Skip to content

Commit

Permalink
sanitzie XML characters
Browse files Browse the repository at this point in the history
  • Loading branch information
Bryan Clark committed Dec 10, 2019
1 parent 9d56a3b commit 551e2a2
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 6 deletions.
18 changes: 18 additions & 0 deletions __tests__/auth.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,4 +82,22 @@ describe('auth tests', () => {
expect(fs.existsSync(m2Dir)).toBe(false);
expect(fs.existsSync(settingsFile)).toBe(false);
}, 100000);

it('escapes invalid XML inputs', () => {
const id = 'packages';
const username = 'bluebottle';
const password = '&<>"\'\'"><&';

expect(auth.generate(id, username, password)).toEqual(`
<settings>
<servers>
<server>
<id>${id}</id>
<username>${username}</username>
<password>&amp;&lt;&gt;&quot;&apos;&apos;&quot;&gt;&lt;&amp;</password>
</server>
</servers>
</settings>
`);
});
});
14 changes: 11 additions & 3 deletions dist/index.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 12 additions & 3 deletions src/auth.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,24 @@ export async function configAuthentication(
}
}

function escapeXML(value: string) {
return value
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&apos;');
}

// only exported for testing purposes
export function generate(id: string, username: string, password: string) {
return `
<settings>
<servers>
<server>
<id>${id}</id>
<username>${username}</username>
<password>${password}</password>
<id>${escapeXML(id)}</id>
<username>${escapeXML(username)}</username>
<password>${escapeXML(password)}</password>
</server>
</servers>
</settings>
Expand Down

0 comments on commit 551e2a2

Please sign in to comment.