From c4bab2c72a228905016a7d4d9fe6e52f9bdd7137 Mon Sep 17 00:00:00 2001 From: Evgeniy Popov Date: Thu, 17 Aug 2023 23:22:56 +0300 Subject: [PATCH 1/4] Added tests to parse npm package names --- modules/packages/npm/creator_test.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/packages/npm/creator_test.go b/modules/packages/npm/creator_test.go index 168f950038d54..43ab3b20961b9 100644 --- a/modules/packages/npm/creator_test.go +++ b/modules/packages/npm/creator_test.go @@ -67,6 +67,16 @@ func TestParsePackage(t *testing.T) { test(t, " test") test(t, "test ") test(t, "te st") + test(t, "Test") + test(t, "_test") + test(t, ".test") + test(t, "^test") + test(t, "te^st") + test(t, "te|st") + test(t, "te)(st") + test(t, "te'st") + test(t, "te!st") + test(t, "te*st") test(t, "invalid/scope") test(t, "@invalid/_name") test(t, "@invalid/.name") @@ -93,6 +103,13 @@ func TestParsePackage(t *testing.T) { test(t, "test") test(t, "@scope/name") + test(t, "@scope/q") + test(t, "q") + test(t, "@scope/package-name") + test(t, "@scope/package.name") + test(t, "@scope/package_name") + test(t, "123name") + test(t, "----") test(t, packageFullName) }) From cdad9f0c5ecc7c956613b781bea75ab1e905d0cf Mon Sep 17 00:00:00 2001 From: Evgeniy Popov Date: Sat, 19 Aug 2023 12:47:43 +0300 Subject: [PATCH 2/4] Replaced regex to parse npm packages names. --- modules/packages/npm/creator.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/packages/npm/creator.go b/modules/packages/npm/creator.go index 5e7e0e2983301..1052336845e39 100644 --- a/modules/packages/npm/creator.go +++ b/modules/packages/npm/creator.go @@ -34,7 +34,7 @@ var ( ErrInvalidIntegrity = util.NewInvalidArgumentErrorf("failed to validate integrity") ) -var nameMatch = regexp.MustCompile(`\A((@[^\s\/~'!\(\)\*]+?)[\/])?([^_.][^\s\/~'!\(\)\*]+)\z`) +var nameMatch = regexp.MustCompile(`^(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*$`) // Package represents a npm package type Package struct { From b82d53b192e5ebd6973e0e7761dbaff5396c0704 Mon Sep 17 00:00:00 2001 From: Evgeniy Popov Date: Sat, 19 Aug 2023 20:17:26 +0300 Subject: [PATCH 3/4] Added test to cover names contains tilde. --- modules/packages/npm/creator_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/packages/npm/creator_test.go b/modules/packages/npm/creator_test.go index 43ab3b20961b9..806377a52bc43 100644 --- a/modules/packages/npm/creator_test.go +++ b/modules/packages/npm/creator_test.go @@ -77,6 +77,7 @@ func TestParsePackage(t *testing.T) { test(t, "te'st") test(t, "te!st") test(t, "te*st") + test(t, "te~st") test(t, "invalid/scope") test(t, "@invalid/_name") test(t, "@invalid/.name") From 87789aeb026588e3ea974977196ef09041b47afb Mon Sep 17 00:00:00 2001 From: Evgeniy Popov Date: Sat, 19 Aug 2023 20:19:44 +0300 Subject: [PATCH 4/4] Excluded tilde from regex, as suggested in PR --- modules/packages/npm/creator.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/packages/npm/creator.go b/modules/packages/npm/creator.go index 1052336845e39..9e636757aff6a 100644 --- a/modules/packages/npm/creator.go +++ b/modules/packages/npm/creator.go @@ -34,7 +34,7 @@ var ( ErrInvalidIntegrity = util.NewInvalidArgumentErrorf("failed to validate integrity") ) -var nameMatch = regexp.MustCompile(`^(@[a-z0-9-~][a-z0-9-._~]*/)?[a-z0-9-~][a-z0-9-._~]*$`) +var nameMatch = regexp.MustCompile(`^(@[a-z0-9-][a-z0-9-._]*/)?[a-z0-9-][a-z0-9-._]*$`) // Package represents a npm package type Package struct {