From 73decfaf300f9b2164651ce474be31f8639f033d Mon Sep 17 00:00:00 2001 From: Kyriakos Georgiou Date: Sat, 29 Jan 2022 23:28:17 -0500 Subject: [PATCH 1/3] fix(tests): avoid installing package from untrusted registry [SECURITY] --- __tests__/integration.js | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/__tests__/integration.js b/__tests__/integration.js index eda727e896..ebace6481c 100644 --- a/__tests__/integration.js +++ b/__tests__/integration.js @@ -233,16 +233,12 @@ describe('--registry option', () => { expect(lockfile[2]).toContain(registry); }); - test('--registry option with non-exiting registry and show an error', async () => { + test('--registry option with nonexistent registry and show an error', async () => { const cwd = await makeTemp(); - const registry = 'https://example-registry-doesnt-exist.com'; + const registry = 'https://example-registry-doesnt-exist.invalid'; // RFC 6761 - try { - await runYarn(['add', 'is-array', '--registry', registry], {cwd}); - } catch (err) { - const stdoutOutput = err.message; - expect(stdoutOutput.toString()).toMatch(/getaddrinfo ENOTFOUND example-registry-doesnt-exist\.com/g); - } + const yarnAdd = runYarn(['add', 'is-array', '--registry', registry, '--ignore-scripts'], {cwd}); + await expect(yarnAdd).rejects.toThrow('getaddrinfo ENOTFOUND example-registry-doesnt-exist.invalid'); }); test('registry option from yarnrc', async () => { From 1f4532e9ee0b6894f3924d45ad6bad906c77d955 Mon Sep 17 00:00:00 2001 From: Kyriakos Georgiou Date: Fri, 11 Feb 2022 01:26:58 -0500 Subject: [PATCH 2/3] fix: check for the EAI_AGAIN error also --- __tests__/integration.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/__tests__/integration.js b/__tests__/integration.js index ebace6481c..d2f7fa8007 100644 --- a/__tests__/integration.js +++ b/__tests__/integration.js @@ -235,10 +235,11 @@ describe('--registry option', () => { test('--registry option with nonexistent registry and show an error', async () => { const cwd = await makeTemp(); - const registry = 'https://example-registry-doesnt-exist.invalid'; // RFC 6761 + // See https://datatracker.ietf.org/doc/html/rfc6761#section-6.4 + const registry = 'https://example-registry-doesnt-exist.invalid'; const yarnAdd = runYarn(['add', 'is-array', '--registry', registry, '--ignore-scripts'], {cwd}); - await expect(yarnAdd).rejects.toThrow('getaddrinfo ENOTFOUND example-registry-doesnt-exist.invalid'); + await expect(yarnAdd).rejects.toThrow(/getaddrinfo (ENOTFOUND|EAI_AGAIN) example-registry-doesnt-exist\.invalid/); }); test('registry option from yarnrc', async () => { From 6cc738aa8e31d953bc151dd836b08ccbb6077155 Mon Sep 17 00:00:00 2001 From: Kyriakos Georgiou Date: Wed, 16 Feb 2022 00:27:44 -0500 Subject: [PATCH 3/3] fix: pass test for any getaddrinfo error code --- __tests__/integration.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/__tests__/integration.js b/__tests__/integration.js index d2f7fa8007..bf8e64560d 100644 --- a/__tests__/integration.js +++ b/__tests__/integration.js @@ -239,7 +239,7 @@ describe('--registry option', () => { const registry = 'https://example-registry-doesnt-exist.invalid'; const yarnAdd = runYarn(['add', 'is-array', '--registry', registry, '--ignore-scripts'], {cwd}); - await expect(yarnAdd).rejects.toThrow(/getaddrinfo (ENOTFOUND|EAI_AGAIN) example-registry-doesnt-exist\.invalid/); + await expect(yarnAdd).rejects.toThrow(/getaddrinfo .* example-registry-doesnt-exist\.invalid/); }); test('registry option from yarnrc', async () => {