[Fix] use command to bypass curl/wget shell functions and aliases

zsh (and interactive bash with `expand_aliases`) bakes a preexisting `curl` alias into nvm's function bodies at source time,
and shell functions named `curl`/`wget` shadow the binaries at call time - either one breaks downloads.
Prefixing invocations with `command` bypasses both: here, `nvm_download`'s dispatch, `nvm_curl_version`, `nvm_curl_libz_support`, and the wget branch of `nvm_get_latest`;
the remaining bare `curl` invocations in `nvm_get_latest` and the install script are prefixed in a followup commit.

The tests that previously mocked curl/wget as shell functions now install fake executables on PATH instead,
via a shared `make_fake_curl` helper in `test/common.sh`,
and a new test asserts the bypass.

Refs #2923
This commit is contained in:
Jordan Harband
2026-07-08 13:02:41 -07:00
parent cb0e0ba8ed
commit 04fef13bdc
9 changed files with 172 additions and 68 deletions
+30 -26
View File
@@ -2,37 +2,45 @@
die () { echo "$@" ; cleanup ; exit 1; }
WORK="$PWD/nvm_get_latest-work.$$"
TEST_BIN="$WORK/bin"
cleanup() {
unset -f curl wget nvm_has
rm -rf "$WORK"
export PATH="$OLDPATH"
}
\. ../../../nvm.sh
\. ../../common.sh
OLDPATH="$PATH"
EXPECTED_VERSION="v12.3.456"
URL="https://github.com/nvm-sh/nvm/releases/tag/$EXPECTED_VERSION"
EXPECTED_CURL_ARGS="--compressed -q -w %{url_effective}\n -L -s -S https://latest.nvm.sh -o /dev/null"
EXPECTED_WGET_ARGS="-q https://latest.nvm.sh --server-response -O /dev/null"
export URL EXPECTED_CURL_ARGS EXPECTED_WGET_ARGS
curl() {
if [ $# -eq 1 ] && [ "$1" = "-V" ]; then
echo "
VERSION_MESSAGE="
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets"
elif [ "_$*" != "_$EXPECTED_CURL_ARGS" ]; then
echo >&2 "expected args ($EXPECTED_CURL_ARGS), got ($*)"
return 1
else
echo $URL
fi
}
wget() {
if [ "_$*" != "_$EXPECTED_WGET_ARGS" ]; then
echo >&2 "expected args ($EXPECTED_WGET_ARGS), got ($*)"
return 1
else
local WGET_CONTENTS
WGET_CONTENTS="
# fake curl/wget: `command curl` bypasses shell functions, so the mocks must be executables on PATH
make_fake_curl "$TEST_BIN" 'if [ "_$*" != "_$EXPECTED_CURL_ARGS" ]; then
echo >&2 "expected args ($EXPECTED_CURL_ARGS), got ($*)"
exit 1
fi
echo "$URL"'
cat > "$TEST_BIN/wget" <<'OUTER'
#!/bin/sh
if [ "_$*" != "_$EXPECTED_WGET_ARGS" ]; then
echo >&2 "expected args ($EXPECTED_WGET_ARGS), got ($*)"
exit 1
fi
cat >&2 <<CONTENTS
HTTP/1.1 301 Moved Permanently
Location: https://github.com/nvm-sh/nvm/releases/latest
Content-Type: text/html; charset=utf-8
@@ -82,15 +90,11 @@ wget() {
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
X-Served-By: 926b734ea1992f8ee1f88ab967a93dac
"
"$WGET_CONTENTS" | while read line
do
>&2 echo "$line"
done
fi
}
CONTENTS
OUTER
chmod +x "$TEST_BIN/wget"
\. ../../common.sh
export PATH="$TEST_BIN:$OLDPATH"
try nvm_get_latest
[ "_$CAPTURED_STDOUT" = "_$EXPECTED_VERSION" ] \
@@ -2,20 +2,26 @@
die () { echo "$@" ; cleanup ; exit 1; }
WORK="$PWD/nvm_get_latest_failed_redirect-work.$$"
TEST_BIN="$WORK/bin"
cleanup() {
unset -f curl wget
rm -rf "$WORK"
export PATH="$OLDPATH"
}
\. ../../../nvm.sh
\. ../../common.sh
curl() {
return 1
}
wget() {
return 1
}
OLDPATH="$PATH"
# fake curl/wget: `command curl` bypasses shell functions, so the mocks must be executables on PATH
make_fake_curl "$TEST_BIN" 'exit 1'
printf '#!/bin/sh\nexit 1\n' > "$TEST_BIN/wget"
chmod +x "$TEST_BIN/wget"
export PATH="$TEST_BIN:$OLDPATH"
try_err nvm_get_latest
[ "_$CAPTURED_STDERR" = "_https://latest.nvm.sh did not redirect to the latest release on GitHub" ] \