mirrors/misskey
1
0
Fork 1
mirror of https://github.com/misskey-dev/misskey.git synced 2026-05-20 17:35:31 +02:00
Code Releases Activity

Use safe yaml.JSON_SCHEMA to prevent code execution vulnerabilities

Browse Source 
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-12-01 02:18:44 +00:00
parent 69c8d8e102
commit ffdc78b354
4 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/backend/scripts/compile_config.js
View File

@@ -28,7 +28,7 @@ if (!fs.existsSync(configYmlPath)) {
} }
const yamlContent = fs.readFileSync(configYmlPath, 'utf-8'); const yamlContent = fs.readFileSync(configYmlPath, 'utf-8');
const config = yaml.load(yamlContent); const config = yaml.load(yamlContent, { schema: yaml.JSON_SCHEMA });
fs.writeFileSync(configJsonPath, JSON.stringify(config, null, '\t'), 'utf-8'); fs.writeFileSync(configJsonPath, JSON.stringify(config, null, '\t'), 'utf-8');
console.log(`Compiled config: ${configYmlPath} -> ${configJsonPath}`); console.log(`Compiled config: ${configYmlPath} -> ${configJsonPath}`);

2
packages/i18n/build.ts
View File

@@ -70,7 +70,7 @@ function compileLocales(): void {
const files = fs.readdirSync(srcDir).filter(f => f.endsWith('.yml')); const files = fs.readdirSync(srcDir).filter(f => f.endsWith('.yml'));
for (const file of files) { for (const file of files) {
const yamlContent = clean(fs.readFileSync(resolve(srcDir, file), 'utf-8')); const yamlContent = clean(fs.readFileSync(resolve(srcDir, file), 'utf-8'));
const jsonContent = yaml.load(yamlContent); const jsonContent = yaml.load(yamlContent, { schema: yaml.JSON_SCHEMA });
const jsonFile = file.replace(/\.yml$/, '.json'); const jsonFile = file.replace(/\.yml$/, '.json');
fs.writeFileSync(resolve(destDir, jsonFile), JSON.stringify(jsonContent), 'utf-8'); fs.writeFileSync(resolve(destDir, jsonFile), JSON.stringify(jsonContent), 'utf-8');
} }

2
packages/i18n/scripts/generateLocaleInterface.ts
View File

@@ -62,7 +62,7 @@ function createMembers(record: LocaleRecord): ts.TypeElement[] {
} }
export async function generateLocaleInterface(localesDir: string): Promise<void> { export async function generateLocaleInterface(localesDir: string): Promise<void> {
const locale = yaml.load(fs.readFileSync(`${localesDir}/ja-JP.yml`, 'utf-8').toString()) as LocaleRecord; const locale = yaml.load(fs.readFileSync(`${localesDir}/ja-JP.yml`, 'utf-8').toString(), { schema: yaml.JSON_SCHEMA }) as LocaleRecord;
const members = createMembers(locale); const members = createMembers(locale);
const elements: ts.Statement[] = [ const elements: ts.Statement[] = [

13
pnpm-lock.yaml generated
View File

@@ -267,9 +267,6 @@ importers:
is-svg: is-svg:
specifier: 6.1.0 specifier: 6.1.0
version: 6.1.0 version: 6.1.0
js-yaml:
specifier: 4.1.1
version: 4.1.1
json5: json5:
specifier: 2.2.3 specifier: 2.2.3
version: 2.2.3 version: 2.2.3
@@ -580,6 +577,9 @@ importers:
jest-util: jest-util:
specifier: 29.7.0 specifier: 29.7.0
version: 29.7.0 version: 29.7.0
js-yaml:
specifier: 4.1.1
version: 4.1.1
nodemon: nodemon:
specifier: 3.1.11 specifier: 3.1.11
version: 3.1.11 version: 3.1.11
@@ -1331,10 +1331,6 @@ importers:
version: 10.2.0(eslint@9.39.1) version: 10.2.0(eslint@9.39.1)
packages/i18n: packages/i18n:
dependencies:
js-yaml:
specifier: 4.1.1
version: 4.1.1
devDependencies: devDependencies:
'@types/js-yaml': '@types/js-yaml':
specifier: 4.0.9 specifier: 4.0.9
@@ -1360,6 +1356,9 @@ importers:
glob: glob:
specifier: 11.1.0 specifier: 11.1.0
version: 11.1.0 version: 11.1.0
js-yaml:
specifier: 4.1.1
version: 4.1.1
nodemon: nodemon:
specifier: 3.1.11 specifier: 3.1.11
version: 3.1.11 version: 3.1.11