Socket
Socket
Sign inDemoInstall

@hapi/pez

Package Overview
Dependencies
Maintainers
2
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@hapi/pez - npm Package Compare versions

Comparing version 5.0.2 to 5.0.3

284

lib/index.js

@@ -60,3 +60,3 @@ 'use strict';

super();
super({ autoDestroy: false });

@@ -151,225 +151,217 @@ Hoek.assert(options !== null && typeof options === 'object', 'options must be an object');

}
};
_write(buffer, encoding, next) {
internals.Dispenser.prototype._write = function (buffer, encoding, next) {
if (this._error) {
return next();
}
if (this._error) {
this._parts.write(buffer);
return next();
}
this._parts.write(buffer);
return next();
};
_emit(...args) {
if (this._error) {
return;
}
internals.Dispenser.prototype._emit = function (...args) {
if (this._error) {
return;
this.emit(...args);
}
this.emit(...args);
};
_abort(err) {
this._emit('error', err);
this._error = err;
}
internals.Dispenser.prototype._abort = function (err) {
_onPartEnd() {
this._emit('error', err);
this._error = err;
};
this._lines.flush();
if (this._state === internals.state.preamble) {
if (this._held) {
const last = this._held.length - 1;
internals.Dispenser.prototype._onPartEnd = function () {
if (this._held[last] !== '\n' ||
this._held[last - 1] !== '\r') {
this._lines.flush();
return this._abort(Boom.badRequest('Preamble missing CRLF terminator'));
}
if (this._state === internals.state.preamble) {
if (this._held) {
const last = this._held.length - 1;
this._emit('preamble', this._held.slice(0, -2));
this._held = '';
}
if (this._held[last] !== '\n' ||
this._held[last - 1] !== '\r') {
this._parts.needle(Buffer.from('\r\n--' + this._boundary)); // CRLF no longer optional
}
return this._abort(Boom.badRequest('Preamble missing CRLF terminator'));
}
this._state = internals.state.boundary;
this._emit('preamble', this._held.slice(0, -2));
if (this._stream) {
this._stream.end();
this._stream = null;
}
else if (this._name) {
this._emit('field', this._name, this._held);
this._name = '';
this._held = '';
}
this._parts.needle(Buffer.from('\r\n--' + this._boundary)); // CRLF no longer optional
}
this._state = internals.state.boundary;
_onPart(chunk) {
if (this._stream) {
this._stream.end();
this._stream = null;
}
else if (this._name) {
this._emit('field', this._name, this._held);
this._name = '';
this._held = '';
}
};
internals.Dispenser.prototype._onPart = function (chunk) {
if (this._state === internals.state.preamble) {
this._held = this._held + chunk.toString();
}
else if (this._state === internals.state.payload) {
if (this._stream) {
this._stream.write(chunk); // Stream payload
if (this._state === internals.state.preamble) {
this._held = this._held + chunk.toString();
}
else if (this._state === internals.state.payload) {
if (this._stream) {
this._stream.write(chunk); // Stream payload
}
else {
this._held = this._held + chunk.toString();
}
}
else {
this._held = this._held + chunk.toString();
this._lines.write(chunk); // Look for boundary
}
}
else {
this._lines.write(chunk); // Look for boundary
}
};
_onLineEnd() {
internals.Dispenser.prototype._onLineEnd = function () {
// Boundary whitespace
// Boundary whitespace
if (this._state === internals.state.boundary) {
if (this._held) {
this._held = this._held.replace(/[\t ]/g, ''); // trim() removes new lines
if (this._state === internals.state.boundary) {
if (this._held) {
if (this._held === '--') {
this._state = internals.state.epilogue;
this._held = '';
this._held = this._held.replace(/[\t ]/g, ''); // trim() removes new lines
if (this._held) {
if (this._held === '--') {
this._state = internals.state.epilogue;
this._held = '';
return;
return;
}
return this._abort(Boom.badRequest('Only white space allowed after boundary'));
}
}
return this._abort(Boom.badRequest('Only white space allowed after boundary'));
}
this._state = internals.state.header;
return;
}
this._state = internals.state.header;
// Part headers
return;
}
if (this._state === internals.state.header) {
// Part headers
// Header
if (this._state === internals.state.header) {
if (this._held) {
// Header
// Header continuation
if (this._held) {
if (this._held[0] === ' ' ||
this._held[0] === '\t') {
// Header continuation
if (!this._pendingHeader) {
return this._abort(Boom.badRequest('Invalid header continuation without valid declaration on previous line'));
}
if (this._held[0] === ' ' ||
this._held[0] === '\t') {
if (!this._pendingHeader) {
return this._abort(Boom.badRequest('Invalid header continuation without valid declaration on previous line'));
this._pendingHeader = this._pendingHeader + ' ' + this._held.slice(1); // Drop tab
this._held = '';
return;
}
this._pendingHeader = this._pendingHeader + ' ' + this._held.slice(1); // Drop tab
// Start of new header
this._flushHeader();
this._pendingHeader = this._held;
this._held = '';
return;
}
// Start of new header
// End of headers
this._flushHeader();
this._pendingHeader = this._held;
this._held = '';
return;
}
this._state = internals.state.payload;
// End of headers
let disposition;
this._flushHeader();
try {
disposition = Content.disposition(this._headers['content-disposition']);
}
catch (err) {
return this._abort(err);
}
this._state = internals.state.payload;
if (disposition.filename !== undefined) {
const stream = new Stream.PassThrough();
const transferEncoding = this._headers['content-transfer-encoding'];
let disposition;
if (transferEncoding &&
transferEncoding.toLowerCase() === 'base64') {
try {
disposition = Content.disposition(this._headers['content-disposition']);
}
catch (err) {
return this._abort(err);
}
this._stream = new B64.Decoder();
this._stream.pipe(stream);
}
else {
this._stream = stream;
}
if (disposition.filename !== undefined) {
const stream = new Stream.PassThrough();
const transferEncoding = this._headers['content-transfer-encoding'];
if (transferEncoding &&
transferEncoding.toLowerCase() === 'base64') {
this._stream = new B64.Decoder();
this._stream.pipe(stream);
stream.name = disposition.name;
stream.filename = disposition.filename;
stream.headers = this._headers;
this._headers = {};
this._emit('part', stream);
}
else {
this._stream = stream;
this._name = disposition.name;
}
stream.name = disposition.name;
stream.filename = disposition.filename;
stream.headers = this._headers;
this._headers = {};
this._emit('part', stream);
this._lines.flush();
return;
}
else {
this._name = disposition.name;
}
this._lines.flush();
return;
// Epilogue
this._held = this._held + '\r\n'; // Put the new line back
}
// Epilogue
_onLine(chunk) {
this._held = this._held + '\r\n'; // Put the new line back
};
internals.Dispenser.prototype._onLine = function (chunk) {
if (this._stream) {
this._stream.write(chunk); // Stream payload
if (this._stream) {
this._stream.write(chunk); // Stream payload
}
else {
this._held = this._held + chunk.toString(); // Reading header or field
}
}
else {
this._held = this._held + chunk.toString(); // Reading header or field
}
};
_flushHeader() {
internals.Dispenser.prototype._flushHeader = function () {
if (!this._pendingHeader) {
return;
}
if (!this._pendingHeader) {
return;
}
const sep = this._pendingHeader.indexOf(':');
const sep = this._pendingHeader.indexOf(':');
if (sep === -1) {
return this._abort(Boom.badRequest('Invalid header missing colon separator'));
}
if (sep === -1) {
return this._abort(Boom.badRequest('Invalid header missing colon separator'));
}
if (!sep) {
return this._abort(Boom.badRequest('Invalid header missing field name'));
}
if (!sep) {
return this._abort(Boom.badRequest('Invalid header missing field name'));
}
const name = this._pendingHeader.slice(0, sep).toLowerCase();
if (name === '__proto__') {
return this._abort(Boom.badRequest('Invalid header'));
}
const name = this._pendingHeader.slice(0, sep).toLowerCase();
if (name === '__proto__') {
return this._abort(Boom.badRequest('Invalid header'));
this._headers[name] = this._pendingHeader.slice(sep + 1).trim();
this._pendingHeader = '';
}
this._headers[name] = this._pendingHeader.slice(sep + 1).trim();
this._pendingHeader = '';
};

2

package.json
{
"name": "@hapi/pez",
"description": "Multipart parser",
"version": "5.0.2",
"version": "5.0.3",
"repository": "git://github.com/hapijs/pez",

@@ -6,0 +6,0 @@ "main": "lib/index.js",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc