fix(shared-ini-file-loader): ignore prohibited profile name (#1764)

* fix(shared-ini-file-loader): ignore prohibited profile name * fix: address feedbacks
aws · Dec 11, 2020 · a209082 · a209082
1 parent 7e7feb1
commit a209082
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 11 deletions.
diff --git a/packages/shared-ini-file-loader/src/index.spec.ts b/packages/shared-ini-file-loader/src/index.spec.ts
@@ -289,6 +289,20 @@ aws_session_token = ${FOO_CREDS.sessionToken}`.trim()
         },
       });
     });
+
+    it("should ignore profile name in block list", async () => {
+      __addMatcher(
+        DEFAULT_PATH,
+        `
+[__proto__]
+foo = not_exist`.trim()
+      );
+
+      expect(await loadSharedConfigFiles()).toEqual({
+        configFile: {},
+        credentialsFile: {},
+      });
+    });
   });
 
   describe("shared config file", () => {
@@ -527,5 +541,19 @@ aws_session_token = ${FOO_CREDS.sessionToken}`.trim()
         configFile: { default: parsed.default },
       });
     });
+
+    it("should ignore profile name in block list", async () => {
+      __addMatcher(
+        DEFAULT_PATH,
+        `
+[profile __proto__]
+foo = not_exist`.trim()
+      );
+
+      expect(await loadSharedConfigFiles()).toEqual({
+        configFile: {},
+        credentialsFile: {},
+      });
+    });
   });
 });
diff --git a/packages/shared-ini-file-loader/src/index.ts b/packages/shared-ini-file-loader/src/index.ts
@@ -36,7 +36,7 @@ export interface SharedConfigFiles {
 
 const swallowError = () => ({});
 
-export function loadSharedConfigFiles(init: SharedConfigInit = {}): Promise<SharedConfigFiles> {
+export const loadSharedConfigFiles = (init: SharedConfigInit = {}): Promise<SharedConfigFiles> => {
   const {
     filepath = process.env[ENV_CREDENTIALS_PATH] || join(getHomeDir(), ".aws", "credentials"),
     configFilepath = process.env[ENV_CONFIG_PATH] || join(getHomeDir(), ".aws", "config"),
@@ -52,10 +52,10 @@ export function loadSharedConfigFiles(init: SharedConfigInit = {}): Promise<Shar
       credentialsFile,
     };
   });
-}
+};
 
 const profileKeyRegex = /^profile\s(["'])?([^\1]+)\1$/;
-function normalizeConfigFile(data: ParsedIniData): ParsedIniData {
+const normalizeConfigFile = (data: ParsedIniData): ParsedIniData => {
   const map: ParsedIniData = {};
   for (const key of Object.keys(data)) {
     let matches: Array<string> | null;
@@ -71,16 +71,20 @@ function normalizeConfigFile(data: ParsedIniData): ParsedIniData {
   }
 
   return map;
-}
+};
 
-function parseIni(iniData: string): ParsedIniData {
+const profileNameBlockList = ["__proto__", "profile __proto__"];
+const parseIni = (iniData: string): ParsedIniData => {
   const map: ParsedIniData = {};
   let currentSection: string | undefined;
   for (let line of iniData.split(/\r?\n/)) {
     line = line.split(/(^|\s)[;#]/)[0]; // remove comments
     const section = line.match(/^\s*\[([^\[\]]+)]\s*$/);
     if (section) {
       currentSection = section[1];
+      if (profileNameBlockList.includes(currentSection)) {
+        throw new Error(`Found invalid profile name "${currentSection}"`);
+      }
     } else if (currentSection) {
       const item = line.match(/^\s*(.+?)\s*=\s*(.+?)\s*$/);
       if (item) {
@@ -91,10 +95,10 @@ function parseIni(iniData: string): ParsedIniData {
   }
 
   return map;
-}
+};
 
-function slurpFile(path: string): Promise<string> {
-  return new Promise((resolve, reject) => {
+const slurpFile = (path: string): Promise<string> =>
+  new Promise((resolve, reject) => {
     readFile(path, "utf8", (err, data) => {
       if (err) {
         reject(err);
@@ -103,14 +107,13 @@ function slurpFile(path: string): Promise<string> {
       }
     });
   });
-}
 
-function getHomeDir(): string {
+const getHomeDir = (): string => {
   const { HOME, USERPROFILE, HOMEPATH, HOMEDRIVE = `C:${sep}` } = process.env;
 
   if (HOME) return HOME;
   if (USERPROFILE) return USERPROFILE;
   if (HOMEPATH) return `${HOMEDRIVE}${HOMEPATH}`;
 
   return homedir();
-}
+};