@sap/cds-compiler 6.4.6 → 6.5.0

package/lib/api/options.js

@@ -1,5 +1,9 @@
 'use strict';
 
+// The options are specified in ../optionProcessor.js (and some other files).
+// Some backends feel the need to "translate" option, which require to list
+// all options also here (as “public" or "private" option).
+
 const { validate, generateStringValidator } = require('./validate');
 const { makeMessageFunction } = require('../base/messages');
 
@@ -20,6 +24,7 @@ const publicOptionsNewAPI = [
   'defaultBinaryLength',
   'defaultStringLength',
   'csnFlavor',
+  'noDollarCalc',
   // DB
   'sqlDialect',
   'sqlMapping',

package/lib/api/validate.js

@@ -1,5 +1,8 @@
 'use strict';
 
+// The options are specified in ../optionProcessor.js (and some other files).
+// Options with non-boolean values must also be listed in this file.
+
 const { forEach } = require('../utils/objectUtils');
 
 /* eslint-disable arrow-body-style */

package/lib/base/message-registry.js

@@ -92,9 +92,16 @@ const centralMessages = {
   'ext-undefined-action':  { severity: 'Warning' },
   'ext-undefined-art':     { severity: 'Warning' }, // for annotate statement (for CDL path root)
   'ext-undefined-def':     { severity: 'Warning' }, // for annotate statement (for CSN or CDL path cont)
+  'ext-undefined-art-sec': { severity: 'Error', configurableFor: true }, // for security-relevant…
+  'ext-undefined-def-sec': { severity: 'Error', configurableFor: true }, // … annotate statement
   'ext-undefined-element': { severity: 'Warning' },
   'ext-undefined-key':     { severity: 'Warning' },
   'ext-undefined-param':   { severity: 'Warning' },
+  'ext-undefined-element-sec': { severity: 'Error', configurableFor: true }, // for security-relevant…
+  'ext-undefined-action-sec': { severity: 'Error', configurableFor: true }, // for security-relevant…
+  'ext-undefined-param-sec': { severity: 'Error', configurableFor: true }, // … annotate statement
+  'ext-unexpected-returns': { severity: 'Warning' },
+  'ext-unexpected-returns-sec': { severity: 'Error', configurableFor: true }, // … annotate statement
   'anno-unexpected-ellipsis': { severity: 'Error', configurableFor: 'deprecated' },
   'anno-unexpected-localized-skip': { severity: 'Error', configurableFor: true },
 
@@ -948,6 +955,8 @@ const centralMessageTexts = {
   'anno-builtin': 'Builtin types should not be annotated nor extended. Use custom type instead',
   'ext-undefined-def': 'Artifact $(ART) has not been found',
   'ext-undefined-art': 'No artifact has been found with name $(ART)',
+  'ext-undefined-def-sec': 'Artifact $(ART) has not been found',
+  'ext-undefined-art-sec': 'No artifact has been found with name $(ART)',
   'ext-undefined-element': {
     std: 'Element $(NAME) has not been found',
     element: 'Artifact $(ART) has no element $(NAME)',
@@ -955,15 +964,24 @@ const centralMessageTexts = {
     returns: 'Return value of $(ART) has no element $(NAME)',
     'enum-returns': 'Return value of $(ART) has no enum $(NAME)',
   },
+  'ext-undefined-element-sec': 'Element $(NAME) has not been found',
   'ext-undefined-key': 'Foreign key $(NAME) has not been found',
   'ext-undefined-action': {
     std: 'Action $(ART) has not been found',
     action: 'Artifact $(ART) has no action $(NAME)',
   },
+  'ext-undefined-action-sec': {
+    std: 'Action $(ART) has not been found',
+    action: 'Artifact $(ART) has no action $(NAME)',
+  },
   'ext-undefined-param': {
     std: 'Parameter $(ART) has not been found',
     param: 'Artifact $(ART) has no parameter $(NAME)',
   },
+  'ext-undefined-param-sec': {
+    std: 'Parameter $(ART) has not been found',
+    param: 'Artifact $(ART) has no parameter $(NAME)',
+  },
 
   // annotation checks against their definition
   'anno-expecting-value': {
@@ -1157,6 +1175,11 @@ const centralMessageTexts = {
     redirected: 'Target $(TARGET) of $(NAME) is missing element $(ID); add an ON-condition to $(KEYWORD)',
   },
   'query-unexpected-assoc-hdbcds': 'Publishing a managed association in a view is not possible for “hdbcds” naming mode',    // eslint-disable-line cds-compiler/message-no-quotes
+  'query-unexpected-exists': {
+    std: 'Unexpected $(PROP) predicate',
+    groupBy: 'Unexpected $(PROP) predicate in GROUP BY clause',
+    orderBy: 'Unexpected $(PROP) predicate in ORDER BY clause',
+  },
   'query-unexpected-structure-hdbcds': 'Publishing a structured element in a view is not possible for “hdbcds” naming mode', // eslint-disable-line cds-compiler/message-no-quotes
   'query-ignoring-param-nullability': {
     std: 'Ignoring nullability constraint on parameter when generating SAP HANA CDS view',

package/lib/base/messages.js

@@ -1724,7 +1724,7 @@ function constructSemanticLocationFromCsnPath( model, options, csnPath ) {
     else if (step === 'targetAspect') {
       // skip
     }
-    else if (step === 'xpr' || step === 'list' || step === 'default' || step === 'ref' || step === 'as' || step === 'value') {
+    else if (step === 'xpr' || step === 'list' || step === 'default' || step === 'ref' || step === 'as' || step === 'value' || step === '$calc') {
       break; // don't go into xprs, refs, aliases, values, etc.
     }
     else if (step === 'returns') {

package/lib/base/model.js

@@ -7,6 +7,9 @@
 
 const { forEach } = require('../utils/objectUtils');
 
+// Normal options are in ../optionProcessor.js (and some other files),
+// unfortunately partly non-grep-able (option `fooBar` is defined via `--foo-bar`)
+
 /**
  * Object of all available beta flags that will be enabled/disabled by `--beta-mode`
  * through cdsc.  Only intended for INTERNAL USE.
@@ -29,8 +32,6 @@ const availableBetaFlags = {
   rewriteAnnotationExpressionsViaType: true,
   sqlServiceDummies: true,
   projectionViews: true,
-  draftAdminDataHiddenFilter: true,
-  $calcForDraft: true,
   // disabled by --beta-mode
   nestedServices: false,
 };

package/lib/checks/actionsFunctions.js

@@ -25,8 +25,9 @@ function checkActionOrFunction( art, artName, prop, path ) {
     for (const [ actName, act ] of Object.entries(art.actions)) {
       if (act.params) {
         checkExplicitBindingParameter.call(this, act.params, path.concat([ 'actions', actName, 'params' ]));
-        for (const [ paramName, param ] of Object.entries(act.params))
-          checkActionOrFunctionParameter.call(this, param, path.concat([ 'actions', actName, 'params', paramName ]), act.kind);
+        const params = Object.entries(act.params);
+        for (const [ paramName, param ] of params)
+          checkActionOrFunctionParameter.call(this, param, path.concat([ 'actions', actName, 'params', paramName ]), act.kind, params);
       }
       if (act.returns)
         checkReturns.bind(this)(act.returns, path.concat([ 'actions', actName, 'returns' ]), act.kind);
@@ -63,7 +64,9 @@ function checkActionOrFunction( art, artName, prop, path ) {
    * @param {CSN.Path} currPath path to the parameter
    * @param {string} actKind 'action' or 'function'
    */
-  function checkActionOrFunctionParameter( param, currPath, actKind ) {
+  function checkActionOrFunctionParameter( param, currPath, actKind, params ) {
+    if ((param.items || param)?.type === '$self' && param === params?.[0][1])
+      return;                   // binding parameter
     const paramType = param.type ? this.csnUtils.getFinalTypeInfo(param.type) : param;
     if (!paramType)
       return; // no type could be resolved

package/lib/checks/existsInForbiddenPlaces.js

@@ -0,0 +1,32 @@
+'use strict';
+
+const { applyTransformationsOnNonDictionary } = require('../model/csnUtils');
+
+/**
+ * Checks a query for forbidden usage of the `exists` predicate within `groupBy` and `orderBy`.
+ *
+ * @param {object} query
+ * @param {string} prop - either groupBy or orderBy.
+ * @param {object[]} _tokenStream the value of query[prop]
+ * @param {object|Array} pathToClause - Path to respective groupBy/orderBy clause in the CSN.
+ * @this {object} The calling context must provide an `error` function.
+ */
+function existsInForbiddenPlaces( query, prop, _tokenStream, pathToClause ) {
+  applyTransformationsOnNonDictionary(query, prop, {
+    ref: (_parent, _prop, _ref, pathToError, tokenStream, index) => {
+      if (tokenStream[index - 1] === 'exists') {
+        // the path should point to the exists
+        const pathToExists = pathToError.with(-1, index - 1);
+        this.error('query-unexpected-exists', pathToExists, {
+          '#': prop,
+          prop: 'exists',
+        });
+      }
+    },
+  }, null, pathToClause);
+}
+
+module.exports = {
+  groupBy: existsInForbiddenPlaces,
+  orderBy: existsInForbiddenPlaces,
+};

package/lib/checks/validator.js

@@ -44,6 +44,7 @@ const checkQueryForNoDBArtifacts = require('./queryNoDbArtifacts');
 const checkExplicitlyNullableKeys = require('./nullableKeys');
 const existsMustEndInAssoc = require('./existsMustEndInAssoc');
 const existsMustNotStartWithDollarSelf = require('./existsMustNotStartWithDollarSelf');
+const existsInForbiddenPlaces = require('./existsInForbiddenPlaces');
 const assertFilterOfExists = require('./existsExpressionsOnlyForeignKeys');
 const checkPathsInStoredCalcElement = require('./checkPathsInStoredCalcElement');
 const managedWithoutKeys = require('./managedWithoutKeys');
@@ -85,6 +86,7 @@ const forRelationalDBArtifactValidators = [
 
 const forRelationalDBCsnValidators = [
   checkCdsMap,
+  existsInForbiddenPlaces,
   existsMustEndInAssoc,
   existsMustNotStartWithDollarSelf,
   assertFilterOfExists,

package/lib/compiler/assert-consistency.js

@@ -316,7 +316,7 @@ function assertConsistency( model, stage ) {
         requires: [ 'location', 'path' ],
         optional: [
           'kind', 'name', '$syntax', '_block', '_parent', '_main',
-          'elements', '_origin', '_joinParent', '$joinArgsIndex', '$syntax',
+          'elements', '_origin', '_joinParent', '$joinArgsIndex',
           '$parens', '_status', // TODO: only in from
           'scope', '_artifact', '_originalArtifact', '$inferred', 'kind',
           '_effectiveType', '$effectiveSeqNo',         // TODO:check this
@@ -449,7 +449,7 @@ function assertConsistency( model, stage ) {
         requires: [ 'location', 'path' ],
         optional: [
           'scope', 'variant', '_artifact', '_originalArtifact',
-          '$inferred', '$parens', 'sort', 'nulls',
+          '$inferred', '$parens', 'sort', 'nulls', '$syntax',
         ],
       },
       none: { optional: () => true }, // parse error
@@ -507,7 +507,7 @@ function assertConsistency( model, stage ) {
     args: {
       inherits: 'value',
       optional: [
-        'name', '$duplicate', '$expected', 'args', 'suffix', '$parens',
+        'name', '$duplicate', 'args', 'suffix', '$parens',
         'param', 'scope', // for dynamic parameter '?'
       ],
       test: args,
@@ -724,7 +724,6 @@ function assertConsistency( model, stage ) {
         'localized-entity', // `.texts` entity
         'localized-origin', // `.texts` entity
         'nav', // only used for MASKED, TODO(v6): Remove
-        'none', // only used in ensureColumnName(): Used in object representing empty alias
         'query', // inferred query properties, e.g. `key`
         'rewrite', // on-conditions or FKeys are rewritten
         'parent-origin', // annotation/property copied from parent that does not come through
@@ -747,7 +746,6 @@ function assertConsistency( model, stage ) {
     $withLocalized: { test: isBoolean },
     $sources: { parser: true, test: isArray( isString ) },
     tokenStream: { parser: true, test: TODO },
-    $expected: { parser: true, test: isOneOf( [ 'approved-exists', 'exists' ] ) },
     $messageFunctions: { test: TODO },
     $functions: { test: TODO },
     $assert: { test: TODO },    // currently just for missing Error[ref-cycle]

package/lib/compiler/checks.js

@@ -941,14 +941,8 @@ function check( model ) {
    */
   function checkExpressionIsNotAssocOrSelf( arg, user, rejectAssocTail ) {
     // Arg must not be an association and not $self
-    // Only if path is not approved exists path (that is non-query position)
-    if (arg.path && arg.$expected !== undefined) { // not 'approved-exists'
-      if (arg.$expected === 'exists') {
-        const variant = isComposition( model, arg._artifact ) ? 'expr-comp' : 'expr';
-        error( 'ref-unexpected-assoc', [ arg.location, user ], { '#': variant } );
-      }
-    }
-    else if (rejectAssocTail && isAssociationOperand( arg )) {
+    // Only if path is not after an `exists`
+    if (arg.$syntax !== 'after-exists' && rejectAssocTail && isAssociationOperand( arg )) {
       if (rejectAssocTail.rejectManaged && rejectAssocTail.rejectUnmanaged ||
           rejectAssocTail.rejectManaged && arg._artifact.keys ||
           rejectAssocTail.rejectUnmanaged && arg._artifact.on) {
@@ -956,6 +950,8 @@ function check( model ) {
         const context = rejectAssocTail.context === 'query' && 'query-' ||
           rejectAssocTail.context === 'anno' && 'anno-' ||
           '';
+        // Hm, in other message context about associations or compositions, we do
+        // not have separate text variants for association or composition…
         const variant = isComposition( model, arg._artifact ) ? 'expr-comp' : 'expr';
         error( 'ref-unexpected-assoc', [ arg.location, user ], { '#': `${ context }${ variant }` } );
       }