Use let or const to avoid scope issues and hoisting
var assert = require('node:assert')
1'use strict'23var assert = require('node:assert')4var AsyncLocalStorage = require('node:async_hooks').AsyncLocalStorage56var express = require('..')7var request = require('supertest')8const { Buffer } = require('node:buffer');910describe('express.raw()', function () {11 before(function () {12 this.app = createApp()13 })1415 it('should parse application/octet-stream', function (done) {16 request(this.app)17 .post('/')18 .set('Content-Type', 'application/octet-stream')19 .send('the user is tobi')20 .expect(200, { buf: '746865207573657220697320746f6269' }, done)21 })2223 it('should 400 when invalid content-length', function (done) {24 var app = express()2526 app.use(function (req, res, next) {27 req.headers['content-length'] = '20' // bad length28 next()29 })3031 app.use(express.raw())3233 app.post('/', function (req, res) {34 if (Buffer.isBuffer(req.body)) {35 res.json({ buf: req.body.toString('hex') })36 } else {37 res.json(req.body)38 }39 })4041 request(app)42 .post('/')43 .set('Content-Type', 'application/octet-stream')44 .send('stuff')45 .expect(400, /content length/, done)46 })4748 it('should handle Content-Length: 0', function (done) {49 request(this.app)50 .post('/')51 .set('Content-Type', 'application/octet-stream')52 .set('Content-Length', '0')53 .expect(200, { buf: '' }, done)54 })5556 it('should handle empty message-body', function (done) {57 request(this.app)58 .post('/')59 .set('Content-Type', 'application/octet-stream')60 .set('Transfer-Encoding', 'chunked')61 .send('')62 .expect(200, { buf: '' }, done)63 })6465 it('should handle duplicated middleware', function (done) {66 var app = express()6768 app.use(express.raw())69 app.use(express.raw())7071 app.post('/', function (req, res) {72 if (Buffer.isBuffer(req.body)) {73 res.json({ buf: req.body.toString('hex') })74 } else {75 res.json(req.body)76 }77 })7879 request(app)80 .post('/')81 .set('Content-Type', 'application/octet-stream')82 .send('the user is tobi')83 .expect(200, { buf: '746865207573657220697320746f6269' }, done)84 })8586 describe('with limit option', function () {87 it('should 413 when over limit with Content-Length', function (done) {88 var buf = Buffer.alloc(1028, '.')89 var app = createApp({ limit: '1kb' })90 var test = request(app).post('/')91 test.set('Content-Type', 'application/octet-stream')92 test.set('Content-Length', '1028')93 test.write(buf)94 test.expect(413, done)95 })9697 it('should 413 when over limit with chunked encoding', function (done) {98 var buf = Buffer.alloc(1028, '.')99 var app = createApp({ limit: '1kb' })100 var test = request(app).post('/')101 test.set('Content-Type', 'application/octet-stream')102 test.set('Transfer-Encoding', 'chunked')103 test.write(buf)104 test.expect(413, done)105 })106107 it('should 413 when inflated body over limit', function (done) {108 var app = createApp({ limit: '1kb' })109 var test = request(app).post('/')110 test.set('Content-Encoding', 'gzip')111 test.set('Content-Type', 'application/octet-stream')112 test.write(Buffer.from('1f8b080000000000000ad3d31b05a360148c64000087e5a14704040000', 'hex'))113 test.expect(413, done)114 })115116 it('should accept number of bytes', function (done) {117 var buf = Buffer.alloc(1028, '.')118 var app = createApp({ limit: 1024 })119 var test = request(app).post('/')120 test.set('Content-Type', 'application/octet-stream')121 test.write(buf)122 test.expect(413, done)123 })124125 it('should not change when options altered', function (done) {126 var buf = Buffer.alloc(1028, '.')127 var options = { limit: '1kb' }128 var app = createApp(options)129130 options.limit = '100kb'131132 var test = request(app).post('/')133 test.set('Content-Type', 'application/octet-stream')134 test.write(buf)135 test.expect(413, done)136 })137138 it('should not hang response', function (done) {139 var buf = Buffer.alloc(10240, '.')140 var app = createApp({ limit: '8kb' })141 var test = request(app).post('/')142 test.set('Content-Type', 'application/octet-stream')143 test.write(buf)144 test.write(buf)145 test.write(buf)146 test.expect(413, done)147 })148149 it('should not error when inflating', function (done) {150 var app = createApp({ limit: '1kb' })151 var test = request(app).post('/')152 test.set('Content-Encoding', 'gzip')153 test.set('Content-Type', 'application/octet-stream')154 test.write(Buffer.from('1f8b080000000000000ad3d31b05a360148c64000087e5a147040400', 'hex'))155 test.expect(413, done)156 })157 })158159 describe('with inflate option', function () {160 describe('when false', function () {161 before(function () {162 this.app = createApp({ inflate: false })163 })164165 it('should not accept content-encoding', function (done) {166 var test = request(this.app).post('/')167 test.set('Content-Encoding', 'gzip')168 test.set('Content-Type', 'application/octet-stream')169 test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex'))170 test.expect(415, '[encoding.unsupported] content encoding unsupported', done)171 })172 })173174 describe('when true', function () {175 before(function () {176 this.app = createApp({ inflate: true })177 })178179 it('should accept content-encoding', function (done) {180 var test = request(this.app).post('/')181 test.set('Content-Encoding', 'gzip')182 test.set('Content-Type', 'application/octet-stream')183 test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex'))184 test.expect(200, { buf: '6e616d653de8aeba' }, done)185 })186 })187 })188189 describe('with type option', function () {190 describe('when "application/vnd+octets"', function () {191 before(function () {192 this.app = createApp({ type: 'application/vnd+octets' })193 })194195 it('should parse for custom type', function (done) {196 var test = request(this.app).post('/')197 test.set('Content-Type', 'application/vnd+octets')198 test.write(Buffer.from('000102', 'hex'))199 test.expect(200, { buf: '000102' }, done)200 })201202 it('should ignore standard type', function (done) {203 var test = request(this.app).post('/')204 test.set('Content-Type', 'application/octet-stream')205 test.write(Buffer.from('000102', 'hex'))206 test.expect(200, '', done)207 })208 })209210 describe('when ["application/octet-stream", "application/vnd+octets"]', function () {211 before(function () {212 this.app = createApp({213 type: ['application/octet-stream', 'application/vnd+octets']214 })215 })216217 it('should parse "application/octet-stream"', function (done) {218 var test = request(this.app).post('/')219 test.set('Content-Type', 'application/octet-stream')220 test.write(Buffer.from('000102', 'hex'))221 test.expect(200, { buf: '000102' }, done)222 })223224 it('should parse "application/vnd+octets"', function (done) {225 var test = request(this.app).post('/')226 test.set('Content-Type', 'application/vnd+octets')227 test.write(Buffer.from('000102', 'hex'))228 test.expect(200, { buf: '000102' }, done)229 })230231 it('should ignore "application/x-foo"', function (done) {232 var test = request(this.app).post('/')233 test.set('Content-Type', 'application/x-foo')234 test.write(Buffer.from('000102', 'hex'))235 test.expect(200, '', done)236 })237 })238239 describe('when a function', function () {240 it('should parse when truthy value returned', function (done) {241 var app = createApp({ type: accept })242243 function accept (req) {244 return req.headers['content-type'] === 'application/vnd.octet'245 }246247 var test = request(app).post('/')248 test.set('Content-Type', 'application/vnd.octet')249 test.write(Buffer.from('000102', 'hex'))250 test.expect(200, { buf: '000102' }, done)251 })252253 it('should work without content-type', function (done) {254 var app = createApp({ type: accept })255256 function accept (req) {257 return true258 }259260 var test = request(app).post('/')261 test.write(Buffer.from('000102', 'hex'))262 test.expect(200, { buf: '000102' }, done)263 })264265 it('should not invoke without a body', function (done) {266 var app = createApp({ type: accept })267268 function accept (req) {269 throw new Error('oops!')270 }271272 request(app)273 .get('/')274 .expect(404, done)275 })276 })277 })278279 describe('with verify option', function () {280 it('should assert value is function', function () {281 assert.throws(createApp.bind(null, { verify: 'lol' }),282 /TypeError: option verify must be function/)283 })284285 it('should error from verify', function (done) {286 var app = createApp({287 verify: function (req, res, buf) {288 if (buf[0] === 0x00) throw new Error('no leading null')289 }290 })291292 var test = request(app).post('/')293 test.set('Content-Type', 'application/octet-stream')294 test.write(Buffer.from('000102', 'hex'))295 test.expect(403, '[entity.verify.failed] no leading null', done)296 })297298 it('should allow custom codes', function (done) {299 var app = createApp({300 verify: function (req, res, buf) {301 if (buf[0] !== 0x00) return302 var err = new Error('no leading null')303 err.status = 400304 throw err305 }306 })307308 var test = request(app).post('/')309 test.set('Content-Type', 'application/octet-stream')310 test.write(Buffer.from('000102', 'hex'))311 test.expect(400, '[entity.verify.failed] no leading null', done)312 })313314 it('should allow pass-through', function (done) {315 var app = createApp({316 verify: function (req, res, buf) {317 if (buf[0] === 0x00) throw new Error('no leading null')318 }319 })320321 var test = request(app).post('/')322 test.set('Content-Type', 'application/octet-stream')323 test.write(Buffer.from('0102', 'hex'))324 test.expect(200, { buf: '0102' }, done)325 })326 })327328 describe('async local storage', function () {329 before(function () {330 var app = express()331 var store = { foo: 'bar' }332333 app.use(function (req, res, next) {334 req.asyncLocalStorage = new AsyncLocalStorage()335 req.asyncLocalStorage.run(store, next)336 })337338 app.use(express.raw())339340 app.use(function (req, res, next) {341 var local = req.asyncLocalStorage.getStore()342343 if (local) {344 res.setHeader('x-store-foo', String(local.foo))345 }346347 next()348 })349350 app.use(function (err, req, res, next) {351 var local = req.asyncLocalStorage.getStore()352353 if (local) {354 res.setHeader('x-store-foo', String(local.foo))355 }356357 res.status(err.status || 500)358 res.send('[' + err.type + '] ' + err.message)359 })360361 app.post('/', function (req, res) {362 if (Buffer.isBuffer(req.body)) {363 res.json({ buf: req.body.toString('hex') })364 } else {365 res.json(req.body)366 }367 })368369 this.app = app370 })371372 it('should persist store', function (done) {373 request(this.app)374 .post('/')375 .set('Content-Type', 'application/octet-stream')376 .send('the user is tobi')377 .expect(200)378 .expect('x-store-foo', 'bar')379 .expect({ buf: '746865207573657220697320746f6269' })380 .end(done)381 })382383 it('should persist store when unmatched content-type', function (done) {384 request(this.app)385 .post('/')386 .set('Content-Type', 'application/fizzbuzz')387 .send('buzz')388 .expect(200)389 .expect('x-store-foo', 'bar')390 .end(done)391 })392393 it('should persist store when inflated', function (done) {394 var test = request(this.app).post('/')395 test.set('Content-Encoding', 'gzip')396 test.set('Content-Type', 'application/octet-stream')397 test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex'))398 test.expect(200)399 test.expect('x-store-foo', 'bar')400 test.expect({ buf: '6e616d653de8aeba' })401 test.end(done)402 })403404 it('should persist store when inflate error', function (done) {405 var test = request(this.app).post('/')406 test.set('Content-Encoding', 'gzip')407 test.set('Content-Type', 'application/octet-stream')408 test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad6080000', 'hex'))409 test.expect(400)410 test.expect('x-store-foo', 'bar')411 test.end(done)412 })413414 it('should persist store when limit exceeded', function (done) {415 request(this.app)416 .post('/')417 .set('Content-Type', 'application/octet-stream')418 .send('the user is ' + Buffer.alloc(1024 * 100, '.').toString())419 .expect(413)420 .expect('x-store-foo', 'bar')421 .end(done)422 })423 })424425 describe('charset', function () {426 before(function () {427 this.app = createApp()428 })429430 it('should ignore charset', function (done) {431 var test = request(this.app).post('/')432 test.set('Content-Type', 'application/octet-stream; charset=utf-8')433 test.write(Buffer.from('6e616d6520697320e8aeba', 'hex'))434 test.expect(200, { buf: '6e616d6520697320e8aeba' }, done)435 })436 })437438 describe('encoding', function () {439 before(function () {440 this.app = createApp({ limit: '10kb' })441 })442443 it('should parse without encoding', function (done) {444 var test = request(this.app).post('/')445 test.set('Content-Type', 'application/octet-stream')446 test.write(Buffer.from('6e616d653de8aeba', 'hex'))447 test.expect(200, { buf: '6e616d653de8aeba' }, done)448 })449450 it('should support identity encoding', function (done) {451 var test = request(this.app).post('/')452 test.set('Content-Encoding', 'identity')453 test.set('Content-Type', 'application/octet-stream')454 test.write(Buffer.from('6e616d653de8aeba', 'hex'))455 test.expect(200, { buf: '6e616d653de8aeba' }, done)456 })457458 it('should support gzip encoding', function (done) {459 var test = request(this.app).post('/')460 test.set('Content-Encoding', 'gzip')461 test.set('Content-Type', 'application/octet-stream')462 test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex'))463 test.expect(200, { buf: '6e616d653de8aeba' }, done)464 })465466 it('should support deflate encoding', function (done) {467 var test = request(this.app).post('/')468 test.set('Content-Encoding', 'deflate')469 test.set('Content-Type', 'application/octet-stream')470 test.write(Buffer.from('789ccb4bcc4db57db16e17001068042f', 'hex'))471 test.expect(200, { buf: '6e616d653de8aeba' }, done)472 })473474 it('should be case-insensitive', function (done) {475 var test = request(this.app).post('/')476 test.set('Content-Encoding', 'GZIP')477 test.set('Content-Type', 'application/octet-stream')478 test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex'))479 test.expect(200, { buf: '6e616d653de8aeba' }, done)480 })481482 it('should 415 on unknown encoding', function (done) {483 var test = request(this.app).post('/')484 test.set('Content-Encoding', 'nulls')485 test.set('Content-Type', 'application/octet-stream')486 test.write(Buffer.from('000000000000', 'hex'))487 test.expect(415, '[encoding.unsupported] unsupported content encoding "nulls"', done)488 })489 })490})491492function createApp (options) {493 var app = express()494495 app.use(express.raw(options))496497 app.use(function (err, req, res, next) {498 res.status(err.status || 500)499 res.send(String(req.headers['x-error-property']500 ? err[req.headers['x-error-property']]501 : ('[' + err.type + '] ' + err.message)))502 })503504 app.post('/', function (req, res) {505 if (Buffer.isBuffer(req.body)) {506 res.json({ buf: req.body.toString('hex') })507 } else {508 res.json(req.body)509 }510 })511512 return app513}
Code quality findings 63
Use let or const to avoid scope issues and hoisting
var AsyncLocalStorage = require('node:async_hooks').AsyncLocalStorage
Use let or const to avoid scope issues and hoisting
var express = require('..')
Use let or const to avoid scope issues and hoisting
var request = require('supertest')
Use let or const to avoid scope issues and hoisting
var app = express()
Use let or const to avoid scope issues and hoisting
var app = express()
Use let or const to avoid scope issues and hoisting
var buf = Buffer.alloc(1028, '.')
Use let or const to avoid scope issues and hoisting
var app = createApp({ limit: '1kb' })
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var buf = Buffer.alloc(1028, '.')
Use let or const to avoid scope issues and hoisting
var app = createApp({ limit: '1kb' })
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var app = createApp({ limit: '1kb' })
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var buf = Buffer.alloc(1028, '.')
Use let or const to avoid scope issues and hoisting
var app = createApp({ limit: 1024 })
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var buf = Buffer.alloc(1028, '.')
Use let or const to avoid scope issues and hoisting
var options = { limit: '1kb' }
Use let or const to avoid scope issues and hoisting
var app = createApp(options)
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var buf = Buffer.alloc(10240, '.')
Use let or const to avoid scope issues and hoisting
var app = createApp({ limit: '8kb' })
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var app = createApp({ limit: '1kb' })
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var app = createApp({ type: accept })
Use strict equality (===) to prevent type coercion bugs
return req.headers['content-type'] === 'application/vnd.octet'
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var app = createApp({ type: accept })
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var app = createApp({ type: accept })
Use let or const to avoid scope issues and hoisting
var app = createApp({
Use strict equality (===) to prevent type coercion bugs
if (buf[0] === 0x00) throw new Error('no leading null')
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var app = createApp({
Use strict equality (===) to prevent type coercion bugs
if (buf[0] !== 0x00) return
Use let or const to avoid scope issues and hoisting
var err = new Error('no leading null')
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var app = createApp({
Use strict equality (===) to prevent type coercion bugs
if (buf[0] === 0x00) throw new Error('no leading null')
Use let or const to avoid scope issues and hoisting
var test = request(app).post('/')
Use let or const to avoid scope issues and hoisting
var app = express()
Use let or const to avoid scope issues and hoisting
var store = { foo: 'bar' }
Use let or const to avoid scope issues and hoisting
var local = req.asyncLocalStorage.getStore()
Use let or const to avoid scope issues and hoisting
var local = req.asyncLocalStorage.getStore()
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var test = request(this.app).post('/')
Use let or const to avoid scope issues and hoisting
var app = express()