fix: guard select choices from reserved values

makesjs · May 22, 2019 · fe8cc7a · fe8cc7a
1 parent 8221bb6
commit fe8cc7a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/lib/run-questionnaire.js b/lib/run-questionnaire.js
@@ -79,12 +79,19 @@ async function textPrompt(question, {predefinedProperties, unattended, _debug})
   return answer;
 }
 
+const RESERVED_VALUES = ['and', 'or', 'not', 'true', 'false'];
+
 async function selectPrompt(question, pickedFeatures, {preselectedFeatures, unattended, _debug}) {
   let {choices, multiple} = question;
 
   choices.forEach(c => {
     if (c.value && (typeof c.value !== 'string' || !c.value.match(/^[a-zA-Z1-9-]*$/))) {
-      throw new Error(`Value ${JSON.stringify(c.value)} is invalid. Only accept letters, numbers, and dash(-).` +
+      throw new Error(`Value ${JSON.stringify(c.value)} is invalid. Only accept letters, numbers, and dash(-).\n` +
+        'In question:\n' + JSON.stringify(question, null, 2) + '\n\n');
+    }
+
+    if (RESERVED_VALUES.includes(c.value)) {
+      throw new Error(`Value ${JSON.stringify(c.value)} is rejected, because it's one of reserved strings ${JSON.stringify(RESERVED_VALUES)}.\n` +
         'In question:\n' + JSON.stringify(question, null, 2) + '\n\n');
     }
   });

diff --git a/test/run-questionnaire.spec.js b/test/run-questionnaire.spec.js
@@ -85,6 +85,11 @@ test('textPrompt validates user input', async t => {
 test('selectPrompt rejects invalid choice value', async t => {
   await t.throwsAsync(async () => selectPrompt({choices:[{value:'a&b'}]}, [], {preselectedFeatures: []}));
   await t.throwsAsync(async () => selectPrompt({choices:[{value:'a b'}]}, [], {preselectedFeatures: []}));
+  await t.throwsAsync(async () => selectPrompt({choices:[{value:'and'}]}, [], {preselectedFeatures: []}));
+  await t.throwsAsync(async () => selectPrompt({choices:[{value:'or'}]}, [], {preselectedFeatures: []}));
+  await t.throwsAsync(async () => selectPrompt({choices:[{value:'not'}]}, [], {preselectedFeatures: []}));
+  await t.throwsAsync(async () => selectPrompt({choices:[{value:'true'}]}, [], {preselectedFeatures: []}));
+  await t.throwsAsync(async () => selectPrompt({choices:[{value:'false'}]}, [], {preselectedFeatures: []}));
 });
 
 test('selectPrompt returns value of the only choice without prompting', async t => {