@sap/cds 1.15.0 → 1.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/CHANGELOG.md +19 -0
  2. package/{developer-license-3.1.txt → LICENSE} +37 -35
  3. package/_hdbext/README.md +373 -0
  4. package/_hdbext/index.js +4 -0
  5. package/_hdbext/lib/client-factory.js +62 -0
  6. package/_hdbext/lib/client-session.js +96 -0
  7. package/_hdbext/lib/conn-options.js +84 -0
  8. package/_hdbext/lib/constants.js +79 -0
  9. package/_hdbext/lib/internal-constants.js +7 -0
  10. package/_hdbext/lib/middleware.js +46 -0
  11. package/_hdbext/lib/pool.js +236 -0
  12. package/_hdbext/lib/safe-sql.js +17 -0
  13. package/_hdbext/lib/sql-injection-utils.js +149 -0
  14. package/cds-queries-geo.js +347 -371
  15. package/cds-queries.js +2692 -2229
  16. package/cds.js +111 -104
  17. package/exprs.js +118 -107
  18. package/manager.js +696 -614
  19. package/metadata.js +604 -542
  20. package/npm-shrinkwrap.json +175 -0
  21. package/package.json +40 -1
  22. package/transaction.js +45 -51
  23. package/util/Queue.js +32 -30
  24. package/utils.js +182 -159
  25. package/xsjs-cds.js +231 -221
  26. package/.project +0 -11
  27. package/TUTORIAL.md +0 -1236
  28. package/dependencies +0 -56
  29. package/sapcds.manifest +0 -1747
package/_hdbext/lib/sql-injection-utils.js ADDED
@@ -0,0 +1,149 @@
1
+ 'use strict';
2
+
3
+ var whitespaceTable = {'\t': true, // HORIZONTAL TABULATION
4
+ '\n': true, // NEW LINE
5
+ '\v': true, // VERTICAL TABULATION
6
+ '\f': true, // FORM FEED
7
+ '\r': true, // CARRIAGE RETURN
8
+ ' ': true, // SPACE
9
+ '\u0085': true, // NEL
10
+ '\u00A0': true, // NO-BREAK SPACE
11
+ '\u1680': true, // OGHAM SPACE MARK
12
+ '\u2000': true, // EN QUAD
13
+ '\u2001': true, // EM QUAD
14
+ '\u2002': true, // EN SPACE
15
+ '\u2003': true, // EM SPACE
16
+ '\u2004': true, // THREE-PER-EM SPACE
17
+ '\u2005': true, // FOUR-PER-EM SPACE
18
+ '\u2006': true, // SIX-PER-EM SPACE
19
+ '\u2007': true, // FIGURE SPACE
20
+ '\u2008': true, // PUNCTUATION SPACE
21
+ '\u2009': true, // THIN SPACE
22
+ '\u200A': true, // HAIR SPACE
23
+ '\u2028': true, // LINE SEPARATOR
24
+ '\u2029': true, // PARAGRAPH SEPARATOR
25
+ '\u202F': true, // NARROW NO-BREAK SPACE
26
+ '\u205F': true, // MEDIUM METHEMATICAL SPACE
27
+ '\u3000': true // IDEOGRAPHIC SPACE
28
+ };
29
+
30
+ var separatorTable = {
31
+ ',': true,
32
+ '(': true,
33
+ ')': true,
34
+ '[': true,
35
+ ']': true,
36
+ '.': true,
37
+ ';': true,
38
+ ':': true,
39
+ '+': true,
40
+ '-': true,
41
+ '*': true,
42
+ '/': true,
43
+ '%': true,
44
+ '^': true,
45
+ '<': true,
46
+ '>': true,
47
+ '=': true
48
+ };
49
+
50
+ function isValidNonEmptyString(str) {
51
+ return !!(str && typeof str === 'string');
52
+ }
53
+
54
+ function isSeparator(character) {
55
+ return !!separatorTable[character];
56
+ }
57
+
58
+ function isWhitespaceCharacter(character) {
59
+ return !!whitespaceTable[character];
60
+ }
61
+
62
+ /**
63
+ * @param value string
64
+ * @return boolean
65
+ */
66
+ module.exports.isAcceptableQuotedParameter = function (value) {
67
+ return isValidNonEmptyString(value) && (value.search(/([^"]|^)"([^"]|$)/) === -1);
68
+ };
69
+
70
+ /**
71
+ * @param value string
72
+ * @param maxToken
73
+ * @return boolean
74
+ */
75
+ module.exports.isAcceptableParameter = function (value, maxToken) {
76
+ if (!isValidNonEmptyString(value)) {
77
+ return false;
78
+ }
79
+ if (!maxToken || typeof maxToken !== 'number') {
80
+ maxToken = 1;
81
+ }
82
+ var outside = true; // outside of quotes
83
+ var lastCharWasWhitespace = true;
84
+ var lastCharWasSeparator = false;
85
+ var currentChar;
86
+ var charAfterCurrent;
87
+ var token = 0;
88
+ for (var i = 0; i < value.length; ++i) {
89
+ currentChar = value.charAt(i);
90
+ charAfterCurrent = value.charAt(i + 1);
91
+ if (currentChar === '"') {
92
+ if (!outside && charAfterCurrent === '"') {
93
+ ++i;
94
+ continue;
95
+ }
96
+ if (outside && !lastCharWasSeparator) { // opening "
97
+ ++token;
98
+ }
99
+ outside = !outside;
100
+ } else {
101
+ if (!outside) {
102
+ continue;
103
+ }
104
+ // outside "
105
+ if (currentChar === '-' && charAfterCurrent === '-') {
106
+ return false; // found comment
107
+ }
108
+ if (currentChar === '/' && charAfterCurrent === '*') {
109
+ return false; // found comment
110
+ }
111
+ if (isSeparator(currentChar)) {
112
+ if (token === 0) {
113
+ token += 2;
114
+ } else {
115
+ ++token;
116
+ }
117
+ lastCharWasSeparator = true;
118
+ lastCharWasWhitespace = false;
119
+ } else if (isWhitespaceCharacter(currentChar)) {
120
+ lastCharWasWhitespace = true;
121
+ } else {
122
+ if (lastCharWasWhitespace && !lastCharWasSeparator) {
123
+ ++token;
124
+ }
125
+ lastCharWasSeparator = false;
126
+ lastCharWasWhitespace = false;
127
+ }
128
+ }
129
+ }
130
+ return (outside && token <= maxToken);
131
+ };
132
+
133
+ /*
134
+ * Returns the value parameter with all double quotation marks escaped (i. e. doubled).
135
+ * @param value string
136
+ * @return string escaped value
137
+ */
138
+ module.exports.escapeDoubleQuotes = function (value) {
139
+ return value.replace(/"/g, '""');
140
+ };
141
+
142
+ /*
143
+ * Returns the string parameter with all single quotation marks escaped (i. e. doubled).
144
+ * @param value string
145
+ * @return string escaped value
146
+ */
147
+ module.exports.escapeSingleQuotes = function (value) {
148
+ return value.replace(/'/g, '\'\'');
149
+ };