From 347b9f23043a0b76bd2e4ab91f474ef4c90e1088 Mon Sep 17 00:00:00 2001 From: moander Date: Sun, 9 May 2021 22:43:57 +0200 Subject: [PATCH] errors: remove input from ERR_INVALID_URL message Avoid potentially huge messages and leaked secrets. PR-URL: https://github.com/nodejs/node/pull/38614 Reviewed-By: James M Snell Reviewed-By: Tiancheng "Timothy" Gu Reviewed-By: Joyee Cheung Reviewed-By: Luigi Pinca Reviewed-By: Rich Trott Reviewed-By: Darshan Sen --- lib/internal/errors.js | 4 +++- test/es-module/test-esm-loader-invalid-url.mjs | 12 ++++++++---- test/parallel/test-whatwg-url-custom-parsing.js | 7 ++----- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/lib/internal/errors.js b/lib/internal/errors.js index 352f8d49ef5f20..a226b2d6898d4c 100644 --- a/lib/internal/errors.js +++ b/lib/internal/errors.js @@ -1265,7 +1265,9 @@ E('ERR_INVALID_TUPLE', '%s must be an iterable %s tuple', TypeError); E('ERR_INVALID_URI', 'URI malformed', URIError); E('ERR_INVALID_URL', function(input) { this.input = input; - return `Invalid URL: ${input}`; + // Don't include URL in message. + // (See https://github.com/nodejs/node/pull/38614) + return 'Invalid URL'; }, TypeError); E('ERR_INVALID_URL_SCHEME', (expected) => { diff --git a/test/es-module/test-esm-loader-invalid-url.mjs b/test/es-module/test-esm-loader-invalid-url.mjs index e9f04d0af4d4fe..7dce946da2c3c3 100644 --- a/test/es-module/test-esm-loader-invalid-url.mjs +++ b/test/es-module/test-esm-loader-invalid-url.mjs @@ -3,8 +3,12 @@ import { expectsError, mustCall } from '../common/index.mjs'; import assert from 'assert'; import('../fixtures/es-modules/test-esm-ok.mjs') -.then(assert.fail, expectsError({ - code: 'ERR_INVALID_URL', - message: 'Invalid URL: ../fixtures/es-modules/test-esm-ok.mjs' -})) +.then(assert.fail, (error) => { + expectsError({ + code: 'ERR_INVALID_URL', + message: 'Invalid URL' + })(error); + + assert.strictEqual(error.input, '../fixtures/es-modules/test-esm-ok.mjs'); +}) .then(mustCall()); diff --git a/test/parallel/test-whatwg-url-custom-parsing.js b/test/parallel/test-whatwg-url-custom-parsing.js index a07d776d0a25cc..a3532374ca684e 100644 --- a/test/parallel/test-whatwg-url-custom-parsing.js +++ b/test/parallel/test-whatwg-url-custom-parsing.js @@ -55,11 +55,8 @@ for (const test of failureTests) { () => new URL(test.input, test.base), (error) => { assert.throws(() => { throw error; }, expectedError); - - // The input could be processed, so we don't do strict matching here - let match; - assert(match = (`${error}`).match(/Invalid URL: (.*)$/)); - assert.strictEqual(error.input, match[1]); + assert.strictEqual(`${error}`, 'TypeError [ERR_INVALID_URL]: Invalid URL'); + assert.strictEqual(error.message, 'Invalid URL'); return true; }); }