1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nodejs/test/parallel/test-url-parse-invalid-input.js
James M Snell 3aaa2ebe19 url: move bad port deprecation in legacy url to end-of-life 
Calling `url.parse()` with a URL that has a bad port
will now throw an error instead of emitting a deprecation
warning. It's been deprecated for ~ 3 years now.

PR-URL: https://github.com/nodejs/node/pull/58617
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2025-06-09 10:16:41 -07:00

103 lines
3.0 KiB
JavaScript
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

'use strict';
const common = require('../common');
const assert = require('assert');
const url = require('url');
// https://github.com/joyent/node/issues/568
[
[undefined, 'undefined'],
[null, 'object'],
[true, 'boolean'],
[false, 'boolean'],
[0.0, 'number'],
[0, 'number'],
[[], 'object'],
[{}, 'object'],
[() => {}, 'function'],
[Symbol('foo'), 'symbol'],
].forEach(([val, type]) => {
assert.throws(() => {
url.parse(val);
}, {
code: 'ERR_INVALID_ARG_TYPE',
name: 'TypeError',
message: 'The "url" argument must be of type string.' +
common.invalidArgTypeHelper(val)
});
});
assert.throws(() => { url.parse('http://%E0%A4%A@fail'); },
(e) => {
// The error should be a URIError.
if (!(e instanceof URIError))
return false;
// The error should be from the JS engine and not from Node.js.
// JS engine errors do not have the `code` property.
return e.code === undefined;
});
assert.throws(() => { url.parse('http://[127.0.0.1\x00c8763]:8000/'); },
{ code: 'ERR_INVALID_URL', input: 'http://[127.0.0.1\x00c8763]:8000/' }
);
if (common.hasIntl) {
// An array of Unicode code points whose Unicode NFKD contains a "bad
// character".
const badIDNA = (() => {
const BAD_CHARS = '#%/:?@[\\]^|';
const out = [];
for (let i = 0x80; i < 0x110000; i++) {
const cp = String.fromCodePoint(i);
for (const badChar of BAD_CHARS) {
if (cp.normalize('NFKD').includes(badChar)) {
out.push(cp);
}
}
}
return out;
})();
// The generation logic above should at a minimum produce these two
// characters.
assert(badIDNA.includes('℀'));
assert(badIDNA.includes(''));
for (const badCodePoint of badIDNA) {
const badURL = `http://fail${badCodePoint}fail.com/`;
assert.throws(() => { url.parse(badURL); },
(e) => e.code === 'ERR_INVALID_URL',
`parsing ${badURL}`);
}
assert.throws(() => { url.parse('http://\u00AD/bad.com/'); },
(e) => e.code === 'ERR_INVALID_URL',
'parsing http://\u00AD/bad.com/');
}
{
const badURLs = [
'https://evil.com:.example.com',
'git+ssh://git@github.com:npm/npm',
];
badURLs.forEach((badURL) => {
common.spawnPromisified(process.execPath, ['-e', `url.parse(${JSON.stringify(badURL)})`])
.then(common.mustCall(({ code, stdout, stderr }) => {
assert.strictEqual(code, 1);
}));
});
// Warning should only happen once per process.
common.expectWarning({
DeprecationWarning: {
// eslint-disable-next-line @stylistic/js/max-len
DEP0169: '`url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.',
},
});
badURLs.forEach((badURL) => {
assert.throws(() => url.parse(badURL), {
code: 'ERR_INVALID_ARG_VALUE',
});
});
}
Reference in New Issue View Git Blame Copy Permalink