Skip to content

Commit

Permalink
Securely create temporary directories and files using `fsPromises.mkd…
Browse files Browse the repository at this point in the history 
…temp()` (#191)

* Use `fsPromises.mkdtemp()`

* fix: formatting

* fix: `mkdtemp` is asynchronous

* fix: various trivial fixes

* fix: style (statement terminator)

* fix: tests: symlink `preview2-shim` into tmp dir

CLI tests: Symlink `preview2-shim` into temporary directory so that scripts
output by `jco transpile` can import `preview2-shim`.
--------------------------------------------------------------------------------
  • Loading branch information
@BrianJDrake
BrianJDrake committed Oct 16, 2023
1 parent 5b5e310 commit 4c6b129
Show file tree
Hide file tree
Showing 4 changed files with 195 additions and 205 deletions.
9 changes: 2 additions & 7 deletions src/cmd/run.js
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,15 @@
import { getTmpDir } from '../common.js';
import { transpile } from './transpile.js';
import { tmpdir } from 'node:os';
import { rm, stat, mkdir, writeFile, symlink, chmod } from 'node:fs/promises';
import { basename, resolve, extname } from 'node:path';
import { spawn } from 'node:child_process';
import { argv0, exit } from 'node:process';
import { fileURLToPath } from 'node:url';
import * as crypto from 'node:crypto';
import c from 'chalk-template';

function getTmpDir (name) {
return resolve(tmpdir(), crypto.createHash('sha256').update(name).update(Math.random().toString()).digest('hex'));
}

export async function run (componentPath, args) {
const name = basename(componentPath.slice(0, -extname(componentPath).length || Infinity));
const outDir = resolve(getTmpDir(name));
const outDir = await getTmpDir();
let cp;
try {
try {
Expand Down
55 changes: 29 additions & 26 deletions src/common.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import crypto from 'node:crypto';
import { resolve } from 'node:path';
import { normalize, resolve, sep } from 'node:path';
import { tmpdir } from 'node:os';
import { readFile, writeFile, unlink } from 'node:fs/promises';
import { readFile, writeFile, rm, mkdtemp } from 'node:fs/promises';
import { spawn } from 'node:child_process';
import { argv0 } from 'node:process';
import c from 'chalk-template';
Expand Down Expand Up @@ -56,8 +55,13 @@ export function table (data, align = []) {
return outTable;
}

export function getTmpFile (source, ext) {
return resolve(tmpdir(), crypto.createHash('sha256').update(source).update(Math.random().toString()).digest('hex') + ext);
/**
* Securely creates a temporary directory and returns its path.
*
* The new directory is created using `fsPromises.mkdtemp()`.
*/
export async function getTmpDir () {
return await mkdtemp(normalize(tmpdir() + sep));
}

async function readFileCli (file, encoding) {
Expand All @@ -71,34 +75,33 @@ async function readFileCli (file, encoding) {
export { readFileCli as readFile }

export async function spawnIOTmp (cmd, input, args) {
const inFile = getTmpFile(input, '.wasm');
let outFile = getTmpFile(inFile, '.wasm');
const tmpDir = await getTmpDir();
try {
const inFile = resolve(tmpDir, 'in.wasm');
let outFile = resolve(tmpDir, 'out.wasm');

await writeFile(inFile, input);
await writeFile(inFile, input);

const cp = spawn(argv0, [cmd, inFile, ...args, outFile], { stdio: 'pipe' });
const cp = spawn(argv0, [cmd, inFile, ...args, outFile], { stdio: 'pipe' });

let stderr = '';
const p = new Promise((resolve, reject) => {
cp.stderr.on('data', data => stderr += data.toString());
cp.on('error', e => {
reject(e);
});
cp.on('exit', code => {
if (code === 0)
resolve();
else
reject(stderr);
let stderr = '';
const p = new Promise((resolve, reject) => {
cp.stderr.on('data', data => stderr += data.toString());
cp.on('error', e => {
reject(e);
});
cp.on('exit', code => {
if (code === 0)
resolve();
else
reject(stderr);
});
});
});

try {
await p;
var output = await readFile(outFile);
await Promise.all([unlink(inFile), unlink(outFile)]);
return output;
} catch (e) {
await unlink(inFile);
throw e;
} finally {
await rm(tmpDir, { recursive: true });
}
}
Loading

0 comments on commit 4c6b129

Please sign in to comment.