test: tests for reader

Author: antfu

src/parser.js

@@ -15,6 +15,10 @@ try {
   var { defaultImportReader } = require("./reader");
 } catch (e) {}
 
+const defaultTrustedHosts = [
+  "https://raw.githubusercontent.com/LingDong-/wenyan-lang/master"
+];
+
 function wy2tokens(
   txt,
   assert = (msg, pos, b) => {
@@ -666,6 +670,8 @@ async function compile(arg1, arg2, arg3) {
     requestTimeout = 2000
   } = options;
 
+  trustedHosts.push(...defaultTrustedHosts);
+
   const requestOptions = {
     allowHttp,
     trustedHosts,

src/reader.js

@@ -1,5 +1,11 @@
+const axios = require("axios");
+
 function isHostTrusted(url, trustedHosts) {
-  // TODO:
+  for (const host of trustedHosts) {
+    // FIXME: it can be bypassed by relative path resolving,
+    // for examples: https://trusted.com/a/../../hijack.com/a/
+    if (url.startsWith(host)) return true;
+  }
   return false;
 }
 
@@ -24,8 +30,8 @@ async function defaultImportReader(
     const uri = dir + "/" + moduleName + ".wy";
     if (isHttpURL(uri)) {
       if (!allowHttp && !isHostTrusted(uri, trustedHosts)) {
-        throw new Error(
-          `URL request "${uri}" is blocked by default for security purpose.` +
+        throw new URIError(
+          `URL request "${uri}" is blocked by default for security purpose. ` +
             `You can turn it on by specify the "allowHttp" option.`
         );
       }
@@ -39,12 +45,12 @@ async function defaultImportReader(
       } catch (e) {}
     } else {
       try {
-        return await eval("require")("fs").promises.readFile(uri, "utf-8");
+        return await eval("require")("fs").readFileSync(uri, "utf-8");
       } catch (e) {}
     }
   }
 
-  throw new Error(
+  throw new ReferenceError(
     `Module "${moduleName}" is not found. Searched in ${importPaths}`
   );
 }

test/reader.test.js

@@ -0,0 +1,88 @@
+var { expect } = require("chai");
+const { defaultImportReader: reader } = require("../src/reader");
+
+const helloworldContent = "吾有一言。曰「「問天地好在。」」。書之。";
+
+describe("reader", () => {
+  describe("local", () => {
+    it("import local files", async () => {
+      const content = await reader("helloworld", "./examples");
+
+      expect(content).eq(helloworldContent);
+    });
+
+    it("search for files", async () => {
+      const content = await reader("helloworld", [
+        "./some/invalid/dir",
+        "./lib",
+        "./examples"
+      ]);
+
+      expect(content).eq(helloworldContent);
+    });
+
+    it("not found", async () => {
+      try {
+        await reader("not_exists", "./examples");
+      } catch (e) {
+        expect(e).to.be.an.instanceof(ReferenceError);
+      }
+    });
+  });
+
+  describe("http", () => {
+    it("block http imports by default", async () => {
+      try {
+        await reader(
+          "helloworld",
+          "https://raw.githubusercontent.com/LingDong-/wenyan-lang/master/examples/"
+        );
+      } catch (e) {
+        expect(e).to.be.an.instanceof(URIError);
+      }
+    });
+
+    it("load http contents", async () => {
+      const content = await reader(
+        "helloworld",
+        "https://raw.githubusercontent.com/LingDong-/wenyan-lang/master/examples/",
+        {
+          allowHttp: true
+        }
+      );
+
+      expect(content).eq(helloworldContent);
+    });
+
+    it("load http contents in trusted hosts", async () => {
+      const content = await reader(
+        "helloworld",
+        "https://raw.githubusercontent.com/LingDong-/wenyan-lang/master/examples/",
+        {
+          trustedHosts: [
+            "https://raw.githubusercontent.com/LingDong-/wenyan-lang/master/examples"
+          ]
+        }
+      );
+
+      expect(content).eq(helloworldContent);
+    });
+
+    it("search for http contents", async () => {
+      const content = await reader(
+        "helloworld",
+        [
+          "https://raw.githubusercontent.com/LingDong-/wenyan-lang/master/lib/",
+          "https://raw.githubusercontent.com/LingDong-/wenyan-lang/master/examples/"
+        ],
+        {
+          trustedHosts: [
+            "https://raw.githubusercontent.com/LingDong-/wenyan-lang/master"
+          ]
+        }
+      );
+
+      expect(content).eq(helloworldContent);
+    });
+  });
+});