diff --git a/.changeset/spotty-kiwis-crash.md b/.changeset/spotty-kiwis-crash.md new file mode 100644 index 00000000000..59f3a4fa5a5 --- /dev/null +++ b/.changeset/spotty-kiwis-crash.md @@ -0,0 +1,10 @@ +--- +"@graphql-tools/utils": patch +--- + +Disallow new lines in paths when checking with `isValidPath` + +A string may sometimes look like a path but is not (like an SDL of a simple +GraphQL schema). To make sure we don't yield false-positives in such cases, +we disallow new lines in paths (even though most Unix systems support new +lines in file names). diff --git a/packages/utils/src/helpers.ts b/packages/utils/src/helpers.ts index cadf619b437..60508f92734 100644 --- a/packages/utils/src/helpers.ts +++ b/packages/utils/src/helpers.ts @@ -25,7 +25,15 @@ export function isDocumentString(str: any): boolean { return false; } -const invalidPathRegex = /[‘“!%^<>`]/; +const invalidPathRegex = /[‘“!%^<>`\n]/; +/** + * Checkes whether the `str` contains any path illegal characters. + * + * A string may sometimes look like a path but is not (like an SDL of a simple + * GraphQL schema). To make sure we don't yield false-positives in such cases, + * we disallow new lines in paths (even though most Unix systems support new + * lines in file names). + */ export function isValidPath(str: any): boolean { return typeof str === 'string' && !invalidPathRegex.test(str); } diff --git a/packages/utils/tests/helpers.test.ts b/packages/utils/tests/helpers.test.ts new file mode 100644 index 00000000000..ecba2becfa3 --- /dev/null +++ b/packages/utils/tests/helpers.test.ts @@ -0,0 +1,20 @@ +import { isValidPath } from '../src/helpers'; + +describe('helpers', () => { + it.each([ + `schema @transport(subgraph: "API", kind: "rest", location: "http://0.0.0.0:4001", headers: "{\"Content-Type\":\"application/json\"}") { + query: Query + mutation: Mutation + subscription: Subscription + }`, + ])('should detect "%s" as NOT a valid path', str => { + expect(isValidPath(str)).toBeFalsy(); + }); + + it.each(['file', 'file.tsx', 'some/where/file.tsx', '/some/where/file.tsx'])( + 'should detect "%s" as a valid path', + str => { + expect(isValidPath(str)).toBeTruthy(); + }, + ); +});