nits

nodejs · Sep 17, 2019 · dca9029 · dca9029
1 parent 057c177
commit dca9029
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 7 deletions.
diff --git a/lib/internal/policy/manifest.js b/lib/internal/policy/manifest.js
@@ -51,9 +51,45 @@ function REACTION_LOG(error) {
 }
 
 class Manifest {
+  /**
+   * Url string => true | string | SRI[]
+   *
+   * Used to compare a resource to the content body at the resource.
+   * `true` is used to signify that all integrities are allowed, otherwise,
+   * SRI strings are parsed to compare with the body.
+   *
+   * This stores strings instead of eagerly parsing SRI strings
+   * and only converts them to SRI data structures when needed.
+   * This avoids needing to parse all SRI strings at startup even
+   * if some never end up being used.
+   */
   #integrities = new SafeMap();
+  /**
+   * Url string => (string) => true | URL
+   *
+   * Used to find where a dependency is located.
+   *
+   * This stores functions to lazily calculate locations as needed.
+   * `true` is used to signify that the location is not specified
+   * by the manifest and default resolution should be allowed.
+   */
   #dependencies = new SafeMap();
+  /**
+   * (Error) => undefined
+   * 
+   * Performs default action for what happens when a manifest encounters
+   * a violation such as abort()ing or exiting the process, throwing the error,
+   * or logging the error.
+   */
   #reaction = null;
+
+  /**
+   * `obj` should match the policy file format described in the docs
+   * it is expected to not have prototype pollution issues either by reassigning
+   * the prototype to `null` for values or by running prior to any user code.
+   * 
+   * `manifestURL` is a URL to resolve relative locations against.
+   */
   constructor(obj, manifestURL) {
     const integrities = this.#integrities;
     const dependencies = this.#dependencies;

diff --git a/lib/internal/policy/sri.js b/lib/internal/policy/sri.js
@@ -1,5 +1,6 @@
 'use strict';
-// Value of https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
+// Utility to parse the value of
+// https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
 
 const {
   Object: {
@@ -10,7 +11,6 @@ const {
   StringPrototype
 } = primordials;
 
-// Returns [{algorithm, value (in base64 string), options,}]
 const {
   ERR_SRI_PARSE
 } = require('internal/errors').codes;
@@ -29,21 +29,22 @@ freeze(kSRIPattern);
 const BufferFrom = require('buffer').Buffer.from;
 const RealArrayPrototype = getPrototypeOf([]);
 
+// Returns {algorithm, value (in base64 string), options,}[]
 const parse = (str) => {
   let prevIndex = 0;
+  // Avoid setters being fired
   const entries = setPrototypeOf([], null);
-  for (const match of StringPrototype.matchAll(
+  const matches = StringPrototype.matchAll(
     StringPrototype.trimRight(str),
-    kSRIPattern)
-  ) {
+    kSRIPattern
+  );
+  for (const match of matches) {
     if (match.index !== prevIndex) {
       throw new ERR_SRI_PARSE(str, str.charAt(prevIndex), prevIndex);
     }
     if (entries.length > 0 && match[1] === '') {
       throw new ERR_SRI_PARSE(str, str.charAt(prevIndex), prevIndex);
     }
-
-    // Avoid setters being fired
     entries[entries.length] = freeze({
       __proto__: null,
       algorithm: match[2],