diff options
| author | Timothy Gu <timothygu99@gmail.com> | 2017-08-05 16:57:10 +0800 |
|---|---|---|
| committer | Timothy Gu <timothygu99@gmail.com> | 2017-08-06 15:10:59 +0800 |
| commit | e96ca62480c6fc14952c81a3e24835b91d6c849e (patch) | |
| tree | 7055d5eeaa7999849d1ac166f6f05b62b7e2271c /test | |
| parent | ff65a2e0517052eb135c54d9ab7b860134b33e69 (diff) | |
| download | android-node-v8-e96ca62480c6fc14952c81a3e24835b91d6c849e.tar.gz android-node-v8-e96ca62480c6fc14952c81a3e24835b91d6c849e.tar.bz2 android-node-v8-e96ca62480c6fc14952c81a3e24835b91d6c849e.zip | |
src: avoid dereference without existence check
Currently the URL API is only used from the JS binding, which always
initializes `base` regardless of `has_base`. Therefore, there is no
actual security risk right now, but would be had we made other C++ parts
of Node.js use this API.
An earlier version of this patch was created by Bradley Farias
<bradley.meck@gmail.com>.
PR-URL: https://github.com/nodejs/node/pull/14591
Refs: https://github.com/nodejs/node/pull/14369#discussion_r128767221
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'test')
| -rw-r--r-- | test/cctest/test_url.cc | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/test/cctest/test_url.cc b/test/cctest/test_url.cc index 1b17ddf78c..2cede1a8a3 100644 --- a/test/cctest/test_url.cc +++ b/test/cctest/test_url.cc @@ -4,6 +4,7 @@ #include "gtest/gtest.h" using node::url::URL; +using node::url::URL_FLAGS_FAILED; class URLTest : public ::testing::Test { protected: @@ -20,6 +21,7 @@ class URLTest : public ::testing::Test { TEST_F(URLTest, Simple) { URL simple("https://example.org:81/a/b/c?query#fragment"); + EXPECT_FALSE(simple.flags() & URL_FLAGS_FAILED); EXPECT_EQ(simple.protocol(), "https:"); EXPECT_EQ(simple.host(), "example.org"); EXPECT_EQ(simple.port(), 81); @@ -32,6 +34,7 @@ TEST_F(URLTest, Simple2) { const char* input = "https://example.org:81/a/b/c?query#fragment"; URL simple(input, strlen(input)); + EXPECT_FALSE(simple.flags() & URL_FLAGS_FAILED); EXPECT_EQ(simple.protocol(), "https:"); EXPECT_EQ(simple.host(), "example.org"); EXPECT_EQ(simple.port(), 81); @@ -40,10 +43,17 @@ TEST_F(URLTest, Simple2) { EXPECT_EQ(simple.fragment(), "fragment"); } +TEST_F(URLTest, NoBase1) { + URL error("123noscheme"); + EXPECT_TRUE(error.flags() & URL_FLAGS_FAILED); +} + TEST_F(URLTest, Base1) { URL base("http://example.org/foo/bar"); - URL simple("../baz", &base); + ASSERT_FALSE(base.flags() & URL_FLAGS_FAILED); + URL simple("../baz", &base); + EXPECT_FALSE(simple.flags() & URL_FLAGS_FAILED); EXPECT_EQ(simple.protocol(), "http:"); EXPECT_EQ(simple.host(), "example.org"); EXPECT_EQ(simple.path(), "/baz"); @@ -52,6 +62,7 @@ TEST_F(URLTest, Base1) { TEST_F(URLTest, Base2) { URL simple("../baz", "http://example.org/foo/bar"); + EXPECT_FALSE(simple.flags() & URL_FLAGS_FAILED); EXPECT_EQ(simple.protocol(), "http:"); EXPECT_EQ(simple.host(), "example.org"); EXPECT_EQ(simple.path(), "/baz"); @@ -63,6 +74,7 @@ TEST_F(URLTest, Base3) { URL simple(input, strlen(input), base, strlen(base)); + EXPECT_FALSE(simple.flags() & URL_FLAGS_FAILED); EXPECT_EQ(simple.protocol(), "http:"); EXPECT_EQ(simple.host(), "example.org"); EXPECT_EQ(simple.path(), "/baz"); |