Skip to content

Commit d07bf59

Browse files
koehlerbBrian Koehler
authored and
daffl
committed
fix(configuration): Fix handling of config values that start with . or .. but are not actually relative paths; e.g. ".foo" or "..bar" (#2065)
Co-authored-by: Brian Koehler <bkoehler@langara.ca>
1 parent c6107af commit d07bf59

3 files changed

Lines changed: 11 additions & 1 deletion

File tree

packages/configuration/src/index.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ export default function init () {
2525
if (process.env[value]) {
2626
value = process.env[value];
2727
}
28-
if (value.indexOf('.') === 0 || value.indexOf('..') === 0) {
28+
if (value.indexOf('./') === 0 || value.indexOf('../') === 0) {
2929
// Make relative paths absolute
3030
value = path.resolve(
3131
path.join(config.util.getEnv('NODE_CONFIG_DIR')),

packages/configuration/test/config/default.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
"port": 3030,
33
"environment": "NODE_ENV",
44
"path": "../something",
5+
"notDotPath": ".dot",
6+
"notDotDotPath": "..dotdot",
57
"pathFromEnv": "PATH_ENV",
68
"unescaped": "\\NODE_ENV",
79
"from": "default",

packages/configuration/test/index.test.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,14 @@ describe('@feathersjs/configuration', () => {
6464
assert.strictEqual(app.get('pathFromEnv'), join(__dirname, 'something'))
6565
);
6666

67+
it('does not normalize values that start with . but are not a relative path', () =>
68+
assert.strictEqual(app.get('notDotPath'), '.dot')
69+
);
70+
71+
it('does not normalize values that start with .. but are not a relative path', () =>
72+
assert.strictEqual(app.get('notDotDotPath'), '..dotdot')
73+
);
74+
6775
it('converts environment variables recursively', () =>
6876
assert.strictEqual(app.get('deeply').nested.env, 'testing')
6977
);

0 commit comments

Comments
 (0)