | ||
|
||
return true; | ||
} | ||
exports.validKey = validKey; |