Skip to content

Commit 82f6369

Browse files
phoekersonphoekerson
committed
fix: improve CLI number validation and add regression tests
Ensure numeric inputs are strictly validated against DECIMAL_NUMBER_REGEXP before conversion. Added tests to reject Infinity and hex values in watch options to prevent ambiguous parsing.
1 parent 72598ef commit 82f6369

2 files changed

Lines changed: 32 additions & 1 deletion

File tree

lib/cli.js

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -603,6 +603,8 @@ const getExpectedValue = (argConfig) => {
603603

604604
/** @typedef {null | string | number | boolean | RegExp | EnumValue | []} ParsedValue */
605605

606+
const DECIMAL_NUMBER_REGEXP = /^[+-]?(?:\d+\.?\d*|\.\d+)(?:e[+-]?\d+)?$/i;
607+
606608
/**
607609
* @param {ArgumentConfig} argConfig processing instructions
608610
* @param {Value} value the value
@@ -622,7 +624,10 @@ const parseValueForArgumentConfig = (argConfig, value) => {
622624
break;
623625
case "number":
624626
if (typeof value === "number") return value;
625-
if (typeof value === "string" && /^[+-]?\d*(\.\d*)e\d+$/i) {
627+
if (
628+
typeof value === "string" &&
629+
DECIMAL_NUMBER_REGEXP.test(value)
630+
) {
626631
const n = Number(value);
627632
if (!Number.isNaN(n)) return n;
628633
}

test/Cli.basictest.js

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -323,6 +323,8 @@ describe("Cli", () => {
323323
"output-library-name": "non-object",
324324
"resolve-loader-unsafe-cache": [true, false],
325325
"output-chunk-load-timeout": "20000x",
326+
"watch-options-aggregate-timeout": "Infinity",
327+
"watch-options-poll": "0x10",
326328
"cache-type": "filsystem",
327329
"entry-reset": false,
328330
"module-unknown-context-reg-exp": "ab?c*",
@@ -366,6 +368,30 @@ describe("Cli", () => {
366368
"type": "invalid-value",
367369
"value": "20000x",
368370
},
371+
Object {
372+
"argument": "watch-options-aggregate-timeout",
373+
"expected": "number",
374+
"index": undefined,
375+
"path": "watchOptions.aggregateTimeout",
376+
"type": "invalid-value",
377+
"value": "Infinity",
378+
},
379+
Object {
380+
"argument": "watch-options-poll",
381+
"expected": "number",
382+
"index": undefined,
383+
"path": "watchOptions.poll",
384+
"type": "invalid-value",
385+
"value": "0x10",
386+
},
387+
Object {
388+
"argument": "watch-options-poll",
389+
"expected": "true | false",
390+
"index": undefined,
391+
"path": "watchOptions.poll",
392+
"type": "invalid-value",
393+
"value": "0x10",
394+
},
369395
Object {
370396
"argument": "cache-type",
371397
"expected": "memory",

0 commit comments

Comments
 (0)