From c3a95f152005f0a16def3d5ad1eebf9acf0d2e97 Mon Sep 17 00:00:00 2001 From: Andrea Venuta Date: Wed, 21 Jun 2023 15:05:52 +0200 Subject: [PATCH 1/2] Bump ouroboros to 0.17 --- vuln-reach/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vuln-reach/Cargo.toml b/vuln-reach/Cargo.toml index 3a35fb7..e4a8c0a 100644 --- a/vuln-reach/Cargo.toml +++ b/vuln-reach/Cargo.toml @@ -7,7 +7,7 @@ edition = "2021" flate2 = "1.0.24" itertools = "0.10.5" lazy_static = "1.4.0" -ouroboros = "0.15.5" +ouroboros = "0.17.0" serde = { version = "1.0.152", features = ["derive"] } serde_json = "1.0.93" tar = "0.4.38" From 2c36ef0b4a9ffa38e2d632dd52bb4fe043bc7a4c Mon Sep 17 00:00:00 2001 From: Andrea Venuta Date: Wed, 21 Jun 2023 15:12:36 +0200 Subject: [PATCH 2/2] Adjust comment formatting --- vuln-reach/src/javascript/lang/exports.rs | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/vuln-reach/src/javascript/lang/exports.rs b/vuln-reach/src/javascript/lang/exports.rs index 792a1fc..c821e89 100644 --- a/vuln-reach/src/javascript/lang/exports.rs +++ b/vuln-reach/src/javascript/lang/exports.rs @@ -10,15 +10,19 @@ use crate::{Error, Tree, JS}; // // All the compatible export statements in CommonJS are the following: // 1. module.exports = an object, an identifier, or a function +// // When this is found, override all previous exports. +// // 2. module.exports.foo = anything +// // When this is found, override exports of the same name only. +// // 3. exports.foo = anything -// This is compatible with 2., but if there is even one instance -// of 1., this definition does nothing. This is because the -// module-global `exports` is a shorthand for `module.exports`, -// but if something is assigned to `module.exports`, this simply -// gets cloaked and the reference gets lost. +// +// This is compatible with 2., but if there is even one instance of 1., this +// definition does nothing. This is because the module-global `exports` is a +// shorthand for `module.exports`, but if something is assigned to +// `module.exports`, this simply gets cloaked and the reference gets lost. // // For the time, we only care about top-level exported objects, // i.e.: