fs: validate the input data to be of expected types #31030
Conversation
BridgeAR
added
the
semver-major
nodejs-github-bot
added
the
fs
|
The only CITGM errors that came up here are tests that just need a file and not the content. I opened a PR to fix their tests: ember-cli/ember-cli#8975 |
|
Will docs need to be updated to mention that the functions can throw in these situations? (I imagine "yes" but I haven't looked to see what they say right now.) |
Trott
added
the
notable-change
|
@Trott I can do that but I think we never documented that in fs. I just checked other functions that also throw sync and the ones I looked at also do not have any documentation about that. Should we maybe just outline in a generic fs part that input validation is synchronous? Or should I only add an entry to the Update: I just added the changes entries. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
In that case, I guess it's OK to omit. Someone can always go through and add the information at a later date. (Aside: Might not be a bad thing to add an entry to everything that throws indicating what it might throw, but that would be a pretty big project. @nodejs/documentation) |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
@nodejs/tsc PTAL. This needs one more LG to be ready. |
|
@nodejs/tsc this needs another review. PTAL |
This comment has been minimized.
This comment has been minimized.
BridgeAR
added
the
author ready
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Awaiting ember-cli/ember-cli#8975. |
|
@Trott do you want to wait until the test fix is released? It is merged but the next release is up in 6-12 weeks. I would rather land this before that. |
There is a release coming the week of January 19. I know you're eager to get this in, but I think a 2-week delay should be tolerable. Since this PR is a semver-major change, it won't end up in a Node.js release until April. So, at least as I see it, there's no reason not to wait two weeks to land this. An alternative is to land something in CITGM's |
|
@nodejs/tsc This has enough reviews to land, but could probably stand a little more attention/scrutiny/awareness. |
The input was not validated so far and that caused unwanted side effects. E.g., `undefined` became the string `'undefined'`. It was expected to fail or to end up as empty string. Now all input is validated to be either some type of array buffer view or a string. That way it's always clear what the user intents. Fixes: nodejs#31025
BridgeAR
force-pushed
the
2019-12-19-stricter-fs-input-checks
branch
from
1b78dae
to
e8940d0
Compare
The input was not validated so far and that caused unwanted side effects. E.g., `undefined` became the string `'undefined'`. It was expected to fail or to end up as empty string. Now all input is validated to be either some type of array buffer view or a string. That way it's always clear what the user intents. PR-URL: #31030 Fixes: #31025 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Yongsheng Zhang <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Gireesh Punathil <[email protected]>
PR-URL: #31030 Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Yongsheng Zhang <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Gireesh Punathil <[email protected]>
PR-URL: #31731 Refs: #31030 Reviewed-By: Ruben Bridgewater <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Denys Otrishko <[email protected]>
- Use Node.js 14 in actions/setup-node - Add Node.js 14.x to the test matrix - Remove CI: true from the environment The variable is already set by GitHub - Fix bug in test fixture Discovered with v14.x because of nodejs/node#31030.
- Use Node.js 14 in actions/setup-node - Add Node.js 14.x to the test matrix - Remove CI: true from the environment The variable is already set by GitHub - Fix bug in test fixture Discovered with v14.x because of nodejs/node#31030.
|
fwiw i believe this breaks uglify-js v2 (i can't upgrade to v3 because it lacks IE 8 support). The specific value being passed into Could this validation perhaps be loosened, to still stringify objects that have a |
|
Went ahead and submitted #34993, on the off chance the loosening would be accepted. |
A Node.js 14.x added strict type checking when writing files to disk, preventing methods with their own `.toString()` method from being written to disk and generating a `ERR_INVALID_ARG_TYPE` error in the process. This affected using this plugin in combination with `--source-map`. The behavioral change was introduced in nodejs/node#31030 and recently fixed in nodejs/node#34993. That fix was not comprehensive, and did not resolve the issue for the plugin. To avoid this issue for all versions of Node, we no longer assume there will be an implicit call to `SourceMapGenerator.toString()`. Instead, it's now explicitly called when setting the data to write for the source map, fixing source map generation. This was tested on the latest releases of Node 12 through 15.
The input was not validated so far and that caused unwanted side
effects. E.g.,
undefinedbecame the string'undefined'. It wasexpected to fail or to end up as empty string.
Now all input is validated to be either some type of array buffer
view or a string. That way it's always clear what the user intents.
Fixes: #31025
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes