diff options
| author | Kohei Ueno <k.cola119@ezweb.ne.jp> | 2021-02-23 18:24:59 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-23 04:24:59 -0500 |
| commit | 2e3d72064af3013116a7555c049511097eb4e801 (patch) | |
| tree | 8e6a7a20b85142e071ff7e525af5222fd199c6d4 | |
| parent | 8be0c8b43a56ee690463efb3e68686f0fefa868b (diff) | |
fix: panic caused by Deno.env.set("", "") (#9583)
| -rw-r--r-- | cli/tests/unit/os_test.ts | 15 | ||||
| -rw-r--r-- | runtime/ops/os.rs | 14 |
2 files changed, 28 insertions, 1 deletions
diff --git a/cli/tests/unit/os_test.ts b/cli/tests/unit/os_test.ts index 9a2d33f53..5786ad32e 100644 --- a/cli/tests/unit/os_test.ts +++ b/cli/tests/unit/os_test.ts @@ -27,6 +27,21 @@ unitTest({ perms: { env: true } }, function deleteEnv(): void { assertEquals(Deno.env.get("TEST_VAR"), undefined); }); +unitTest({ perms: { env: true } }, function avoidEmptyNamedEnv(): void { + assertThrows(() => Deno.env.set("", "v"), TypeError); + assertThrows(() => Deno.env.set("a=a", "v"), TypeError); + assertThrows(() => Deno.env.set("a\0a", "v"), TypeError); + assertThrows(() => Deno.env.set("TEST_VAR", "v\0v"), TypeError); + + assertThrows(() => Deno.env.get(""), TypeError); + assertThrows(() => Deno.env.get("a=a"), TypeError); + assertThrows(() => Deno.env.get("a\0a"), TypeError); + + assertThrows(() => Deno.env.delete(""), TypeError); + assertThrows(() => Deno.env.delete("a=a"), TypeError); + assertThrows(() => Deno.env.delete("a\0a"), TypeError); +}); + unitTest(function envPermissionDenied1(): void { assertThrows(() => { Deno.env.toObject(); diff --git a/runtime/ops/os.rs b/runtime/ops/os.rs index 0183ffe5f..10e0c8bc1 100644 --- a/runtime/ops/os.rs +++ b/runtime/ops/os.rs @@ -1,7 +1,7 @@ // Copyright 2018-2021 the Deno authors. All rights reserved. MIT license. use crate::permissions::Permissions; -use deno_core::error::AnyError; +use deno_core::error::{type_error, AnyError}; use deno_core::serde_json; use deno_core::serde_json::json; use deno_core::serde_json::Value; @@ -55,6 +55,12 @@ fn op_set_env( ) -> Result<Value, AnyError> { let args: SetEnv = serde_json::from_value(args)?; state.borrow::<Permissions>().check_env()?; + let invalid_key = + args.key.is_empty() || args.key.contains(&['=', '\0'] as &[char]); + let invalid_value = args.value.contains('\0'); + if invalid_key || invalid_value { + return Err(type_error("Key or value contains invalid characters.")); + } env::set_var(args.key, args.value); Ok(json!({})) } @@ -81,6 +87,9 @@ fn op_get_env( ) -> Result<Value, AnyError> { let args: GetEnv = serde_json::from_value(args)?; state.borrow::<Permissions>().check_env()?; + if args.key.is_empty() || args.key.contains(&['=', '\0'] as &[char]) { + return Err(type_error("Key contains invalid characters.")); + } let r = match env::var(args.key) { Err(env::VarError::NotPresent) => json!([]), v => json!([v?]), @@ -100,6 +109,9 @@ fn op_delete_env( ) -> Result<Value, AnyError> { let args: DeleteEnv = serde_json::from_value(args)?; state.borrow::<Permissions>().check_env()?; + if args.key.is_empty() || args.key.contains(&['=', '\0'] as &[char]) { + return Err(type_error("Key contains invalid characters.")); + } env::remove_var(args.key); Ok(json!({})) } |