Skip to content

Commit

Permalink
Merge pull request #735 from microsoft/sandy081/horrible-rat
Browse files Browse the repository at this point in the history
fix: validate sponsor URL
  • Loading branch information
sandy081 authored Jun 1, 2022
2 parents 2ec05b1 + 75456f2 commit 95823b6
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 6 deletions.
2 changes: 1 addition & 1 deletion src/manifest.ts
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ export interface Manifest {
enabledApiProposals?: readonly string[];
qna?: 'marketplace' | string | false;
extensionKind?: ExtensionKind | ExtensionKind[];
sponsor?: string;
sponsor?: { url: string };

// optional (npm)
author?: string | Person;
Expand Down
19 changes: 17 additions & 2 deletions src/package.ts
Original file line number Diff line number Diff line change
Expand Up @@ -454,7 +454,7 @@ export class ManifestProcessor extends BaseProcessor {
.join(',')
: '',
preRelease: !!this.options.preRelease,
sponsorLink: manifest.sponsor || '',
sponsorLink: manifest.sponsor?.url || '',
};

if (isGitHub) {
Expand Down Expand Up @@ -605,7 +605,7 @@ export class TagsProcessor extends BaseProcessor {
);

const webExensionTags = isWebKind(this.manifest) ? ['__web_extension'] : [];
const sponsorTags = this.manifest.sponsor ? ['__sponsor_extension'] : [];
const sponsorTags = this.manifest.sponsor?.url ? ['__sponsor_extension'] : [];

const tags = new Set([
...keywords,
Expand Down Expand Up @@ -1221,6 +1221,21 @@ export function validateManifest(manifest: Manifest): Manifest {
}
}

if (manifest.sponsor) {
let isValidSponsorUrl = true;
try {
const sponsorUrl = new url.URL(manifest.sponsor.url);
isValidSponsorUrl = /^(https|http):$/i.test(sponsorUrl.protocol);
} catch (error) {
isValidSponsorUrl = false;
}
if (!isValidSponsorUrl) {
throw new Error(
`Manifest contains invalid value '${manifest.sponsor.url}' in the 'sponsor' property. It must be a valid URL with a HTTP or HTTPS protocol.`
);
}
}

return manifest;
}

Expand Down
13 changes: 10 additions & 3 deletions src/test/package.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -383,6 +383,13 @@ describe('validateManifest', () => {
validateManifest(createManifest({ extensionKind: ['ui', 'workspace'] }));
validateManifest(createManifest({ extensionKind: ['workspace', 'ui'] }));
});

it('should validate sponsor', () => {
assert.throws(() => validateManifest(createManifest({ sponsor: { url: 'hello' } })));
assert.throws(() => validateManifest(createManifest({ sponsor: { url: 'www.foo.com' } })));
validateManifest(createManifest({ sponsor: { url: 'https://foo.bar' } }));
validateManifest(createManifest({ sponsor: { url: 'http://www.foo.com' } }));
});
});

describe('toVsixManifest', () => {
Expand Down Expand Up @@ -1661,7 +1668,7 @@ describe('toVsixManifest', () => {
});

it('should add sponsor link property', () => {
const sponsor = 'https://foo.bar';
const sponsor = { url: 'https://foo.bar' };
const manifest: Manifest = {
name: 'test',
publisher: 'mocha',
Expand All @@ -1676,12 +1683,12 @@ describe('toVsixManifest', () => {
.then(result => {
const properties = result.PackageManifest.Metadata[0].Properties[0].Property;
const sponsorLinkProp = properties.find(p => p.$.Id === 'Microsoft.VisualStudio.Code.SponsorLink');
assert.strictEqual(sponsorLinkProp?.$.Value, sponsor);
assert.strictEqual(sponsorLinkProp?.$.Value, sponsor.url);
});
});

it('should automatically add sponsor tag for extension with sponsor link', async () => {
const manifest = createManifest({ sponsor: 'https://foo.bar' });
const manifest = createManifest({ sponsor: { url: 'https://foo.bar' } });
const vsixManifest = await _toVsixManifest(manifest, []);
const result = await parseXmlManifest(vsixManifest);

Expand Down

0 comments on commit 95823b6

Please sign in to comment.