packages/nodejs-grunt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!9 Fix CVE-2022-0436

Browse Source 
From: @wk333 
Reviewed-by: @solarhu 
Signed-off-by: @solarhu
This commit is contained in:
openeuler-ci-bot 2022-04-21 08:58:39 +00:00 committed by Gitee
commit 0c36fd5e90
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 90 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
CVE-2022-0436.patch Normal file
View File

@ -0,0 +1,84 @@
From aad3d4521c3098fb255fb2db8f2e1d691a033665 Mon Sep 17 00:00:00 2001
From: Vlad Filippov <vlad.filippov@gmail.com>
Date: Sun, 10 Apr 2022 23:16:06 -0400
Subject: [PATCH] Update dependencies, tests...
diff --git a/lib/grunt/file.js b/lib/grunt/file.js
index 863617f..f0a2d6e 100644
--- a/lib/grunt/file.js
+++ b/lib/grunt/file.js
@@ -303,8 +303,11 @@ file.write = function(filepath, contents, options) {
// Read a file, optionally processing its content, then write the output.
// Or read a directory, recursively creating directories, reading files,
// processing content, writing output.
+// Handles symlinks by coping them as files or directories.
file.copy = function copy(srcpath, destpath, options) {
- if (file.isDir(srcpath)) {
+ if (file._isSymbolicLink(srcpath)) {
+ file._copySymbolicLink(srcpath, destpath);
+ } else if (file.isDir(srcpath)) {
// Copy a directory, recursively.
// Explicitly create new dest directory.
file.mkdir(destpath);
@@ -452,6 +455,24 @@ file.isPathCwd = function() {
}
};
+file._isSymbolicLink = function() {
+ var filepath = path.join.apply(path, arguments);
+ return fs.lstatSync(filepath).isSymbolicLink();
+};
+
+file._copySymbolicLink = function(srcpath, destpath) {
+ var destdir = path.join(destpath, '..');
+ var fileBase = path.basename(srcpath);
+ // Use the correct relative path for the symlink
+ if (!grunt.file.isPathAbsolute(srcpath)) {
+ srcpath = path.relative(destdir, srcpath) || '.';
+ }
+ file.mkdir(destdir);
+ var mode = grunt.file.isDir(srcpath) ? 'dir' : 'file';
+ var destpath = path.join(destpath, fileBase);
+ return fs.symlinkSync(srcpath, destpath, mode);
+};
+
// Test to see if a filepath is contained within the CWD.
file.isPathInCwd = function() {
var filepath = path.join.apply(path, arguments);
diff --git a/test/grunt/file_test.js b/test/grunt/file_test.js
index 5110f04..41f1c2d 100644
--- a/test/grunt/file_test.js
+++ b/test/grunt/file_test.js
@@ -888,5 +888,28 @@ exports.file = {
test.ok(grunt.file.isPathInCwd(path.resolve('deep')), 'subdirectory is in cwd');
test.done();
},
+ 'symbolicLinkCopy': function(test) {
+ test.expect(4);
+ var srcfile = new Tempdir();
+ fs.symlinkSync(path.resolve('test/fixtures/octocat.png'), path.join(srcfile.path, 'octocat.png'), 'file');
+ // test symlink copy for files
+ var destdir = new Tempdir();
+ grunt.file.copy(path.join(srcfile.path, 'octocat.png'), destdir.path);
+ test.ok(fs.lstatSync(path.join(srcfile.path, 'octocat.png')).isSymbolicLink());
+ test.ok(fs.lstatSync(path.join(destdir.path, 'octocat.png')).isSymbolicLink());
+
+ // test symlink copy for directories
+ var srcdir = new Tempdir();
+ var destdir = new Tempdir();
+ var fixtures = path.resolve('test/fixtures');
+ var symlinkSource = path.join(srcdir.path, path.basename(fixtures));
+ console.log('symlinkSource', symlinkSource);
+ fs.symlinkSync(fixtures, symlinkSource, 'dir');
+
+ grunt.file.copy(symlinkSource, destdir.path);
+ test.ok(fs.lstatSync(symlinkSource).isSymbolicLink());
+ test.ok(fs.lstatSync(path.join(destdir.path, path.basename(fixtures))).isSymbolicLink());
+ test.done();
+ },
}
};
--
2.27.0

7
nodejs-grunt.spec
View File

@ -1,13 +1,15 @@
%global enable_tests 1 %global enable_tests 1
Name: nodejs-grunt Name: nodejs-grunt
Version: 1.0.1 Version: 1.0.1
Release: 2 Release: 3
Summary: Grunt is a JavaScript library used for automation and running tasks Summary: Grunt is a JavaScript library used for automation and running tasks
License: MIT License: MIT
URL: https://github.com/gruntjs/grunt URL: https://github.com/gruntjs/grunt
Source0: https://github.com/gruntjs/grunt/archive/v%{version}/grunt-%{version}.tar.gz Source0: https://github.com/gruntjs/grunt/archive/v%{version}/grunt-%{version}.tar.gz
Patch0: CVE-2020-7729-pre.patch Patch0: CVE-2020-7729-pre.patch
Patch1: CVE-2020-7729.patch Patch1: CVE-2020-7729.patch
# https://github.com/gruntjs/grunt/commit/aad3d45
Patch2: CVE-2022-0436.patch
BuildArch: noarch BuildArch: noarch
ExclusiveArch: %{nodejs_arches} noarch ExclusiveArch: %{nodejs_arches} noarch
BuildRequires: nodejs-packaging BuildRequires: nodejs-packaging
@ -58,6 +60,9 @@ grunt nodeunit:all
%{nodejs_sitelib}/grunt %{nodejs_sitelib}/grunt
%changelog %changelog
* Thu Apr 21 2022 wangkai <wangkai385@h-partners.com> - 1.0.1-3
- Fix CVE-2022-0436
* Wed Feb 23 2022 yaoxin <yaoxin30@huawei.com> - 1.0.1-2 * Wed Feb 23 2022 yaoxin <yaoxin30@huawei.com> - 1.0.1-2
- Fix CVE-2020-7729 - Fix CVE-2020-7729