fix: escape single quote when building error message for required pro…

…perty (#716) * Escape single quote in required property * Escape single quote in case the required property is missing in the list of properties * trigger ci * Add tests for double quote in property name --------- Co-authored-by: Gürgün Dayıoğlu <hey@gurgun.day>
fastify · May 6, 2024 · ed8ed70 · ed8ed70
1 parent 7aeac5e
commit ed8ed70
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 2 deletions.
diff --git a/index.js b/index.js
@@ -349,7 +349,8 @@ function buildInnerObject (context, location) {
 
   for (const key of requiredProperties) {
     if (!propertiesKeys.includes(key)) {
-      code += `if (obj['${key}'] === undefined) throw new Error('"${key}" is required!')\n`
+      const sanitizedKey = JSON.stringify(key)
+      code += `if (obj[${sanitizedKey}] === undefined) throw new Error('${sanitizedKey.replace(/'/g, '\\\'')} is required!')\n`
     }
   }
 
@@ -387,7 +388,7 @@ function buildInnerObject (context, location) {
       `
     } else if (isRequired) {
       code += ` else {
-        throw new Error('${sanitizedKey} is required!')
+        throw new Error('${sanitizedKey.replace(/'/g, '\\\'')} is required!')
       }
       `
     } else {

diff --git a/test/sanitize7.test.js b/test/sanitize7.test.js
@@ -0,0 +1,68 @@
+'use strict'
+
+const test = require('tap').test
+const build = require('..')
+
+test('required property containing single quote, contains property', (t) => {
+  t.plan(1)
+
+  const stringify = build({
+    type: 'object',
+    properties: {
+      '\'': { type: 'string' }
+    },
+    required: [
+      '\''
+    ]
+  })
+
+  t.throws(() => stringify({}), new Error('"\'" is required!'))
+})
+
+test('required property containing double quote, contains property', (t) => {
+  t.plan(1)
+
+  const stringify = build({
+    type: 'object',
+    properties: {
+      '"': { type: 'string' }
+    },
+    required: [
+      '"'
+    ]
+  })
+
+  t.throws(() => stringify({}), new Error('""" is required!'))
+})
+
+test('required property containing single quote, does not contain property', (t) => {
+  t.plan(1)
+
+  const stringify = build({
+    type: 'object',
+    properties: {
+      a: { type: 'string' }
+    },
+    required: [
+      '\''
+    ]
+  })
+
+  t.throws(() => stringify({}), new Error('"\'" is required!'))
+})
+
+test('required property containing double quote, does not contain property', (t) => {
+  t.plan(1)
+
+  const stringify = build({
+    type: 'object',
+    properties: {
+      a: { type: 'string' }
+    },
+    required: [
+      '"'
+    ]
+  })
+
+  t.throws(() => stringify({}), new Error('""" is required!'))
+})