fix: sanitize language version before passing it to acorn

getappmap · Jun 7, 2022 · 2595030 · 2595030
1 parent ddbb914
commit 2595030
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 5 deletions.
diff --git a/components/instrumentation/default/.test.list b/components/instrumentation/default/.test.list
@@ -1,2 +1,3 @@
-- visit.mjs
+- * visit.mjs
+  * version.mjs
 - index.mjs
diff --git a/components/instrumentation/default/index.mjs b/components/instrumentation/default/index.mjs
@@ -1,5 +1,6 @@
 import Escodegen from "escodegen";
 import * as Acorn from "acorn";
+import Version from "./version.mjs";
 
 const { generate: generateEstree } = Escodegen;
 const { parse: parseEstree } = Acorn;
@@ -18,6 +19,7 @@ export default (dependencies) => {
     source: { getSources },
   } = dependencies;
   const { visit } = Visit(dependencies);
+  const { getEcmaVersion } = Version(dependencies);
   const getHead = generateGet("head");
   const getBody = generateGet("body");
   const getURL = generateGet("url");
@@ -84,10 +86,7 @@ export default (dependencies) => {
                   allowHashBang: true,
                   sourceType: type,
                   allowAwaitOutsideFunction: type === "module",
-                  ecmaVersion:
-                    configuration.language.version === null
-                      ? "latest"
-                      : parseInt(configuration.language.version),
+                  ecmaVersion: getEcmaVersion(configuration.language),
                   locations: true,
                 }),
               "failed to parse file %j >> %O",

diff --git a/components/instrumentation/default/version.mjs b/components/instrumentation/default/version.mjs
@@ -0,0 +1,50 @@
+export default (dependencies) => {
+  const {
+    log: { logGuardWarning, logWarning },
+  } = dependencies;
+  const names = ["ecmascript", "javascript", "js"];
+  const versions = [
+    "3",
+    "5",
+    "6",
+    "7",
+    "8",
+    "9",
+    "10",
+    "11",
+    "12",
+    "13",
+    "2015",
+    "2016",
+    "2017",
+    "2018",
+    "2019",
+    "2020",
+    "2021",
+    "2022",
+  ];
+  return {
+    getEcmaVersion: ({ name, version }) => {
+      if (names.includes(name)) {
+        if (versions.includes(version)) {
+          return parseInt(version);
+        } else {
+          logGuardWarning(
+            version !== null && version !== "latest",
+            "Expected language version to be one of %j, but got: %j.",
+            versions,
+            version,
+          );
+          return "latest";
+        }
+      } else {
+        logWarning(
+          "Expected language name to be one of %j, but got: %j.",
+          names,
+          name,
+        );
+        return "latest";
+      }
+    },
+  };
+};
diff --git a/components/instrumentation/default/version.test.mjs b/components/instrumentation/default/version.test.mjs
@@ -0,0 +1,14 @@
+import { assertEqual } from "../../__fixture__.mjs";
+import { buildTestDependenciesAsync } from "../../build.mjs";
+import Version from "./version.mjs";
+
+Error.stackTraceLimit = Infinity;
+
+const dependencies = await buildTestDependenciesAsync(import.meta.url);
+const { getEcmaVersion } = Version(dependencies);
+
+assertEqual(getEcmaVersion({ name: "foo", version: "2020" }), "latest");
+
+assertEqual(getEcmaVersion({ name: "ecmascript", version: "2020" }), 2020);
+
+assertEqual(getEcmaVersion({ name: "javascript", version: "foo" }), "latest");