Comparing version 0.1.1 to 0.1.2
69
index.js
@@ -9,3 +9,3 @@ | ||
var ATTRIBUTE_MATCHER = /([a-z]+)="(.+?)"/g; | ||
var EXPRESSION_MATCHER = /\$\{(.+?)\}/g; | ||
var INTERPOLATION_MATCHER = /\$\{(.+?)\}/g; | ||
@@ -104,14 +104,28 @@ (function() { | ||
function interpolate() { | ||
for (var i = 0; i < attributes.length; i++) { | ||
var attribute = attributes[i]; | ||
attribute.name = this._interpolate(attribute.name, variables, false); | ||
attribute.value = this._interpolate(attribute.value, variables, false); | ||
} | ||
} | ||
switch (directiveName) { | ||
case "if": | ||
interpolate.apply(this); | ||
return this._handleIf(attributes); | ||
case "elif": | ||
interpolate.apply(this); | ||
return this._handleElseIf(attributes); | ||
case "else": | ||
interpolate.apply(this); | ||
return this._handleElse(); | ||
case "endif": | ||
interpolate.apply(this); | ||
return this._handleEndIf(currentFile, variables); | ||
case "set": | ||
interpolate.apply(this); | ||
return this._handleSet(attributes); | ||
case "include": | ||
interpolate.apply(this); | ||
return this._handleInclude(attributes, currentFile); | ||
@@ -125,2 +139,28 @@ } | ||
_interpolate: function(string, variables, shouldWrap) { | ||
var instance = this; | ||
return string.replace(INTERPOLATION_MATCHER, function(variable, variableName) { | ||
var value; | ||
// Either return the variable value or the original expression if it doesn't exist | ||
if (variables[variableName] !== undefined) { | ||
value = variables[variableName]; | ||
} else if (process.env[variableName] !== undefined) { | ||
value = process.env[variableName]; | ||
} | ||
if (value !== undefined) { | ||
if (shouldWrap) { | ||
// Escape all double quotes and wrap the value in double quotes | ||
return instance._wrap(variables[variableName]); | ||
} | ||
return value; | ||
} | ||
return variable; | ||
}); | ||
}, | ||
_parseAttributes: function(directive) { | ||
@@ -136,16 +176,4 @@ var attributes = []; | ||
_parseExpression: function(expression, variables) { | ||
var instance = this; | ||
expression = expression.replace(EXPRESSION_MATCHER, function(variable, variableName) { | ||
// Either return the variable value or the original expression if it doesn't exist | ||
if (variables[variableName] !== undefined) { | ||
// Escape all double quotes and wrap the value in double quotes | ||
return instance._wrap(variables[variableName]); | ||
} | ||
return variable; | ||
}); | ||
if (expression.match(EXPRESSION_MATCHER)) { | ||
_parseExpression: function(expression) { | ||
if (expression.match(INTERPOLATION_MATCHER)) { | ||
return {error: "Could not resolve all variables"} | ||
@@ -187,8 +215,13 @@ } | ||
var attribute = attributes[0]; | ||
var output = undefined; | ||
if (attribute.name === "file") { | ||
return {output: this.ioUtils.readFileSync(currentFile, attribute.value)}; | ||
output = this.ioUtils.readFileSync(currentFile, attribute.value); | ||
} else if (attribute.name === "virtual") { | ||
return {output: this.ioUtils.readVirtualSync(attribute.value)}; | ||
output = this.ioUtils.readVirtualSync(attribute.value); | ||
} | ||
// TODO: Parse included file here | ||
return {output: output}; | ||
} | ||
@@ -251,3 +284,3 @@ | ||
// Find the first conditional that is true | ||
if (this._parseExpression(conditional.getExpression(), variables).truthy) { | ||
if (this._parseExpression(conditional.getExpression()).truthy) { | ||
var directiveHandler = new DirectiveHandler(this.ioUtils); | ||
@@ -254,0 +287,0 @@ var output = {output: "", variables: {}}; |
{ | ||
"name": "ssi", | ||
"version": "0.1.1", | ||
"version": "0.1.2", | ||
"description": "Server Side Includes for NodeJS", | ||
@@ -5,0 +5,0 @@ "author": "Glenn Nelson <glenn@hexcoder.us> (glenn@hexcoder.us)", |
@@ -25,3 +25,3 @@ | ||
it("${true} should be true", function() { | ||
var results = parser._parseExpression("${true}", variables); | ||
var results = parser._parseExpression(parser._interpolate("${true}", variables, true)); | ||
assert(results.truthy === true); | ||
@@ -31,3 +31,3 @@ }); | ||
it("${false} should be false", function() { | ||
var results = parser._parseExpression("${false}", variables); | ||
var results = parser._parseExpression(parser._interpolate("${false}", variables, true)); | ||
assert(results.truthy === false); | ||
@@ -37,3 +37,3 @@ }); | ||
it("${test} should be true", function() { | ||
var results = parser._parseExpression("${test}", variables); | ||
var results = parser._parseExpression(parser._interpolate("${test}", variables, true)); | ||
assert(results.truthy === true); | ||
@@ -43,3 +43,3 @@ }); | ||
it("${empty} should be false", function() { | ||
var results = parser._parseExpression("${empty}", variables); | ||
var results = parser._parseExpression(parser._interpolate("${empty}", variables, true)); | ||
assert(results.truthy === false); | ||
@@ -46,0 +46,0 @@ }); |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
19397
18
453
1
5