fix: escape single quote when building error message for required property (#716)

tomastauer · gurgunday · web-flow · commit ed8ed7035af7 · 2024-05-06T14:21:53.000+02:00
* Escape single quote in required property

* Escape single quote in case the required property is missing in the list of properties

* trigger ci

* Add tests for double quote in property name

---------

Co-authored-by: Gürgün Dayıoğlu &lt;hey@gurgun.day&gt;
diff --git a/index.js b/index.js
@@ -349,7 +349,8 @@ function buildInnerObject (context, location) {
 
   for (const key of requiredProperties) {
     if (!propertiesKeys.includes(key)) {
-      code += `if (obj['${key}'] === undefined) throw new Error('"${key}" is required!')\n`
+      const sanitizedKey = JSON.stringify(key)
+      code += `if (obj[${sanitizedKey}] === undefined) throw new Error('${sanitizedKey.replace(/'/g, '\\\'')} is required!')\n`
     }
   }
 
@@ -387,7 +388,7 @@ function buildInnerObject (context, location) {
       `
     } else if (isRequired) {
       code += ` else {
-        throw new Error('${sanitizedKey} is required!')
+        throw new Error('${sanitizedKey.replace(/'/g, '\\\'')} is required!')
       }
       `
     } else {
diff --git a/test/sanitize7.test.js b/test/sanitize7.test.js
@@ -0,0 +1,68 @@
+'use strict'
+
+const test = require('tap').test
+const build = require('..')
+
+test('required property containing single quote, contains property', (t) => {
+  t.plan(1)
+
+  const stringify = build({
+    type: 'object',
+    properties: {
+      '\'': { type: 'string' }
+    },
+    required: [
+      '\''
+    ]
+  })
+
+  t.throws(() => stringify({}), new Error('"\'" is required!'))
+})
+
+test('required property containing double quote, contains property', (t) => {
+  t.plan(1)
+
+  const stringify = build({
+    type: 'object',
+    properties: {
+      '"': { type: 'string' }
+    },
+    required: [
+      '"'
+    ]
+  })
+
+  t.throws(() => stringify({}), new Error('""" is required!'))
+})
+
+test('required property containing single quote, does not contain property', (t) => {
+  t.plan(1)
+
+  const stringify = build({
+    type: 'object',
+    properties: {
+      a: { type: 'string' }
+    },
+    required: [
+      '\''
+    ]
+  })
+
+  t.throws(() => stringify({}), new Error('"\'" is required!'))
+})
+
+test('required property containing double quote, does not contain property', (t) => {
+  t.plan(1)
+
+  const stringify = build({
+    type: 'object',
+    properties: {
+      a: { type: 'string' }
+    },
+    required: [
+      '"'
+    ]
+  })
+
+  t.throws(() => stringify({}), new Error('""" is required!'))
+})

Original file line number	Diff line number	Diff line change
`@@ -349,7 +349,8 @@ function buildInnerObject (context, location) {`
`349`	`349`
`350`	`350`	`for (const key of requiredProperties) {`
`351`	`351`	`if (!propertiesKeys.includes(key)) {`
`352`		- code += `if (obj['${key}'] === undefined) throw new Error('"${key}" is required!')\n`
	`352`	`+ const sanitizedKey = JSON.stringify(key)`
	`353`	+ code += `if (obj[${sanitizedKey}] === undefined) throw new Error('${sanitizedKey.replace(/'/g, '\\\'')} is required!')\n`
`353`	`354`	`}`
`354`	`355`	`}`
`355`	`356`
`@@ -387,7 +388,7 @@ function buildInnerObject (context, location) {`
`387`	`388`	`
`388`	`389`	`} else if (isRequired) {`
`389`	`390`	code += ` else {
`390`		`- throw new Error('${sanitizedKey} is required!')`
	`391`	`+ throw new Error('${sanitizedKey.replace(/'/g, '\\\'')} is required!')`
`391`	`392`	`}`
`392`	`393`	`
`393`	`394`	`} else {`