File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11'use strict' ;
22
3+ const assert = require ( 'assert' ) ;
34const fs = require ( 'fs' ) ;
45const path = require ( 'path' ) ;
56const debug = require ( 'debug' ) ( 'egg-core:plugin' ) ;
@@ -331,6 +332,10 @@ module.exports = {
331332 return plugin . path ;
332333 }
333334
335+ if ( plugin . package ) {
336+ assert ( isValidatePackageName ( plugin . package ) , `plugin ${ plugin . name } ${ plugin . package } ) ;
337+ }
338+
334339 const name = plugin . package || plugin . name ;
335340 const lookupDirs = new Set ( ) ;
336341
@@ -399,3 +404,11 @@ function depCompatible(plugin) {
399404 delete plugin . dep ;
400405 }
401406}
407+
408+ function isValidatePackageName ( name ) {
409+ // only check file path style
410+ if ( name . startsWith ( '.' ) ) return false ;
411+ if ( name . startsWith ( '/' ) ) return false ;
412+ if ( name . includes ( ':' ) ) return false ;
413+ return true ;
414+ }
Original file line number Diff line number Diff line change @@ -261,6 +261,29 @@ describe('test/load_plugin.test.js', function() {
261261 assert ( ! loader . allPlugins . h ) ;
262262 } ) ;
263263
264+ it ( 'should validate plugin.package' , function ( ) {
265+ assert . throws ( ( ) => {
266+ app = utils . createApp ( 'plugin' , { plugins : { foo : { package : '../' } , bar : { package : 'c:\\' } } } ) ;
267+ const loader = app . loader ;
268+ loader . loadPlugin ( ) ;
269+ loader . loadConfig ( ) ;
270+ } , / p l u g i n f o o i n v a l i d , u s e ' p a t h ' i n s t e a d o f p a c k a g e / ) ;
271+
272+ assert . throws ( ( ) => {
273+ app = utils . createApp ( 'plugin' , { plugins : { foo : { package : 'c:\\' } } } ) ;
274+ const loader = app . loader ;
275+ loader . loadPlugin ( ) ;
276+ loader . loadConfig ( ) ;
277+ } , / p l u g i n f o o i n v a l i d , u s e ' p a t h ' i n s t e a d o f p a c k a g e / ) ;
278+
279+ assert . throws ( ( ) => {
280+ app = utils . createApp ( 'plugin' , { plugins : { foo : { package : '/home' } } } ) ;
281+ const loader = app . loader ;
282+ loader . loadPlugin ( ) ;
283+ loader . loadConfig ( ) ;
284+ } , / p l u g i n f o o i n v a l i d , u s e ' p a t h ' i n s t e a d o f p a c k a g e / ) ;
285+ } ) ;
286+
264287 it ( 'should throw when plugin not exist' , function ( ) {
265288 assert . throws ( ( ) => {
266289 app = utils . createApp ( 'plugin-noexist' ) ;
You can’t perform that action at this time.
0 commit comments