From 9d5a5e6df24762ae8a0eb4456ff536c904d0db89 Mon Sep 17 00:00:00 2001 From: sfc-gh-ext-simba-lf Date: Mon, 3 Apr 2023 14:00:52 -0700 Subject: [PATCH 1/6] Replace eval() with JSON.parse() for parsing JSON strings --- lib/connection/result/column.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/connection/result/column.js b/lib/connection/result/column.js index 58da09fe9..23ad6fa0c 100644 --- a/lib/connection/result/column.js +++ b/lib/connection/result/column.js @@ -550,7 +550,7 @@ function convertRawVariant(rawColumnValue, column, context) { try { - ret = eval("(" + rawColumnValue + ")"); + ret = JSON.parse(rawColumnValue); } catch (parseError) { From 53cffb29c4c4e14fd33ce4d32b54db841b40ce25 Mon Sep 17 00:00:00 2001 From: sfc-gh-ext-simba-lf Date: Mon, 3 Apr 2023 14:56:13 -0700 Subject: [PATCH 2/6] Replace eval with safe-eval for parsing JSON strings --- lib/connection/result/column.js | 3 ++- package.json | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/connection/result/column.js b/lib/connection/result/column.js index 14de6b95d..5d2c04338 100644 --- a/lib/connection/result/column.js +++ b/lib/connection/result/column.js @@ -9,6 +9,7 @@ var SfTimestamp = require('./sf_timestamp'); var SqlTypes = require('./data_types').SqlTypes; var bigInt = require('big-integer'); var { XMLParser, XMLValidator } = require("fast-xml-parser"); +var safeEval = require("safe-eval"); var NULL_UPPERCASE = 'NULL'; @@ -551,7 +552,7 @@ function convertRawVariant(rawColumnValue, column, context) { try { - ret = JSON.parse(rawColumnValue); + ret = safeEval("(" + rawColumnValue + ")"); } catch (parseError) { diff --git a/package.json b/package.json index 2c2f7baee..6e77f2f3a 100644 --- a/package.json +++ b/package.json @@ -30,6 +30,7 @@ "moment-timezone": "^0.5.15", "open": "^7.3.1", "python-struct": "^1.1.3", + "safe-eval": "^0.4.1", "simple-lru-cache": "^0.0.2", "string-similarity": "^4.0.4", "test-console": "^2.0.0", From e000804076ee47f2720ac38f719fd63384412961 Mon Sep 17 00:00:00 2001 From: sfc-gh-ext-simba-lf Date: Mon, 3 Apr 2023 15:13:33 -0700 Subject: [PATCH 3/6] Replace eval with better-eval for parsing JSON strings --- lib/connection/result/column.js | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/connection/result/column.js b/lib/connection/result/column.js index 5d2c04338..91dd67342 100644 --- a/lib/connection/result/column.js +++ b/lib/connection/result/column.js @@ -9,7 +9,7 @@ var SfTimestamp = require('./sf_timestamp'); var SqlTypes = require('./data_types').SqlTypes; var bigInt = require('big-integer'); var { XMLParser, XMLValidator } = require("fast-xml-parser"); -var safeEval = require("safe-eval"); +var betterEval = require("better-eval"); var NULL_UPPERCASE = 'NULL'; @@ -552,7 +552,7 @@ function convertRawVariant(rawColumnValue, column, context) { try { - ret = safeEval("(" + rawColumnValue + ")"); + ret = betterEval("(" + rawColumnValue + ")"); } catch (parseError) { diff --git a/package.json b/package.json index 6e77f2f3a..6236f6d46 100644 --- a/package.json +++ b/package.json @@ -11,6 +11,7 @@ "async": "^3.2.3", "aws-sdk": "^2.878.0", "axios": "^0.27.2", + "better-eval": "^1.3.0", "big-integer": "^1.6.43", "bignumber.js": "^2.4.0", "binascii": "0.0.2", @@ -30,7 +31,6 @@ "moment-timezone": "^0.5.15", "open": "^7.3.1", "python-struct": "^1.1.3", - "safe-eval": "^0.4.1", "simple-lru-cache": "^0.0.2", "string-similarity": "^4.0.4", "test-console": "^2.0.0", From f662d19a285be45496a0280cbaee07935a286867 Mon Sep 17 00:00:00 2001 From: sfc-gh-ext-simba-lf Date: Wed, 12 Apr 2023 17:21:25 -0700 Subject: [PATCH 4/6] Use assert without strict for comparing objects created by better-eval --- test/integration/testDataType.js | 10 ++++++++-- test/integration/testUtil.js | 12 ++++++++++-- test/unit/connection/result/result_test_variant.js | 4 ++-- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/test/integration/testDataType.js b/test/integration/testDataType.js index 18e358a99..e3dface39 100644 --- a/test/integration/testDataType.js +++ b/test/integration/testDataType.js @@ -234,7 +234,10 @@ describe('Test DataType', function () connection, selectVariant, [{'COLA': {a: 1, b: [1, 2, 3, -Infinity, undefined], c: {a: 1}}}], - callback + callback, + null, + true, + false ); }], done @@ -259,7 +262,10 @@ describe('Test DataType', function () connection, selectArray, [{'COLA': ['a', 1]}], - callback + callback, + null, + true, + false ); }], done diff --git a/test/integration/testUtil.js b/test/integration/testUtil.js index 56b6482a5..4c661eaa7 100644 --- a/test/integration/testUtil.js +++ b/test/integration/testUtil.js @@ -51,10 +51,11 @@ module.exports.checkError = function (err) assert.ok(!err, JSON.stringify(err)); }; -module.exports.executeQueryAndVerify = function (connection, sql, expected, callback, bindArray, normalize) +module.exports.executeQueryAndVerify = function (connection, sql, expected, callback, bindArray, normalize, strict) { // Sometimes we may not want to normalize the row first normalize = (typeof normalize !== "undefined" && normalize != null) ? normalize : true; + strict = (typeof strict !== "undefined" && strict != null) ? strict : true; var executeOptions = {}; executeOptions.sqlText = sql; executeOptions.complete = function (err, stmt) @@ -67,7 +68,14 @@ module.exports.executeQueryAndVerify = function (connection, sql, expected, call var row; while ((row = stream.read()) !== null) { - assert.deepStrictEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]); + if (strict) + { + assert.deepStrictEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]); + } + else + { + assert.deepEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]); + } rowCount++; } }); diff --git a/test/unit/connection/result/result_test_variant.js b/test/unit/connection/result/result_test_variant.js index 212750818..fded717d2 100644 --- a/test/unit/connection/result/result_test_variant.js +++ b/test/unit/connection/result/result_test_variant.js @@ -59,8 +59,8 @@ describe('Result: test variant', function () function (row) { // variant - assert.deepStrictEqual(row.getColumnValue('C1'), {a: 1}); - assert.strictEqual( + assert.deepEqual(row.getColumnValue('C1'), {a: 1}); + assert.Equal( row.getColumnValueAsString('C1'), JSON.stringify({a: 1})); // object From b279813b7270751637d21564948b88ff0969d8d0 Mon Sep 17 00:00:00 2001 From: sfc-gh-ext-simba-lf Date: Wed, 12 Apr 2023 17:41:29 -0700 Subject: [PATCH 5/6] Use assert without strict for comparing objects created by better-eval --- test/unit/connection/result/result_test_variant.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/unit/connection/result/result_test_variant.js b/test/unit/connection/result/result_test_variant.js index fded717d2..3d38f51d6 100644 --- a/test/unit/connection/result/result_test_variant.js +++ b/test/unit/connection/result/result_test_variant.js @@ -60,7 +60,7 @@ describe('Result: test variant', function () { // variant assert.deepEqual(row.getColumnValue('C1'), {a: 1}); - assert.Equal( + assert.equal( row.getColumnValueAsString('C1'), JSON.stringify({a: 1})); // object From 8a21d6047d8e5b3c17db5825c013281126ef2450 Mon Sep 17 00:00:00 2001 From: sfc-gh-ext-simba-lf Date: Wed, 12 Apr 2023 18:03:00 -0700 Subject: [PATCH 6/6] Use assert without strict for comparing objects created by better-eval --- test/unit/connection/result/result_test_variant.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/unit/connection/result/result_test_variant.js b/test/unit/connection/result/result_test_variant.js index 3d38f51d6..64ea37c18 100644 --- a/test/unit/connection/result/result_test_variant.js +++ b/test/unit/connection/result/result_test_variant.js @@ -64,13 +64,13 @@ describe('Result: test variant', function () row.getColumnValueAsString('C1'), JSON.stringify({a: 1})); // object - assert.deepStrictEqual(row.getColumnValue('C2'), {a: 1}); - assert.strictEqual( + assert.deepEqual(row.getColumnValue('C2'), {a: 1}); + assert.equal( row.getColumnValueAsString('C2'), JSON.stringify({a: 1})); // array - assert.deepStrictEqual(row.getColumnValue('C3'), [1, 2]); - assert.strictEqual( + assert.deepEqual(row.getColumnValue('C3'), [1, 2]); + assert.equal( row.getColumnValueAsString('C3'), JSON.stringify([1, 2])); }, function (result)