Skip to content

Commit 75392ea

Browse files
dcodeIOdcodeIO
authored
fix: Backport input hardening and CLI fixes to 7.x (#2173)
1 parent 8af8d7c commit 75392ea

62 files changed

Lines changed: 15124 additions & 7170 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/test.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
name: "Test"
2+
env:
3+
NPM_CONFIG_AUDIT: "false"
24
on:
35
push:
46
branches:

.release-please-manifest.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@
33
"cli": "1.2.0",
44
"lib/aspromise": "1.1.2",
55
"lib/base64": "1.1.2",
6-
"lib/codegen": "2.0.4",
6+
"lib/codegen": "2.0.5",
77
"lib/eventemitter": "1.1.0",
88
"lib/fetch": "1.1.1",
99
"lib/float": "1.0.2",
10-
"lib/inquire": "1.1.0",
10+
"lib/inquire": "1.1.1",
1111
"lib/path": "1.1.2",
1212
"lib/pool": "1.1.0",
13-
"lib/utf8": "1.1.0"
13+
"lib/utf8": "1.1.1"
1414
}

bench/data/static_pbjs.js

Lines changed: 90 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ $root.Test = (function() {
1212
function Test(properties) {
1313
if (properties)
1414
for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
15-
if (properties[keys[i]] != null)
15+
if (properties[keys[i]] != null && keys[i] !== "__proto__")
1616
this[keys[i]] = properties[keys[i]];
1717
}
1818

@@ -35,27 +35,37 @@ $root.Test = (function() {
3535
return writer;
3636
};
3737

38-
Test.decode = function decode(reader, length) {
38+
Test.decode = function decode(reader, length, error, long) {
3939
if (!(reader instanceof $Reader))
4040
reader = $Reader.create(reader);
41+
if (long === undefined)
42+
long = 0;
43+
if (long > $Reader.recursionLimit)
44+
throw Error("maximum nesting depth exceeded");
4145
var end = length === undefined ? reader.len : reader.pos + length, message = new $root.Test();
4246
while (reader.pos < end) {
4347
var tag = reader.uint32();
44-
switch (tag >>> 3) {
45-
case 1:
46-
message.string = reader.string();
47-
break;
48-
case 2:
49-
message.uint32 = reader.uint32();
50-
break;
51-
case 3:
52-
message.inner = $root.Test.Inner.decode(reader, reader.uint32());
53-
break;
54-
case 4:
55-
message.float = reader.float();
48+
if (tag === error)
5649
break;
50+
switch (tag >>> 3) {
51+
case 1: {
52+
message.string = reader.string();
53+
break;
54+
}
55+
case 2: {
56+
message.uint32 = reader.uint32();
57+
break;
58+
}
59+
case 3: {
60+
message.inner = $root.Test.Inner.decode(reader, reader.uint32(), undefined, long + 1);
61+
break;
62+
}
63+
case 4: {
64+
message.float = reader.float();
65+
break;
66+
}
5767
default:
58-
reader.skipType(tag & 7);
68+
reader.skipType(tag & 7, long);
5969
break;
6070
}
6171
}
@@ -67,7 +77,7 @@ $root.Test = (function() {
6777
function Inner(properties) {
6878
if (properties)
6979
for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
70-
if (properties[keys[i]] != null)
80+
if (properties[keys[i]] != null && keys[i] !== "__proto__")
7181
this[keys[i]] = properties[keys[i]];
7282
}
7383

@@ -87,24 +97,33 @@ $root.Test = (function() {
8797
return writer;
8898
};
8999

90-
Inner.decode = function decode(reader, length) {
100+
Inner.decode = function decode(reader, length, error, long) {
91101
if (!(reader instanceof $Reader))
92102
reader = $Reader.create(reader);
103+
if (long === undefined)
104+
long = 0;
105+
if (long > $Reader.recursionLimit)
106+
throw Error("maximum nesting depth exceeded");
93107
var end = length === undefined ? reader.len : reader.pos + length, message = new $root.Test.Inner();
94108
while (reader.pos < end) {
95109
var tag = reader.uint32();
96-
switch (tag >>> 3) {
97-
case 1:
98-
message.int32 = reader.int32();
99-
break;
100-
case 2:
101-
message.innerInner = $root.Test.Inner.InnerInner.decode(reader, reader.uint32());
102-
break;
103-
case 3:
104-
message.outer = $root.Outer.decode(reader, reader.uint32());
110+
if (tag === error)
105111
break;
112+
switch (tag >>> 3) {
113+
case 1: {
114+
message.int32 = reader.int32();
115+
break;
116+
}
117+
case 2: {
118+
message.innerInner = $root.Test.Inner.InnerInner.decode(reader, reader.uint32(), undefined, long + 1);
119+
break;
120+
}
121+
case 3: {
122+
message.outer = $root.Outer.decode(reader, reader.uint32(), undefined, long + 1);
123+
break;
124+
}
106125
default:
107-
reader.skipType(tag & 7);
126+
reader.skipType(tag & 7, long);
108127
break;
109128
}
110129
}
@@ -116,7 +135,7 @@ $root.Test = (function() {
116135
function InnerInner(properties) {
117136
if (properties)
118137
for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
119-
if (properties[keys[i]] != null)
138+
if (properties[keys[i]] != null && keys[i] !== "__proto__")
120139
this[keys[i]] = properties[keys[i]];
121140
}
122141

@@ -136,24 +155,33 @@ $root.Test = (function() {
136155
return writer;
137156
};
138157

139-
InnerInner.decode = function decode(reader, length) {
158+
InnerInner.decode = function decode(reader, length, error, long) {
140159
if (!(reader instanceof $Reader))
141160
reader = $Reader.create(reader);
161+
if (long === undefined)
162+
long = 0;
163+
if (long > $Reader.recursionLimit)
164+
throw Error("maximum nesting depth exceeded");
142165
var end = length === undefined ? reader.len : reader.pos + length, message = new $root.Test.Inner.InnerInner();
143166
while (reader.pos < end) {
144167
var tag = reader.uint32();
145-
switch (tag >>> 3) {
146-
case 1:
147-
message.long = reader.int64();
148-
break;
149-
case 2:
150-
message["enum"] = reader.int32();
151-
break;
152-
case 3:
153-
message.sint32 = reader.sint32();
168+
if (tag === error)
154169
break;
170+
switch (tag >>> 3) {
171+
case 1: {
172+
message.long = reader.int64();
173+
break;
174+
}
175+
case 2: {
176+
message["enum"] = reader.int32();
177+
break;
178+
}
179+
case 3: {
180+
message.sint32 = reader.sint32();
181+
break;
182+
}
155183
default:
156-
reader.skipType(tag & 7);
184+
reader.skipType(tag & 7, long);
157185
break;
158186
}
159187
}
@@ -185,7 +213,7 @@ $root.Outer = (function() {
185213
this.bool = [];
186214
if (properties)
187215
for (var keys = Object.keys(properties), i = 0; i < keys.length; ++i)
188-
if (properties[keys[i]] != null)
216+
if (properties[keys[i]] != null && keys[i] !== "__proto__")
189217
this[keys[i]] = properties[keys[i]];
190218
}
191219

@@ -206,28 +234,36 @@ $root.Outer = (function() {
206234
return writer;
207235
};
208236

209-
Outer.decode = function decode(reader, length) {
237+
Outer.decode = function decode(reader, length, error, long) {
210238
if (!(reader instanceof $Reader))
211239
reader = $Reader.create(reader);
240+
if (long === undefined)
241+
long = 0;
242+
if (long > $Reader.recursionLimit)
243+
throw Error("maximum nesting depth exceeded");
212244
var end = length === undefined ? reader.len : reader.pos + length, message = new $root.Outer();
213245
while (reader.pos < end) {
214246
var tag = reader.uint32();
247+
if (tag === error)
248+
break;
215249
switch (tag >>> 3) {
216-
case 1:
217-
if (!(message.bool && message.bool.length))
218-
message.bool = [];
219-
if ((tag & 7) === 2) {
220-
var end2 = reader.uint32() + reader.pos;
221-
while (reader.pos < end2)
250+
case 1: {
251+
if (!(message.bool && message.bool.length))
252+
message.bool = [];
253+
if ((tag & 7) === 2) {
254+
var end2 = reader.uint32() + reader.pos;
255+
while (reader.pos < end2)
256+
message.bool.push(reader.bool());
257+
} else
222258
message.bool.push(reader.bool());
223-
} else
224-
message.bool.push(reader.bool());
225-
break;
226-
case 2:
227-
message.double = reader.double();
228-
break;
259+
break;
260+
}
261+
case 2: {
262+
message.double = reader.double();
263+
break;
264+
}
229265
default:
230-
reader.skipType(tag & 7);
266+
reader.skipType(tag & 7, long);
231267
break;
232268
}
233269
}

cli/package-lock.json

Lines changed: 13 additions & 13 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

cli/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"name": "protobufjs-cli",
33
"description": "Translates between file formats and generates static code as well as TypeScript definitions.",
4-
"version": "1.2.0",
4+
"version": "1.2.1",
55
"author": "Daniel Wirtz <dcode+protobufjs@dcode.io>",
66
"repository": {
77
"type": "git",

cli/pbts.js

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -98,12 +98,17 @@ exports.main = function(args, callback) {
9898
var basedir = path.join(__dirname, ".");
9999
var moduleName = argv.name || "null";
100100
var nodePath = process.execPath;
101-
var cmd = "\"" + nodePath + "\" \"" + require.resolve("jsdoc/jsdoc.js") + "\" -c \"" + path.join(basedir, "lib", "tsd-jsdoc.json") + "\" -q \"module=" + encodeURIComponent(moduleName) + "&comments=" + Boolean(argv.comments) + "\" " + files.map(function(file) { return "\"" + file + "\""; }).join(" ");
102-
var child = child_process.exec(cmd, {
101+
var jsdocArgs = [
102+
require.resolve("jsdoc/jsdoc.js"),
103+
"-c",
104+
path.join(basedir, "lib", "tsd-jsdoc.json"),
105+
"-q",
106+
"module=" + encodeURIComponent(moduleName) + "&comments=" + Boolean(argv.comments)
107+
].concat(files);
108+
var child = child_process.spawn(nodePath, jsdocArgs, {
103109
cwd: process.cwd(),
104110
argv0: "node",
105-
stdio: "pipe",
106-
maxBuffer: 1 << 26 // 67mb
111+
stdio: "pipe"
107112
});
108113
var out = [];
109114
var ended = false;

cli/targets/static.js

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,12 @@ function exportName(object, asInterface) {
9797
function escapeName(name) {
9898
if (!name)
9999
return "$root";
100-
return util.isReserved(name) ? name + "_" : name;
100+
name = name.replace(/\W/g, "");
101+
if (!name)
102+
return "_";
103+
if (/^\d/.test(name))
104+
name = "_" + name;
105+
return util.patterns.reservedRe.test(name) ? name + "_" : name;
101106
}
102107

103108
function aOrAn(name) {

ext/descriptor/index.d.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
import * as $protobuf from "../..";
2+
import Long = require("long");
23
export const FileDescriptorSet: $protobuf.Type;
34

45
export const FileDescriptorProto: $protobuf.Type;
@@ -73,8 +74,11 @@ export interface IFileDescriptorProto {
7374
options?: IFileOptions;
7475
sourceCodeInfo?: any;
7576
syntax?: string;
77+
edition?: IEdition;
7678
}
7779

80+
type IEdition = number;
81+
7882
export interface IFileOptions {
7983
javaPackage?: string;
8084
javaOuterClassname?: string;

0 commit comments

Comments
 (0)