You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
103 lines
2.3 KiB
103 lines
2.3 KiB
'use strict'
|
|
|
|
const test = require('tap').test
|
|
const FormData = require('form-data')
|
|
const Fastify = require('fastify')
|
|
const multipart = require('..')
|
|
const http = require('http')
|
|
const path = require('path')
|
|
const fs = require('fs')
|
|
|
|
const filePath = path.join(__dirname, '../README.md')
|
|
|
|
test('should not allow __proto__ as file name', function (t) {
|
|
t.plan(4)
|
|
|
|
const fastify = Fastify()
|
|
t.teardown(fastify.close.bind(fastify))
|
|
|
|
fastify.register(multipart)
|
|
|
|
fastify.post('/', async function (req, reply) {
|
|
t.ok(req.isMultipart())
|
|
|
|
try {
|
|
await req.file()
|
|
reply.code(200).send()
|
|
} catch (error) {
|
|
t.ok(error instanceof fastify.multipartErrors.PrototypeViolationError)
|
|
reply.code(500).send()
|
|
}
|
|
})
|
|
|
|
fastify.listen({ port: 0 }, async function () {
|
|
// request
|
|
const form = new FormData()
|
|
const opts = {
|
|
protocol: 'http:',
|
|
hostname: 'localhost',
|
|
port: fastify.server.address().port,
|
|
path: '/',
|
|
headers: form.getHeaders(),
|
|
method: 'POST'
|
|
}
|
|
|
|
const req = http.request(opts, (res) => {
|
|
t.equal(res.statusCode, 500)
|
|
res.resume()
|
|
res.on('end', () => {
|
|
t.pass('res ended successfully')
|
|
})
|
|
})
|
|
const rs = fs.createReadStream(filePath)
|
|
form.append('__proto__', rs)
|
|
|
|
form.pipe(req)
|
|
})
|
|
})
|
|
|
|
test('should not allow __proto__ as field name', function (t) {
|
|
t.plan(4)
|
|
|
|
const fastify = Fastify()
|
|
t.teardown(fastify.close.bind(fastify))
|
|
|
|
fastify.register(multipart)
|
|
|
|
fastify.post('/', async function (req, reply) {
|
|
t.ok(req.isMultipart())
|
|
|
|
try {
|
|
await req.file()
|
|
reply.code(200).send()
|
|
} catch (error) {
|
|
t.ok(error instanceof fastify.multipartErrors.PrototypeViolationError)
|
|
reply.code(500).send()
|
|
}
|
|
})
|
|
|
|
fastify.listen({ port: 0 }, async function () {
|
|
// request
|
|
const form = new FormData()
|
|
const opts = {
|
|
protocol: 'http:',
|
|
hostname: 'localhost',
|
|
port: fastify.server.address().port,
|
|
path: '/',
|
|
headers: form.getHeaders(),
|
|
method: 'POST'
|
|
}
|
|
|
|
const req = http.request(opts, (res) => {
|
|
t.equal(res.statusCode, 500)
|
|
res.resume()
|
|
res.on('end', () => {
|
|
t.pass('res ended successfully')
|
|
})
|
|
})
|
|
form.append('__proto__', 'world')
|
|
|
|
form.pipe(req)
|
|
})
|
|
})
|