cspell-config-lib
Advanced tools
Comparing version 8.2.4 to 8.3.0
@@ -13,2 +13,13 @@ import type { CSpellConfigFile, ICSpellConfigFile } from './CSpellConfigFile.js'; | ||
clearCachedFiles(): void; | ||
setUntrustedExtensions(ext: readonly string[]): this; | ||
setTrustedUrls(urls: readonly (URL | string)[]): this; | ||
/** | ||
* Untrusted extensions are extensions that are not trusted to be loaded from a file system. | ||
* Extension are case insensitive and should include the leading dot. | ||
*/ | ||
readonly untrustedExtensions: string[]; | ||
/** | ||
* Urls starting with these urls are trusted to be loaded from a file system. | ||
*/ | ||
readonly trustedUrls: URL[]; | ||
} | ||
@@ -25,2 +36,13 @@ export declare class CSpellConfigFileReaderWriterImpl implements CSpellConfigFileReaderWriter { | ||
constructor(io: IO, middleware: SerializerMiddleware[], loaders: FileLoaderMiddleware[]); | ||
private _untrustedExtensions; | ||
private _trustedUrls; | ||
/** | ||
* Untrusted extensions are extensions that are not trusted to be loaded from a file system. | ||
* Extension are case insensitive and should include the leading dot. | ||
*/ | ||
get untrustedExtensions(): string[]; | ||
/** | ||
* Urls starting with these urls are trusted to be loaded from a file system. | ||
*/ | ||
get trustedUrls(): URL[]; | ||
readConfig(uri: URL | string): Promise<CSpellConfigFile>; | ||
@@ -30,4 +52,9 @@ getDeserializer(): DeserializerNext; | ||
writeConfig(configFile: ICSpellConfigFile): Promise<TextFileRef>; | ||
setUntrustedExtensions(ext: readonly string[]): this; | ||
setTrustedUrls(urls: readonly (URL | string)[]): this; | ||
clearCachedFiles(): void; | ||
} | ||
export declare class UntrustedUrlError extends Error { | ||
constructor(url: URL); | ||
} | ||
//# sourceMappingURL=CSpellConfigFileReaderWriter.d.ts.map |
@@ -0,1 +1,2 @@ | ||
import { extname } from 'node:path/posix'; | ||
import { getDeserializer, getLoader, getSerializer } from './middlewareHelper.js'; | ||
@@ -17,3 +18,22 @@ import { toURL } from './util/toURL.js'; | ||
} | ||
_untrustedExtensions = new Set(); | ||
_trustedUrls = []; | ||
/** | ||
* Untrusted extensions are extensions that are not trusted to be loaded from a file system. | ||
* Extension are case insensitive and should include the leading dot. | ||
*/ | ||
get untrustedExtensions() { | ||
return [...this._untrustedExtensions]; | ||
} | ||
/** | ||
* Urls starting with these urls are trusted to be loaded from a file system. | ||
*/ | ||
get trustedUrls() { | ||
return [...this._trustedUrls].map((url) => new URL(url)); | ||
} | ||
readConfig(uri) { | ||
const url = new URL(uri); | ||
if (!isTrusted(url, this._trustedUrls, this._untrustedExtensions)) { | ||
return Promise.reject(new UntrustedUrlError(url)); | ||
} | ||
const loader = getLoader(this.loaders); | ||
@@ -36,2 +56,11 @@ return loader({ url: toURL(uri), context: { deserialize: this.getDeserializer(), io: this.io } }); | ||
} | ||
setUntrustedExtensions(ext) { | ||
this._untrustedExtensions.clear(); | ||
ext.forEach((e) => this._untrustedExtensions.add(e.toLowerCase())); | ||
return this; | ||
} | ||
setTrustedUrls(urls) { | ||
this._trustedUrls = [...new Set([...urls.map((url) => new URL(url).href)])].sort(); | ||
return this; | ||
} | ||
clearCachedFiles() { | ||
@@ -43,2 +72,15 @@ for (const loader of this.loaders) { | ||
} | ||
function isTrusted(url, trustedUrls, untrustedExtensions) { | ||
const path = url.pathname; | ||
const ext = extname(path).toLowerCase(); | ||
if (!untrustedExtensions.has(ext)) | ||
return true; | ||
const href = url.href; | ||
return trustedUrls.some((trustedUrl) => href.startsWith(trustedUrl)); | ||
} | ||
export class UntrustedUrlError extends Error { | ||
constructor(url) { | ||
super(`Untrusted URL: "${url.href}"`); | ||
} | ||
} | ||
//# sourceMappingURL=CSpellConfigFileReaderWriter.js.map |
@@ -11,3 +11,4 @@ import { extname } from 'node:path/posix'; | ||
const result = await import(_url.href); | ||
const settings = result.default ?? result; | ||
const settingsOrFunction = await (result.default ?? result); | ||
const settings = typeof settingsOrFunction === 'function' ? await settingsOrFunction() : settingsOrFunction; | ||
return new CSpellConfigFileJavaScript(url, settings); | ||
@@ -14,0 +15,0 @@ } |
{ | ||
"name": "cspell-config-lib", | ||
"version": "8.2.4", | ||
"version": "8.3.0", | ||
"description": "CSpell Config library", | ||
@@ -49,7 +49,7 @@ "keywords": [ | ||
"dependencies": { | ||
"@cspell/cspell-types": "8.2.4", | ||
"@cspell/cspell-types": "8.3.0", | ||
"comment-json": "^4.2.3", | ||
"yaml": "^2.3.4" | ||
}, | ||
"gitHead": "d3c5ff685b3aa2bf984f557d81380f2c994547e0" | ||
"gitHead": "019c7ccd326b7fc9e106069ddf6008d5079bbd12" | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
35958
790
+ Added@cspell/cspell-types@8.3.0(transitive)
- Removed@cspell/cspell-types@8.2.4(transitive)
Updated@cspell/cspell-types@8.3.0