RemoteConfig can be loaded in windows CMD.exe (#913)

Favors using process.cwd over process.env.PWD as the latter is POSIX only (I might need to go check some of my code in firebase-tools!). While I was at it, I fixed a probably useless but nasty vulnerability where a malformed .runtimeconfig.json file would allow arbitrary code execution.

Author: inlined

CHANGELOG.md

@@ -1,3 +1,4 @@
 - Adds support for setting user labels on functions via `runWith()`.
 - Adds support for FIREBASE_CONFIG env as the name of a JSON file
 - Formalize module exports. Loggers can now be accessed at 'firebase-functions/logger' and 'firebase-functions/logger/compat'
+- Fixes an issue where Remote Config coiuld not be emulated in Windows machines on the classic Command Prompt.

spec/v1/config.spec.ts

@@ -22,47 +22,55 @@
 
 import { expect } from 'chai';
 import * as fs from 'fs';
-import * as mockRequire from 'mock-require';
+import * as process from 'process';
 import Sinon = require('sinon');
 
 import * as config from '../../src/v1/config';
 
 describe('config()', () => {
   let readFileSync: Sinon.SinonStub;
+  let cwdStub: Sinon.SinonStub;
 
   before(() => {
     readFileSync = Sinon.stub(fs, 'readFileSync');
     readFileSync.throws('Unexpected call');
-    process.env.PWD = '/srv';
+    cwdStub = Sinon.stub(process, 'cwd');
+    cwdStub.returns('/srv');
   });
 
   after(() => {
-    delete process.env.PWD;
     Sinon.verifyAndRestore();
   });
 
   afterEach(() => {
-    mockRequire.stopAll();
     delete config.config.singleton;
     (config as any).firebaseConfigCache = null;
     delete process.env.FIREBASE_CONFIG;
     delete process.env.CLOUD_RUNTIME_CONFIG;
   });
 
   it('loads config values from .runtimeconfig.json', () => {
-    mockRequire('/srv/.runtimeconfig.json', { foo: 'bar', firebase: {} });
+    const json = JSON.stringify({
+      foo: 'bar',
+      firebase: {},
+    });
+    readFileSync
+      .withArgs('/srv/.runtimeconfig.json')
+      .returns(Buffer.from(json));
     const loaded = config.config();
     expect(loaded).to.not.have.property('firebase');
     expect(loaded).to.have.property('foo', 'bar');
   });
 
   it('does not provide firebase config if .runtimeconfig.json not invalid', () => {
-    mockRequire('/srv/.runtimeconfig.json', 'does-not-exist');
+    readFileSync.withArgs('/srv/.runtimeconfig.json').returns('invalid JSON');
     expect(config.firebaseConfig()).to.be.null;
   });
 
   it('does not provide firebase config if .ruuntimeconfig.json has no firebase property', () => {
-    mockRequire('/srv/.runtimeconfig.json', {});
+    readFileSync
+      .withArgs('/srv/.runtimeconfig.json')
+      .returns(Buffer.from('{}'));
     expect(config.firebaseConfig()).to.be.null;
   });
 
@@ -78,7 +86,7 @@ describe('config()', () => {
 
   it('loads Firebase configs from FIREBASE_CONFIG env variable pointing to a file', () => {
     const oldEnv = process.env;
-    process.env = {
+    (process as any).env = {
       ...oldEnv,
       FIREBASE_CONFIG: '.firebaseconfig.json',
     };
@@ -91,13 +99,14 @@ describe('config()', () => {
         'foo@firebaseio.com'
       );
     } finally {
-      process.env = oldEnv;
+      (process as any).env = oldEnv;
     }
   });
 
   it('accepts alternative locations for config file', () => {
     process.env.CLOUD_RUNTIME_CONFIG = 'another.json';
-    mockRequire('another.json', { foo: 'bar', firebase: {} });
+    const json = JSON.stringify({ foo: 'bar', firebase: {} });
+    readFileSync.withArgs('another.json').returns(Buffer.from(json));
     expect(config.firebaseConfig()).to.not.be.null;
     expect(config.config()).to.have.property('foo', 'bar');
   });

src/v1/config.ts

@@ -89,8 +89,9 @@ export function firebaseConfig(): firebase.AppOptions | null {
   try {
     const configPath =
       process.env.CLOUD_RUNTIME_CONFIG ||
-      path.join(process.env.PWD, '.runtimeconfig.json');
-    const config = require(configPath);
+      path.join(process.cwd(), '.runtimeconfig.json');
+    const contents = fs.readFileSync(configPath);
+    const config = JSON.parse(contents.toString('utf8'));
     if (config.firebase) {
       firebaseConfigCache = config.firebase;
       return firebaseConfigCache;
@@ -115,8 +116,9 @@ function init() {
   try {
     const configPath =
       process.env.CLOUD_RUNTIME_CONFIG ||
-      path.join(process.env.PWD, '.runtimeconfig.json');
-    const parsed = require(configPath);
+      path.join(process.cwd(), '.runtimeconfig.json');
+    const contents = fs.readFileSync(configPath);
+    const parsed = JSON.parse(contents.toString('utf8'));
     delete parsed.firebase;
     config.singleton = parsed;
     return;