Missing parameter validation on setCookie function causes TypeError #145

fabiante · 2019-02-05T12:42:25Z

I noticed missing parameter validation in the setCookie function:

Lines 995 to 1001 in 4350705

    
           CookieJar.prototype.setCookie = function(cookie, url, options, cb) { 
        
             var err; 
        
             var context = getCookieContext(url); 
        
             if (options instanceof Function) { 
        
               cb = options; 
        
               options = {}; 
        
             }

There is no parameter validation which may cause confusion when not setting url. If only cookies then the function will assume that the options parameter is an object and tries to access the loose property. This will cause a TypeException.

There should either be parameter validation throwing an Error or some kind of handling.

This was found when investigating this bug: valeriangalliat/fetch-cookie#35

The text was updated successfully, but these errors were encountered:

stash · 2019-03-11T16:39:08Z

Agree that this could have a much better error raised than TypeError. Pull request would be welcome :)

Other methods besides setCookie could benefit from clearer error messages too, for what it's worth.

ruoho · 2020-08-24T21:21:54Z

@fabiante Sorry for the delay, this should be fixed in the latest pull request. Can you verify?

Targeting ES5 causes the "fixes issue #145" test in cookieJar.spec.ts to fail. Changing the target to the next newest (ES6) requires adding "moduleResolution" to the tsconfig, which then causes issues with using `import` in our TypeScript, but `require` in the legacy vows tests. To support both, we have to bump to a newer version of TypeScript to use the new "node16" module/moduleResolution. (Note: I didn't jump to the _latest_ TypeScript to try to support older projects, as well.)

* Update config to support ES6 classes. Targeting ES5 causes the "fixes issue #145" test in cookieJar.spec.ts to fail. Changing the target to the next newest (ES6) requires adding "moduleResolution" to the tsconfig, which then causes issues with using `import` in our TypeScript, but `require` in the legacy vows tests. To support both, we have to bump to a newer version of TypeScript to use the new "node16" module/moduleResolution. (Note: I didn't jump to the _latest_ TypeScript to try to support older projects, as well.) * Avoid unnecessarily running compiled test files. * Fix flaky test. * Avoid hacky reliance on inherited property of global object. * Avoid needing to use `resolveJsonModule`. * Remove config that's just the default. See: https://huafu.github.io/ts-jest/user/config/isolatedModules * Update tsconfig to target node 16 and only compile ./lib * Chang `dist/lib` imports to just `dist`. * add granularity to npm scripts

awaterma added major We expect this work to be a major semver change and removed major We expect this work to be a major semver change labels Dec 9, 2019

awaterma added this to the 4.x Release milestone Dec 9, 2019

medelibero-sfdc self-assigned this Apr 22, 2020

medelibero-sfdc mentioned this issue Apr 27, 2020

Missing param validation issue145 #193

Merged

ruoho closed this as completed Aug 24, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Missing parameter validation on setCookie function causes TypeError #145

Missing parameter validation on setCookie function causes TypeError #145

fabiante commented Feb 5, 2019

stash commented Mar 11, 2019

ruoho commented Aug 24, 2020

Missing parameter validation on setCookie function causes TypeError #145

Missing parameter validation on setCookie function causes TypeError #145

Comments

fabiante commented Feb 5, 2019

stash commented Mar 11, 2019

ruoho commented Aug 24, 2020