From ee006607495eca4ec7262ad080dd3a91439a5ba4 Mon Sep 17 00:00:00 2001 From: Arnau Fugarolas Barbena <99197468+arnaufugarolas@users.noreply.github.com> Date: Mon, 22 Jul 2024 11:05:42 +0200 Subject: [PATCH 1/2] fix: check the format of the event name (#125) A packet like '2[{"toString":"foo"}]' was decoded as: { type: EVENT, data: [ { "toString": "foo" } ] } Which would then throw an error when passed to the EventEmitter class: > TypeError: Cannot convert object to primitive value > at Socket.emit (node:events:507:25) > at .../node_modules/socket.io/lib/socket.js:531:14 Backported from https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3 --- index.js | 25 ++++++++++++++++++++++--- test/arraybuffer.js | 2 +- test/parser.js | 22 +++++++++++++++------- 3 files changed, 38 insertions(+), 11 deletions(-) diff --git a/index.js b/index.js index 245a800..4690055 100644 --- a/index.js +++ b/index.js @@ -268,6 +268,26 @@ Decoder.prototype.add = function(obj) { } }; +function isPayloadValid(type, payload) { + switch (type) { + case 0: // CONNECT + return typeof payload === "object"; + case 1: // DISCONNECT + return payload === undefined; + case 4: // ERROR + return typeof payload === "string" || typeof payload === "object"; + case 2: // EVENT + case 5: // BINARY_EVENT + return ( + isArray(payload) && + (typeof payload[0] === "string" || typeof payload[0] === "number") + ); + case 3: // ACK + case 6: // BINARY_ACK + return isArray(payload); + } +} + /** * Decode a packet String (JSON data) * @@ -329,11 +349,10 @@ function decodeString(str) { // look up json data if (str.charAt(++i)) { var payload = tryParse(str.substr(i)); - var isPayloadValid = payload !== false && (p.type === exports.ERROR || isArray(payload)); - if (isPayloadValid) { + if (isPayloadValid(p.type, payload)) { p.data = payload; } else { - return error('invalid payload'); + throw new Error("invalid payload"); } } diff --git a/test/arraybuffer.js b/test/arraybuffer.js index c8295f1..f2948a5 100644 --- a/test/arraybuffer.js +++ b/test/arraybuffer.js @@ -50,7 +50,7 @@ describe('parser', function() { it('cleans itself up on close', function() { var packet = { type: parser.BINARY_EVENT, - data: [new ArrayBuffer(2), new ArrayBuffer(3)], + data: ["foo", new ArrayBuffer(2), new ArrayBuffer(3)], id: 0, nsp: '/' }; diff --git a/test/parser.js b/test/parser.js index 652aa7f..7d560bf 100644 --- a/test/parser.js +++ b/test/parser.js @@ -86,12 +86,20 @@ describe('parser', function(){ } }); - it('returns an error packet on parsing error', function(done){ - var decoder = new parser.Decoder(); - decoder.on('decoded', function(packet) { - expect(packet).to.eql({ type: 4, data: 'parser error: invalid payload' }); - done(); - }); - decoder.add('442["some","data"'); + it('returns an error packet on parsing error', function(){ + function isInvalidPayload (str) { + expect(function () { + new parser.Decoder().add(str) + }).to.throwException(/^invalid payload$/); + } + + isInvalidPayload('442["some","data"'); + isInvalidPayload('0/admin,"invalid"'); + isInvalidPayload("1/admin,{}"); + isInvalidPayload('2/admin,"invalid'); + isInvalidPayload("2/admin,{}"); + isInvalidPayload('2[{"toString":"foo"}]'); + isInvalidPayload('2[true,"foo"]'); + isInvalidPayload('2[null,"bar"]'); }); }); From 1e9ebc6b7fef7716176551f1725191e1362453a9 Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Mon, 22 Jul 2024 11:08:17 +0200 Subject: [PATCH 2/2] chore(release): 3.3.4 Diff: https://github.com/Automattic/socket.io-parser/compare/3.3.3...3.3.4 --- CHANGELOG.md | 9 +++++++++ package.json | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2edc51..b178ad3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [3.3.4](https://github.com/Automattic/socket.io-parser/compare/3.3.3...3.3.4) (2024-07-22) + + +### Bug Fixes + +* check the format of the event name ([#125](https://github.com/Automattic/socket.io-parser/issues/125)) ([ee00660](https://github.com/Automattic/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4)) + + + ## [3.3.3](https://github.com/Automattic/socket.io-parser/compare/3.3.2...3.3.3) (2022-11-09) diff --git a/package.json b/package.json index 9414417..31c83e8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "socket.io-parser", - "version": "3.3.3", + "version": "3.3.4", "description": "socket.io protocol parser", "repository": { "type": "git", pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy