npm - @fatehan/tsrp - Versions diffs - 1.3.42 → 1.3.44 - Mend

@fatehan/tsrp 1.3.42 → 1.3.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/system.io.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"system.io.d.ts","sourceRoot":"","sources":["../src/system.io.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EACP,QAAQ,EAET,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,6BAA6B,CAAC;AAEnD,QAAA,MAAM,YAAY,GAChB,UAAU,QAAQ,EAAE,EACpB,UAAU,QAAQ,EAAE,EACpB,MAAM,IAAI,KACT,OAAO,~~EAwGT~~,CAAC;~~AA6BF~~,eAAe,YAAY,CAAC"}
1	+ {"version":3,"file":"system.io.d.ts","sourceRoot":"","sources":["../src/system.io.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EACP,QAAQ,EAET,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,6BAA6B,CAAC;AAEnD,QAAA,MAAM,YAAY,GAChB,UAAU,QAAQ,EAAE,EACpB,UAAU,QAAQ,EAAE,EACpB,MAAM,IAAI,KACT,OAAO,EA2FT,CAAC;AA2IF,eAAe,YAAY,CAAC"}

package/dist/system.io.js CHANGED Viewed

@@ -12,19 +12,8 @@ const SystemIoCast = (systemIo, deviceIo, data) => {
     const tempSystemIo = [...systemIo, ...deviceIo].sort((a, b) => a.sord - b.sord);
     tempSystemIo.forEach((io) => {
         var _a;
-        let items = extractVariables(io.formula);
-        let formula = io.formula;
-        let hasIos = true;
-        for (let i = 0; i < items.length; i++) {
-            const value = getNestedPropertyValue(data, items[i]);
-            if (value == null) {
-                hasIos = false;
-                break;
-            }
-            formula = formula.replace(new RegExp("\\$" + items[i], "g"), value);
-        }
-        if (hasIos) {
-            const value = eval(formula);
+        const value = evalExpressionSafe(io.formula, data);
+        if (value !== null) {
             let style = io.activeStyle;
             if (io.type === devices_1.SystemIo_SystemIoType.BOOLEAN) {
                 style =
@@ -33,13 +22,13 @@ const SystemIoCast = (systemIo, deviceIo, data) => {
                         : io.activeStyle;
             }
             let newValue = value;
-            if (io.unknown != null && io.unknown != undefined) {
+            if (io.unknown != null) {
                 for (const key in io.unknown) {
                     let UnkValue = io.unknown[key];
                     if (key.toString().toLowerCase().includes("x")) {
-                        const formula = key.toLowerCase().replace(/x/g, newValue);
-                        const tempVal = eval(formula);
-                        if (tempVal) {
+                        const formula = key.toLowerCase();
+                        const tempVal = safeEvalFormula(formula, Number(newValue));
+                        if (tempVal !== null && tempVal) {
                             newValue = UnkValue;
                             io.unit = "";
                         }
@@ -54,14 +43,16 @@ const SystemIoCast = (systemIo, deviceIo, data) => {
             }
             let hidden = false;
             io.hidden.forEach((item) => {
-                if (item.toLowerCase().includes("x")) {
-                    const formula = item.toLowerCase().replace(/x/g, newValue);
-                    if (eval(formula)) {
+                const lower = item.toLowerCase();
+                if (lower.includes("x")) {
+                    const formula = lower;
+                    const ok = safeEvalCondition(formula, Number(newValue));
+                    if (ok === true) {
                         hidden = true;
                     }
                 }
                 else {
-                    if (newValue.toString().includes(item)) {
+                    if (String(newValue).includes(item)) {
                         hidden = true;
                     }
                 }
@@ -71,7 +62,7 @@ const SystemIoCast = (systemIo, deviceIo, data) => {
                     newValue = Number(newValue).toFixed(io.DecimalCount);
                 }
                 else if (io.DecimalCount === 0) {
-                    newValue = Math.round(newValue).toString();
+                    newValue = Math.round(Number(newValue)).toString();
                 }
                 if (io.SeparatorsCount && io.SeparatorsCount > 0) {
                     newValue = Separator(String(newValue), (_a = io.SeparatorsCount) !== null && _a !== void 0 ? _a : 0);
@@ -99,24 +90,129 @@ function Separator(value, seprator) {
     const formattedInt = intPart.replace(regex, ",");
     return decimalPart ? `${formattedInt}.${decimalPart}` : formattedInt;
 }
-function extractVariables(str) {
-    const matches = str.match(/\$(\w+(?:\.\w+)*)/g);
-    if (!matches)
-        return [];
-    return matches.map((match) => match.substring(1));
+function safeEvalFormula(formula, xValue) {
+    try {
+        const replaced = formula.replace(/x/g, String(xValue));
+        if (!/^[0-9+\-*/ ().]+$/.test(replaced))
+            return null;
+        const fn = new Function(`return (${replaced});`);
+        const result = fn();
+        return typeof result === "number" && !isNaN(result) ? result : null;
+    }
+    catch {
+        return null;
+    }
+}
+function safeEvalCondition(formula, xValue) {
+    try {
+        const replaced = formula.replace(/x/g, String(xValue));
+        if (!/^[0-9+\-*/ %().<>=!&|]+$/.test(replaced)) {
+            return null;
+        }
+        const forbiddenPatterns = [/;;/, /process\b/, /constructor\b/, /require\b/, /global\b/];
+        if (forbiddenPatterns.some((rx) => rx.test(replaced)))
+            return null;
+        const fn = new Function(`return (${replaced});`);
+        const result = fn();
+        if (typeof result === "boolean")
+            return result;
+        if (typeof result === "number")
+            return Boolean(result);
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+function isPlainObject(v) {
+    return v !== null && typeof v === "object" && !Array.isArray(v) && !(v instanceof Uint8Array);
+}
+function getValueByPathCaseInsensitive(obj, path) {
+    if (!path)
+        return undefined;
+    const parts = path.replace(/\[(\d+)\]/g, '.$1').split('.').filter(Boolean);
+    let cur = obj;
+    for (const rawPart of parts) {
+        if (cur == null)
+            return undefined;
+        if (/^\d+$/.test(rawPart)) {
+            const idx = Number(rawPart);
+            if (Array.isArray(cur) || cur instanceof Uint8Array) {
+                cur = cur[idx];
+                continue;
+            }
+            else {
+                return undefined;
+            }
+        }
+        if (isPlainObject(cur)) {
+            const lower = rawPart.toLowerCase();
+            const foundKey = Object.keys(cur).find(k => k.toLowerCase() === lower);
+            if (foundKey !== undefined) {
+                cur = cur[foundKey];
+                continue;
+            }
+            else {
+                return undefined;
+            }
+        }
+        return undefined;
+    }
+    return cur;
 }
-function getNestedPropertyValue(obj, propertyPath) {
-    const properties = propertyPath.split(".");
-    let currentObj = obj;
-    for (const property of properties) {
-        if (!Object.prototype.hasOwnProperty.call(currentObj, property)) {
+function evalExpressionSafe(template, context) {
+    try {
+        if (typeof template !== 'string')
+            return null;
+        const replaced = template.replace(/\$([A-Za-z0-9_.\[\]]+)/gi, (_m, expr) => {
+            const value = getValueByPathCaseInsensitive(context, expr);
+            if (value === undefined || value === null)
+                return "null";
+            if (typeof value === "number")
+                return String(value);
+            if (typeof value === "boolean")
+                return value ? "true" : "false";
+            if (typeof value === "string")
+                return JSON.stringify(value);
+            if (value instanceof Uint8Array)
+                return `[${Array.from(value).join(',')}]`;
+            if (Array.isArray(value)) {
+                return `[${value.map(v => (typeof v === 'string' ? JSON.stringify(v) : String(v))).join(',')}]`;
+            }
+            return "null";
+        });
+        if (replaced.includes("null")) {
             return null;
         }
-        currentObj = currentObj[property];
-        if (currentObj === null || currentObj === undefined) {
+        const cleaned = replaced
+            .replace(/;/g, ' ')
+            .replace(/`/g, ' ')
+            .replace(/\\/g, ' ')
+            .trim();
+        const allowedPattern = /^[0-9+\-*/ %().,<>=!&|"\[\]truefalsenull,':\s]*$/i;
+        if (!allowedPattern.test(cleaned))
+            return null;
+        const forbidden = [/constructor\b/i, /process\b/i, /require\b/i, /global\b/i, /__proto__\b/i];
+        if (forbidden.some(rx => rx.test(cleaned)))
             return null;
+        if (cleaned.length === 0)
+            return null;
+        let result;
+        try {
+            const fn = new Function(`return (${cleaned});`);
+            result = fn();
         }
+        catch {
+            return null;
+        }
+        if (result === undefined || result === null)
+            return null;
+        if (typeof result === "number" || typeof result === "boolean" || typeof result === "string")
+            return result;
+        return null;
+    }
+    catch {
+        return null;
     }
-    return String(currentObj);
 }
 exports.default = SystemIoCast;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fatehan/tsrp",
-  "version": "1.3.42",
+  "version": "1.3.44",
   "description": "fatehan main models",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",