eeymoo/nvm
1
0
Fork 0
mirror of https://github.com/nvm-sh/nvm.git synced 2026-04-04 03:54:51 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[Fix] nvm_get_mirror: fix awk URL validation to actually reject invalid URLs

Browse Source 
The awk expression `$0 ~ "regex"` as a bare statement in the action block evaluates the match but doesn't affect the exit code.
awk always prints the line and exits 0, making the validation a no-op.

Bug introduced in b1fa143dd8.
This commit is contained in:
Jordan Harband
2026-03-14 09:40:43 -07:00
parent a937cb595e
commit 3c48015986
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nvm.sh
View File

@@ -2247,7 +2247,7 @@ nvm_get_mirror() {
esac
if ! nvm_echo "${NVM_MIRROR}" | command awk '{ $0 ~ "^https?://[a-zA-Z0-9./_-]+$" }'; then
if ! nvm_echo "${NVM_MIRROR}" | command awk '{ if ($0 !~ /^https?:\/\/[a-zA-Z0-9.\/_-]+$/) exit 1 }'; then
nvm_err '$NVM_NODEJS_ORG_MIRROR and $NVM_IOJS_ORG_MIRROR may only contain a URL'
return 2
fi

6
test/fast/Unit tests/nvm_get_mirror
View File

@@ -46,3 +46,9 @@ testMirrors '`do something bad`'
testMirrors 'https://nodejs.org/dist; xdg-open http://www.google.com;'
testMirrors 'https://nodejs.org/dist&&xdg-open http://www.google.com;'
testMirrors 'https://nodejs.org/dist|xdg-open http://www.google.com;'
# Test that awk URL validation rejects non-URL values
testMirrors 'not a url'
testMirrors 'ftp://wrong-scheme'
testMirrors 'http://'
testMirrors 'javascript:alert(1)'