From ee3b26357c9c94d7a5647cae49ef2cd863f91bef Mon Sep 17 00:00:00 2001 From: ankur22 Date: Wed, 13 Mar 2024 19:56:19 +0000 Subject: [PATCH] Remove the setInputFiles os.read support We do not want k6 to be able to read anything off of a filesystem that it shouldn't be reading. The support for reading the file directly from the local filesystem in setInputFiles has been removed. --- common/element_handle.go | 24 --------- common/element_handle_options.go | 7 +-- tests/setinputfiles_test.go | 90 -------------------------------- 3 files changed, 1 insertion(+), 120 deletions(-) diff --git a/common/element_handle.go b/common/element_handle.go index f9d57545f..b8a6c276d 100644 --- a/common/element_handle.go +++ b/common/element_handle.go @@ -2,13 +2,9 @@ package common import ( "context" - "encoding/base64" "errors" "fmt" "math" - "mime" - "os" - "path/filepath" "reflect" "strings" "time" @@ -1273,22 +1269,6 @@ func (h *ElementHandle) SetInputFiles(files goja.Value, opts goja.Value) error { return nil } -func (h *ElementHandle) resolveFiles(payload []*File) error { - for _, file := range payload { - if strings.TrimSpace(file.Path) != "" { - buffer, err := os.ReadFile(file.Path) - if err != nil { - return fmt.Errorf("reading file: %w", err) - } - file.Buffer = base64.StdEncoding.EncodeToString(buffer) - file.Name = filepath.Base(file.Path) - file.Mimetype = mime.TypeByExtension(filepath.Ext(file.Path)) - } - } - - return nil -} - func (h *ElementHandle) setInputFiles(apiCtx context.Context, payload []*File) error { fn := ` (node, injected, payload) => { @@ -1299,10 +1279,6 @@ func (h *ElementHandle) setInputFiles(apiCtx context.Context, payload []*File) e forceCallable: true, returnByValue: true, } - err := h.resolveFiles(payload) - if err != nil { - return err - } result, err := h.evalWithScript(apiCtx, evalOpts, fn, payload) if err != nil { return err diff --git a/common/element_handle_options.go b/common/element_handle_options.go index 1b57208c6..7ab0be919 100644 --- a/common/element_handle_options.go +++ b/common/element_handle_options.go @@ -78,7 +78,6 @@ type ElementHandleHoverOptions struct { // File is the descriptor of a single file. type File struct { - Path string `json:"-"` Name string `json:"name"` Mimetype string `json:"mimeType"` Buffer string `json:"buffer"` @@ -204,7 +203,7 @@ func NewElementHandleSetInputFilesOptions(defaultTimeout time.Duration) *Element } } -// addFile to the struct. Input value can be a path, or a file descriptor object. +// addFile to the struct. Input value can only be a file descriptor object. func (f *Files) addFile(ctx context.Context, file goja.Value) error { if !gojaValueExists(file) { return nil @@ -218,10 +217,6 @@ func (f *Files) addFile(ctx context.Context, file goja.Value) error { return fmt.Errorf("parsing file descriptor: %w", err) } f.Payload = append(f.Payload, &parsedFile) - case reflect.String: // file path - if v, ok := file.Export().(string); ok { - f.Payload = append(f.Payload, &File{Path: v}) - } default: return fmt.Errorf("invalid parameter type : %s", fileType.Kind().String()) } diff --git a/tests/setinputfiles_test.go b/tests/setinputfiles_test.go index 24fa3bde6..8e309b0a1 100644 --- a/tests/setinputfiles_test.go +++ b/tests/setinputfiles_test.go @@ -1,8 +1,6 @@ package tests import ( - "os" - "path/filepath" "testing" "github.com/dop251/goja" @@ -92,76 +90,6 @@ func TestSetInputFiles(t *testing.T) { assert.Equal(t, "text/xml", getFilePropFn(1, propType)) }, }, - { - name: "set_one_file_with_path", - setup: func(tb *testBrowser) (goja.Value, func()) { - tempFile, err := os.CreateTemp("", "*.json") - assert.NoError(t, err) - n, err := tempFile.Write([]byte("0123456789")) - assert.Equal(t, 10, n) - assert.NoError(t, err) - cleanupFunc := func() { - err := os.Remove(tempFile.Name()) - assert.NoError(t, err) - } - return tb.toGojaValue(tempFile.Name()), cleanupFunc - }, - tests: []testFn{defaultTestPage, defaultTestElementHandle}, - check: func(t *testing.T, getFileCountFn func() interface{}, getFilePropFn indexedFn, err error) { - t.Helper() - assert.NoError(t, err) - // check if input has 1 file - assert.Equal(t, float64(1), getFileCountFn()) - // check added file is correct - filename, ok := getFilePropFn(0, propName).(string) - assert.True(t, ok) - assert.Equal(t, ".json", filepath.Ext(filename)) - assert.Equal(t, float64(10), getFilePropFn(0, propSize)) - assert.Equal(t, "application/json", getFilePropFn(0, propType)) - }, - }, - { - name: "set_two_files_with_path", - setup: func(tb *testBrowser) (goja.Value, func()) { - tempFile1, err := os.CreateTemp("", "*.json") - assert.NoError(t, err) - n, err := tempFile1.Write([]byte("0123456789")) - assert.Equal(t, 10, n) - assert.NoError(t, err) - - tempFile2, err := os.CreateTemp("", "*.xml") - assert.NoError(t, err) - n, err = tempFile2.Write([]byte("012345678901234")) - assert.Equal(t, 15, n) - assert.NoError(t, err) - cleanupFunc := func() { - err := os.Remove(tempFile1.Name()) - assert.NoError(t, err) - err = os.Remove(tempFile2.Name()) - assert.NoError(t, err) - } - - return tb.toGojaValue([]string{tempFile1.Name(), tempFile2.Name()}), cleanupFunc - }, - tests: []testFn{defaultTestPage, defaultTestElementHandle}, - check: func(t *testing.T, getFileCountFn func() interface{}, getFilePropFn indexedFn, err error) { - t.Helper() - assert.NoError(t, err) - // check if input has 2 files - assert.Equal(t, float64(2), getFileCountFn()) - // check added files are correct - filename1, ok := getFilePropFn(0, propName).(string) - assert.True(t, ok) - assert.Equal(t, ".json", filepath.Ext(filename1)) - assert.Equal(t, float64(10), getFilePropFn(0, propSize)) - assert.Equal(t, "application/json", getFilePropFn(0, propType)) - filename2, ok := getFilePropFn(1, propName).(string) - assert.True(t, ok) - assert.Equal(t, ".xml", filepath.Ext(filename2)) - assert.Equal(t, float64(15), getFilePropFn(1, propSize)) - assert.Equal(t, "text/xml; charset=utf-8", getFilePropFn(1, propType)) - }, - }, { name: "set_nil", setup: func(tb *testBrowser) (goja.Value, func()) { @@ -188,24 +116,6 @@ func TestSetInputFiles(t *testing.T) { assert.Equal(t, float64(0), getFileCountFn()) }, }, - { - name: "set_file_not_exists", - setup: func(tb *testBrowser) (goja.Value, func()) { - tempFile, err := os.CreateTemp("", "*.json") - assert.NoError(t, err) - err = os.Remove(tempFile.Name()) - assert.NoError(t, err) - return tb.toGojaValue(tempFile.Name()), nil - }, - tests: []testFn{defaultTestPage, defaultTestElementHandle}, - check: func(t *testing.T, getFileCountFn func() interface{}, getFilePropFn indexedFn, err error) { - t.Helper() - assert.ErrorContains(t, err, "reading file:") - assert.ErrorContains(t, err, "setting input files") - // check if input has 0 file - assert.Equal(t, float64(0), getFileCountFn()) - }, - }, { name: "test_injected_script_notinput", setup: func(tb *testBrowser) (goja.Value, func()) {