Skip to content

Commit

Permalink
fix: vulnerabilities in the socket.io-file package
Browse files Browse the repository at this point in the history
  • Loading branch information
sf-v committed Apr 7, 2022
1 parent 9533ad0 commit 1f2516e
Show file tree
Hide file tree
Showing 6 changed files with 380 additions and 12 deletions.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@
"cross-env": "^5.2.0",
"eslint": "^5.16.0",
"husky": "2.4.0",
"jest": "^26.0.1",
"isbinaryfile": "^4.0.2",
"jest": "^26.0.1",
"lerna": "^3.18.3",
"prettier": "^1.17.1",
"rimraf": "^2.6.3",
Expand Down
2 changes: 1 addition & 1 deletion packages/@best/agent/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@
"@best/shared": "6.1.0",
"@best/utils": "6.1.0",
"express": "4.17.2",
"mime": "^1.3.4",
"socket.io": "~2.2.0",
"socket.io-file": "~2.0.31",
"tar": "6.1.11"
},
"files": [
Expand Down
18 changes: 10 additions & 8 deletions packages/@best/agent/src/utils/benchmark-loader.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,14 @@
* All rights reserved.
* SPDX-License-Identifier: MIT
* For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/MIT
*/
*/

import path from "path";
import SocketIOFile from "socket.io-file";
import path from 'path';
import { cacheDirectory, randomAlphanumeric } from '@best/utils';
import { x as extractTar } from 'tar';
import { Socket } from "socket.io";
import { Socket } from 'socket.io';
import SocketFile from './socket.io-file';
import type SocketIOFile from 'socket.io-file'

// This is all part of the initialization
const LOADER_CONFIG_DEFAULTS = {
Expand All @@ -27,11 +28,12 @@ export function getUploaderInstance(socket: Socket): SocketIOFile {
// same-named benchmark to the agent. When this happens, the agent may get a partial file or the hub may fail
// because there is a lock on the same-named file.
const config = Object.assign({}, LOADER_CONFIG_DEFAULTS, {
uploadDir: path.join(cacheDirectory('best_agent'), 'uploads', randomAlphanumeric(16))
uploadDir: path.join(cacheDirectory('best_agent'), 'uploads', randomAlphanumeric(16)),
});

const uploader: any = new SocketIOFile(socket, config);
uploader.load = function () {
const uploader: any = new (SocketFile as any)(socket, config);

uploader.load = function() {
return new Promise((resolve, reject) => {
uploader.on('complete', (info: any) => {
uploader.removeAllListeners('complete');
Expand All @@ -43,7 +45,7 @@ export function getUploaderInstance(socket: Socket): SocketIOFile {
reject(err);
});
});
}
};

return uploader;
}
Expand Down
Loading

0 comments on commit 1f2516e

Please sign in to comment.