diff --git a/.travis.yml b/.travis.yml
index d6cccc0..7d1d119 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,17 +1,15 @@
language: node_js
sudo: false
node_js:
- - '8'
- '10'
+ - '12'
+ - '14'
git:
depth: 1
matrix:
include:
- node_js: 10
env: BROWSERS=1
-cache:
- directories:
- - node_modules
env:
global:
- secure: >-
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4fe8f3a..54c82d5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
+## [3.4.2](https://github.com/socketio/socket.io-parser/compare/3.4.1...3.4.2) (2022-11-09)
+
+
+### Bug Fixes
+
+* check the format of the index of each attachment ([04d23ce](https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14))
+
+
+
## [3.4.1](https://github.com/socketio/socket.io-parser/compare/3.4.0...3.4.1) (2020-05-13)
diff --git a/binary.js b/binary.js
index 3e2347d..95a1450 100644
--- a/binary.js
+++ b/binary.js
@@ -70,8 +70,16 @@ exports.reconstructPacket = function(packet, buffers) {
function _reconstructPacket(data, buffers) {
if (!data) return data;
- if (data && data._placeholder) {
- return buffers[data.num]; // appropriate buffer (should be natural order anyway)
+ if (data && data._placeholder === true) {
+ var isIndexValid =
+ typeof data.num === "number" &&
+ data.num >= 0 &&
+ data.num < buffers.length;
+ if (isIndexValid) {
+ return buffers[data.num]; // appropriate buffer (should be natural order anyway)
+ } else {
+ throw new Error("illegal attachments");
+ }
} else if (isArray(data)) {
for (var i = 0; i < data.length; i++) {
data[i] = _reconstructPacket(data[i], buffers);
diff --git a/index.js b/index.js
index ff613cc..245a800 100644
--- a/index.js
+++ b/index.js
@@ -239,6 +239,9 @@ Emitter(Decoder.prototype);
Decoder.prototype.add = function(obj) {
var packet;
if (typeof obj === 'string') {
+ if (this.reconstructor) {
+ throw new Error("got plaintext data when reconstructing a packet");
+ }
packet = decodeString(obj);
if (exports.BINARY_EVENT === packet.type || exports.BINARY_ACK === packet.type) { // binary packet's json
this.reconstructor = new BinaryReconstructor(packet);
diff --git a/package.json b/package.json
index 59acfab..f82999a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "socket.io-parser",
- "version": "3.4.1",
+ "version": "3.4.2",
"description": "socket.io protocol parser",
"repository": {
"type": "git",
@@ -30,5 +30,8 @@
"scripts": {
"test": "make test"
},
- "license": "MIT"
+ "license": "MIT",
+ "engines": {
+ "node": ">=10.0.0"
+ }
}
diff --git a/test/buffer.js b/test/buffer.js
index 3aba898..f18e68a 100644
--- a/test/buffer.js
+++ b/test/buffer.js
@@ -1,8 +1,7 @@
var parser = require('../index.js');
var expect = require('expect.js');
var helpers = require('./helpers.js');
-var encode = parser.encode;
-var decode = parser.decode;
+var Decoder = parser.Decoder;
describe('parser', function() {
it('encodes a Buffer', function() {
@@ -14,6 +13,15 @@ describe('parser', function() {
});
});
+ it("encodes a nested Buffer", function() {
+ helpers.test_bin({
+ type: parser.BINARY_EVENT,
+ data: ["a", { b: ["c", Buffer.from("abc", "utf8")] }],
+ id: 23,
+ nsp: "/cool",
+ });
+ });
+
it('encodes a binary ack with Buffer', function() {
helpers.test_bin({
type: parser.BINARY_ACK,
@@ -22,4 +30,39 @@ describe('parser', function() {
nsp: '/back'
})
});
+
+ it("throws an error when adding an attachment with an invalid 'num' attribute (string)", function() {
+ var decoder = new Decoder();
+
+ expect(function() {
+ decoder.add('51-["hello",{"_placeholder":true,"num":"splice"}]');
+ decoder.add(Buffer.from("world"));
+ }).to.throwException(/^illegal attachments$/);
+ });
+
+ it("throws an error when adding an attachment with an invalid 'num' attribute (out-of-bound)", function() {
+ var decoder = new Decoder();
+
+ expect(function() {
+ decoder.add('51-["hello",{"_placeholder":true,"num":1}]');
+ decoder.add(Buffer.from("world"));
+ }).to.throwException(/^illegal attachments$/);
+ });
+
+ it("throws an error when adding an attachment without header", function() {
+ var decoder = new Decoder();
+
+ expect(function() {
+ decoder.add(Buffer.from("world"));
+ }).to.throwException(/^got binary data when not reconstructing a packet$/);
+ });
+
+ it("throws an error when decoding a binary event without attachments", function() {
+ var decoder = new Decoder();
+
+ expect(function() {
+ decoder.add('51-["hello",{"_placeholder":true,"num":0}]');
+ decoder.add('2["hello"]');
+ }).to.throwException(/^got plaintext data when reconstructing a packet$/);
+ });
});
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy