mirror of
https://github.com/nvm-sh/nvm.git
synced 2026-07-18 12:58:21 +08:00
[Fix] nvm_get_mirror: fix awk URL validation to actually reject invalid URLs
The awk expression `$0 ~ "regex"` as a bare statement in the action block evaluates the match but doesn't affect the exit code. awk always prints the line and exits 0, making the validation a no-op. Bug introduced in https://github.com/nvm-sh/nvm/commit/b1fa143dd8cbebd9847972c08fb383646ca00642.
This commit is contained in:
@@ -2247,7 +2247,7 @@ nvm_get_mirror() {
|
||||
esac
|
||||
|
||||
|
||||
if ! nvm_echo "${NVM_MIRROR}" | command awk '{ $0 ~ "^https?://[a-zA-Z0-9./_-]+$" }'; then
|
||||
if ! nvm_echo "${NVM_MIRROR}" | command awk '{ if ($0 !~ /^https?:\/\/[a-zA-Z0-9.\/_-]+$/) exit 1 }'; then
|
||||
nvm_err '$NVM_NODEJS_ORG_MIRROR and $NVM_IOJS_ORG_MIRROR may only contain a URL'
|
||||
return 2
|
||||
fi
|
||||
|
||||
@@ -46,3 +46,9 @@ testMirrors '`do something bad`'
|
||||
testMirrors 'https://nodejs.org/dist; xdg-open http://www.google.com;'
|
||||
testMirrors 'https://nodejs.org/dist&&xdg-open http://www.google.com;'
|
||||
testMirrors 'https://nodejs.org/dist|xdg-open http://www.google.com;'
|
||||
|
||||
# Test that awk URL validation rejects non-URL values
|
||||
testMirrors 'not a url'
|
||||
testMirrors 'ftp://wrong-scheme'
|
||||
testMirrors 'http://'
|
||||
testMirrors 'javascript:alert(1)'
|
||||
|
||||
Reference in New Issue
Block a user