Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

replace unsafe new Buffer() by Buffer.alloc() when decode and encode #106

Closed
wants to merge 4 commits into from
Closed

replace unsafe new Buffer() by Buffer.alloc() when decode and encode #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5ff11fb
session is sensitive data. new Buffer() was deprecated and unsafe. Bu…
sodawy Jan 6, 2018
a60955a
add test: when session contains multibyte character should still work
sodawy Jan 6, 2018
a228f9b
update decode comment
sodawy Jan 6, 2018
7627347
https://github.com/visionmedia/debug/pull/504
sodawy Jan 6, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/context.js
View file
Open in desktop
Expand Up @@ -113,7 +113,7 @@ class ContextSession {
} catch (err) {
// backwards compatibility:
// create a new session if parsing fails.
// new Buffer(string, 'base64') does not seem to crash
// Buffer.alloc(size, string, 'base64') does not seem to crash
// when `string` is not base64-encoded.
// but `JSON.parse(string)` will crash.
debug('decode %j error: %s', cookie, err);
Expand Down
2 changes: 1 addition & 1 deletion lib/session.js
View file
Open in desktop
Expand Up @@ -55,7 +55,7 @@ class Session {
}

/**
* Return how many values there are in the session object.
* Return how many keys there are in the session object.
* Used to see if it's "populated".
*
* @return {Number}
Expand Down
4 changes: 2 additions & 2 deletions lib/util.js
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@ module.exports = {
*/

decode(string) {
const body = new Buffer(string, 'base64').toString('utf8');
const body = Buffer.alloc(Buffer.byteLength(string, 'base64'), string, 'base64').toString('utf8');
const json = JSON.parse(body);
return json;
},
Expand All @@ -28,7 +28,7 @@ module.exports = {

encode(body) {
body = JSON.stringify(body);
return new Buffer(body).toString('base64');
return Buffer.alloc(Buffer.byteLength(body), body).toString('base64');
},

hash(sess) {
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Expand Up @@ -26,7 +26,7 @@
"license": "MIT",
"dependencies": {
"crc": "^3.4.4",
"debug": "^2.2.0",
"debug": "^2.6.9",
"is-type-of": "^1.0.0",
"uid-safe": "^2.1.3"
},
Expand Down
31 changes: 30 additions & 1 deletion test/cookie.test.js
View file
Open in desktop
Expand Up @@ -348,7 +348,7 @@ describe('Koa Session Cookie', () => {
});

describe('.length', () => {
it('should return session length', done => {
it('should return session`s keys length', done => {
const app = App();

app.use(async function(ctx) {
Expand Down Expand Up @@ -464,6 +464,35 @@ describe('Koa Session Cookie', () => {
.expect(500, done);
});
});

describe('contains multibyte character', () => {
it('should still work', done => {
const app = App();
const MULTIBYTE_CHAR = '€';

app.use(async function(ctx) {
if (ctx.method === 'POST') {
ctx.session.string = MULTIBYTE_CHAR;
ctx.status = 204;
} else {
ctx.body = ctx.session.string;
}
});

const server = app.listen();

request(server)
.post('/')
.expect(204, (err, res) => {
if (err) return done(err);
const cookie = res.headers['set-cookie'];
request(server)
.get('/')
.set('Cookie', cookie.join(';'))
.expect(MULTIBYTE_CHAR, done);
});
});
});
});

describe('when an error is thrown downstream and caught upstream', () => {
Expand Down