Permalink
Browse files

security update: if JSON.parse fails, emits an error instead of quitt…

…ing app
  • Loading branch information...
bnjbvr committed Apr 11, 2013
1 parent 1435646 commit 49dc4bc2fdaf3a633976c783e6cfaed06665940c
Showing with 13 additions and 14 deletions.
  1. +3 −4 lib/app.coffee
  2. +1 −6 lib/posts.coffee
  3. +1 −1 lib/profile.coffee
  4. +6 −1 lib/requests.coffee
  5. +1 −1 lib/tent.coffee
  6. +1 −1 lib/utils.coffee
View
@@ -31,8 +31,7 @@ class Application extends SubModule
cb err
return
- appInfo = JSON.parse data
-
+ appInfo = data
if appInfo.authorizations and appInfo.authorizations.length > 0
@profile_info_types = appInfo.authorizations[0].profile_info_types
@post_types = appInfo.authorizations[0].post_types
@@ -144,7 +143,7 @@ class Application extends SubModule
cb err
return
- a = @info = JSON.parse data
+ a = @info = data
@id = @info.id
@client.setAppCredentials @info.mac_key, @info.mac_key_id
@@ -179,7 +178,7 @@ class Application extends SubModule
cb err
return
- response = JSON.parse data
+ response = data
@client.setUserCredentials response.mac_key, response.access_token
cb null, @client.credentials.user
View
@@ -102,12 +102,7 @@ class Posts extends SubModule
body: JSON.stringify params
needAuth: true
auth: @client.credentials.user
- rcb = (err, headers, data) ->
- if err
- cb err
- else
- cb null, JSON.parse data
-
+ rcb = utils.makeGenericCallback cb
@call reqParam, rcb
@
View
@@ -47,7 +47,7 @@ class Profile extends SubModule
if err
cb err
else
- @client.profiles = JSON.parse data
+ @client.profiles = data
cb null, @client.profiles
@call reqParam, rcb
View
@@ -48,7 +48,12 @@ class Request
if res.headers.status and res.headers.status.substring(0, 3) != '200'
@cb "Status isn't 200 OK but " + res.headers.status + "\nData received: " + data
else
- @cb null, res.headers, data
+ try
+ if data.length > 0
+ data = JSON.parse data
+ @cb null, res.headers, data
+ catch err
+ @cb 'when parsing JSON response: ' + err
@
req.on 'error', @cb
View
@@ -84,7 +84,7 @@ class Client
url: pURL
method: 'GET'
rcb = (err, headers, data) =>
- @profiles = JSON.parse data
+ @profiles = data
@queueFree()
cb null, @profiles
View
@@ -6,7 +6,7 @@ exports.makeGenericCallback = (cb) ->
if err
cb err
else
- cb null, JSON.parse data
+ cb null, data
exports.generateUniqueToken = (cb) ->
crypto.randomBytes 32, (_, buf) ->

0 comments on commit 49dc4bc

Please sign in to comment.