Skip to content

Commit 7aa708e

Browse files
nodkznodkz
committed
fix: more strict checks for downloaded file
1 parent a41a15d commit 7aa708e

File tree

1 file changed

+30
-3
lines changed

1 file changed

+30
-3
lines changed

src/util/MongoBinaryDownload.js

Lines changed: 30 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ export type MongoBinaryDownloadOpts = {
2424
export default class MongoBinaryDownload {
2525
debug: DebugFn;
2626
dlProgress: DownloadProgressT;
27+
_downloadingUrl: ?string;
2728

2829
checkMD5: boolean;
2930
downloadDir: string;
@@ -98,6 +99,7 @@ export default class MongoBinaryDownload {
9899
}
99100

100101
const downloadUrl = await mbdUrl.getDownloadUrl();
102+
this._downloadingUrl = downloadUrl;
101103
const mongoDBArchive = await this.download(downloadUrl);
102104

103105
await this.makeMD5check(`${downloadUrl}.md5`, mongoDBArchive);
@@ -133,9 +135,13 @@ export default class MongoBinaryDownload {
133135

134136
const urlObject = url.parse(downloadUrl);
135137

138+
if (!urlObject.hostname || !urlObject.path) {
139+
throw new Error(`Provided incorrect download url: ${downloadUrl}`);
140+
}
141+
136142
const downloadOptions = {
137143
hostname: urlObject.hostname,
138-
port: urlObject.port || 443,
144+
port: urlObject.port || '443',
139145
path: urlObject.path,
140146
method: 'GET',
141147
agent: proxy ? new HttpsProxyAgent(proxy) : undefined,
@@ -186,13 +192,22 @@ export default class MongoBinaryDownload {
186192
});
187193

188194
if (!this.locationExists(path.resolve(this.downloadDir, this.version, binaryName))) {
189-
throw new Error(`MongoBinaryDownload: missing mongod binary in ${mongoDBArchive}`);
195+
throw new Error(
196+
`MongoBinaryDownload: missing mongod binary in ${mongoDBArchive} (downloaded from ${this
197+
._downloadingUrl || ''}). Broken package in MongoDB distro?`
198+
);
190199
}
191200
return extractDir;
192201
}
193202

194203
async httpDownload(
195-
httpOptions: any,
204+
httpOptions: {
205+
hostname: string,
206+
port: string,
207+
path: string,
208+
method: 'GET' | 'POST',
209+
agent: any,
210+
},
196211
downloadLocation: string,
197212
tempDownloadLocation: string
198213
): Promise<string> {
@@ -207,6 +222,18 @@ export default class MongoBinaryDownload {
207222
response.pipe(fileStream);
208223

209224
fileStream.on('finish', () => {
225+
if (this.dlProgress.current < 1000000) {
226+
const downloadUrl =
227+
this._downloadingUrl || `https://${httpOptions.hostname}/${httpOptions.path}`;
228+
reject(
229+
new Error(
230+
`Too small (${
231+
this.dlProgress.current
232+
} bytes) mongod binary downloaded from ${downloadUrl}`
233+
)
234+
);
235+
return;
236+
}
210237
fileStream.close();
211238
fs.renameSync(tempDownloadLocation, downloadLocation);
212239
this.debug(`renamed ${tempDownloadLocation} to ${downloadLocation}`);

0 commit comments

Comments
 (0)