From 021d84881935461db707c6a77c8482449e297cfa Mon Sep 17 00:00:00 2001 From: Brian Gough Date: Tue, 21 Mar 2017 11:29:37 +0000 Subject: [PATCH] create separate function for path checking --- app/coffee/ResourceWriter.coffee | 31 +++++++++++---------- app/coffee/TikzManager.coffee | 11 +++++--- test/unit/coffee/ResourceWriterTests.coffee | 17 +++++++++-- test/unit/coffee/TikzManager.coffee | 6 ++++ 4 files changed, 45 insertions(+), 20 deletions(-) diff --git a/app/coffee/ResourceWriter.coffee b/app/coffee/ResourceWriter.coffee index a7da588..8c3245f 100644 --- a/app/coffee/ResourceWriter.coffee +++ b/app/coffee/ResourceWriter.coffee @@ -75,19 +75,22 @@ module.exports = ResourceWriter = callback() _writeResourceToDisk: (project_id, resource, basePath, callback = (error) ->) -> - path = Path.normalize(Path.join(basePath, resource.path)) + ResourceWriter.checkPath basePath, resource.path, (error, path) -> + return callback(error) if error? + mkdirp Path.dirname(path), (error) -> + return callback(error) if error? + # TODO: Don't overwrite file if it hasn't been modified + if resource.url? + UrlCache.downloadUrlToFile project_id, resource.url, path, resource.modified, (err)-> + if err? + logger.err err:err, project_id:project_id, path:path, resource_url:resource.url, modified:resource.modified, "error downloading file for resources" + callback() #try and continue compiling even if http resource can not be downloaded at this time + else + fs.writeFile path, resource.content, callback + + checkPath: (basePath, resourcePath, callback) -> + path = Path.normalize(Path.join(basePath, resourcePath)) if (path.slice(0, basePath.length) != basePath) return callback new Error("resource path is outside root directory") - - mkdirp Path.dirname(path), (error) -> - return callback(error) if error? - # TODO: Don't overwrite file if it hasn't been modified - if resource.url? - UrlCache.downloadUrlToFile project_id, resource.url, path, resource.modified, (err)-> - if err? - logger.err err:err, project_id:project_id, path:path, resource_url:resource.url, modified:resource.modified, "error downloading file for resources" - callback() #try and continue compiling even if http resource can not be downloaded at this time - else - fs.writeFile path, resource.content, callback - - + else + return callback(null, path) diff --git a/app/coffee/TikzManager.coffee b/app/coffee/TikzManager.coffee index a7f29e9..7766bc1 100644 --- a/app/coffee/TikzManager.coffee +++ b/app/coffee/TikzManager.coffee @@ -1,5 +1,6 @@ fs = require "fs" Path = require "path" +ResourceWriter = require "./ResourceWriter" logger = require "logger-sharelatex" # for \tikzexternalize to work the main file needs to match the @@ -30,8 +31,10 @@ module.exports = TikzManager = return false injectOutputFile: (compileDir, mainFile, callback = (error) ->) -> - fs.readFile Path.join(compileDir, mainFile), "utf8", (error, content) -> + ResourceWriter.checkPath compileDir, mainFile, (error, path) -> return callback(error) if error? - logger.log compileDir: compileDir, mainFile: mainFile, "copied file to ouput.tex for tikz" - # use wx flag to ensure that output file does not already exist - fs.writeFile Path.join(compileDir, "output.tex"), content, {flag:'wx'}, callback + fs.readFile path, "utf8", (error, content) -> + return callback(error) if error? + logger.log compileDir: compileDir, mainFile: mainFile, "copied file to ouput.tex for tikz" + # use wx flag to ensure that output file does not already exist + fs.writeFile Path.join(compileDir, "output.tex"), content, {flag:'wx'}, callback diff --git a/test/unit/coffee/ResourceWriterTests.coffee b/test/unit/coffee/ResourceWriterTests.coffee index c1e72a8..c3c25cc 100644 --- a/test/unit/coffee/ResourceWriterTests.coffee +++ b/test/unit/coffee/ResourceWriterTests.coffee @@ -157,6 +157,19 @@ describe "ResourceWriter", -> .calledWith(new Error("resource path is outside root directory")) .should.equal true - + describe "checkPath", -> + describe "with a valid path", -> + beforeEach -> + @ResourceWriter.checkPath("foo", "bar", @callback) - + it "should return the joined path", -> + @callback.calledWith(null, "foo/bar") + .should.equal true + + describe "with an invalid path", -> + beforeEach -> + @ResourceWriter.checkPath("foo", "baz/../../bar", @callback) + + it "should return an error", -> + @callback.calledWith(new Error("resource path is outside root directory")) + .should.equal true diff --git a/test/unit/coffee/TikzManager.coffee b/test/unit/coffee/TikzManager.coffee index 859c392..4c99daa 100644 --- a/test/unit/coffee/TikzManager.coffee +++ b/test/unit/coffee/TikzManager.coffee @@ -6,6 +6,7 @@ modulePath = require('path').join __dirname, '../../../app/js/TikzManager' describe 'TikzManager', -> beforeEach -> @TikzManager = SandboxedModule.require modulePath, requires: + "./ResourceWriter": @ResourceWriter = {} "fs": @fs = {} "logger-sharelatex": @logger = {log: () ->} @@ -49,8 +50,13 @@ describe 'TikzManager', -> ''' @fs.readFile = sinon.stub().callsArgWith(2, null, @content) @fs.writeFile = sinon.stub().callsArg(3) + @ResourceWriter.checkPath = sinon.stub().callsArgWith(2, null, "#{@rootDir}/#{@filename}") @TikzManager.injectOutputFile @rootDir, @filename, @callback + it "sould check the path", -> + @ResourceWriter.checkPath.calledWith(@rootDir, @filename) + .should.equal true + it "should read the file", -> @fs.readFile .calledWith("#{@rootDir}/#{@filename}", "utf8")