1const normalize = require('../') 2const t = require('tap') 3 4t.test('benign string', async t => { 5 const pkg = { name: 'hello', version: 'world', bin: 'hello.js' } 6 const expect = { name: 'hello', version: 'world', bin: { hello: 'hello.js' } } 7 t.strictSame(normalize(pkg), expect) 8 t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') 9}) 10 11t.test('slashy string', async t => { 12 const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd' } 13 const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } } 14 t.strictSame(normalize(pkg), expect) 15 t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') 16}) 17 18t.test('dotty string', async t => { 19 const pkg = { name: 'hello', version: 'world', bin: '../../../../etc/passwd' } 20 const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd' } } 21 t.strictSame(normalize(pkg), expect) 22 t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') 23}) 24 25t.test('double path', async t => { 26 const pkg = { name: 'hello', version: 'world', bin: '/etc/passwd:/bin/usr/exec' } 27 const expect = { name: 'hello', version: 'world', bin: { hello: 'etc/passwd:/bin/usr/exec' } } 28 t.strictSame(normalize(pkg), expect) 29 t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') 30}) 31 32t.test('string with no name', async t => { 33 const pkg = { bin: 'foobar.js' } 34 const expect = {} 35 t.strictSame(normalize(pkg), expect) 36 t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok') 37}) 38