var browserify = require('../'); var vm = require('vm'); var test = require('tap').test; var path = require('path'); var through = require('through2'); var os = require('os'); var tmpdir = (os.tmpdir || os.tmpDir)(); var dir = path.join( tmpdir, 'browserify-test-' + Math.random(), 'aaabbbzzz' ); var dirstring = dir.split(path.sep).slice(-2).join(path.sep); test('leaking information about system paths (process)', function (t) { t.plan(4); var b = browserify({ basedir: dir }); var stream = through(); stream.push('process.nextTick(function () {' + 't.ok(true)' + '})' ); stream.push(null); b.add(stream); b.bundle(function (err, buf) { var src = buf.toString('utf8'); t.equal(src.indexOf(dirstring), -1, 'temp directory visible'); t.equal(src.indexOf(process.cwd()), -1, 'cwd directory visible'); t.equal(src.indexOf('/home'), -1, 'home directory visible'); vm.runInNewContext(src, { t: t, setTimeout: setTimeout, clearTimeout: clearTimeout }); }); }); test('leaking information about system paths (Buffer)', function (t) { t.plan(4); var b = browserify({ basedir: dir }); var stream = through(); stream.push('t.equal(Buffer("eHl6", "base64").toString(), "xyz")'); stream.push(null); b.add(stream); b.bundle(function (err, buf) { var src = buf.toString('utf8'); t.equal(src.indexOf(dirstring), -1, 'temp directory visible'); t.equal(src.indexOf(process.cwd()), -1, 'cwd directory visible'); t.equal(src.indexOf('/home'), -1, 'home directory visible'); vm.runInNewContext(src, { t: t, setTimeout: setTimeout }); }); });
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#1 | 19553 | swellard | Move and rename clients | ||
//guest/perforce_software/helix-web-services/main/source/clients/2016.1.0/javascript/node_modules/browserify/test/leak.js | |||||
#1 | 18810 | tjuricek |
First-pass at JavaScript client SDK. JavaScript requires Node with Gulp to "browserfy" the library. It's the easiest way I found to use the swagger-js project; bundle up a wrapping method. There is no JavaScript reference guide. The swagger-js doesn't really document what they do very well, actually. Overall I'm not particularly impressed by swagger-js, it was hard to even figure out what the right method syntax was. We may want to invest time in doing it better. This required setting CORS response headers, which are currently defaulted to a fairly insecure setting. |