npm - @truedat/dq - Versions diffs - 5.12.2 → 5.12.4 - Mend

@truedat/dq 5.12.2 → 5.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@truedat/dq",
-  "version": "5.12.2",
+  "version": "5.12.4",
   "description": "Truedat Web Data Quality Module",
   "sideEffects": false,
   "jsnext:main": "src/index.js",
@@ -118,5 +118,5 @@
     "react-dom": ">= 16.8.6 < 17",
     "semantic-ui-react": ">= 2.0.3 < 2.2"
   },
-  "gitHead": "1121d357f2a54a2ad2e77adbd43096004316453d"
+  "gitHead": "3a781fb5722e184e3bef25f9dcc7644bd463987b"
 }

package/src/components/ruleImplementationForm/RuleImplementationRawForm.js CHANGED Viewed

@@ -142,7 +142,7 @@ export const RuleImplementationRawForm = ({
   const getBannedWordsAndChars = (text) => {
     const re =
-      /\b(DROP|DELETE|INSERT|UPDATE|CALL|EXEC|EXECUTE|ALTER)\b|;|--|#/gi;
+      /\b(DROP|DELETE|DEL|INSERT|UPDATE|CALL|EXEC|EXECUTE|ALTER|CREATE)\b|--/gi;
     return text ? text.match(re) : [];
   };
   const validInformation = () =>

package/src/services/__tests__/encodeRawContent.spec.js CHANGED Viewed

@@ -1,12 +1,16 @@
 import { encodeRawContent } from "../encodeRawContent";
+const { TextEncoder } = require("util");
+// https://stackoverflow.com/a/68468204
+Object.assign(global, { TextEncoder });
 describe("services: encodeRawContent", () => {
   it("should base64 encode raw_content dataset, population and validations", () => {
     const raw_content = {
       dataset: "FROM SOME_TABLE",
-      population: "TYPE = 'PERSON'",
+      population: "TYPE = '人間'",
       validations: "PERSON_ID IS NOT NULL",
-      foo: "bar"
+      foo: "bar",
     };
     const ruleImplementation = { foo: "bar", raw_content };
     expect(encodeRawContent(ruleImplementation)).toMatchObject({
@@ -14,9 +18,9 @@ describe("services: encodeRawContent", () => {
       raw_content: {
         foo: "bar",
         dataset: "RlJPTSBTT01FX1RBQkxF",
-        population: "VFlQRSA9ICdQRVJTT04n",
-        validations: "UEVSU09OX0lEIElTIE5PVCBOVUxM"
-      }
+        population: "VFlQRSA9ICfkurrplpMn",
+        validations: "UEVSU09OX0lEIElTIE5PVCBOVUxM",
+      },
     });
   });
@@ -24,7 +28,7 @@ describe("services: encodeRawContent", () => {
     const raw_content = {
       dataset: null,
       population: "",
-      validations: ""
+      validations: "",
     };
     const ruleImplementation = { foo: "bar", raw_content };
     expect(encodeRawContent(ruleImplementation)).toStrictEqual(

package/src/services/encodeRawContent.js CHANGED Viewed

@@ -1,11 +1,20 @@
 import _ from "lodash/fp";
-const encodeValue = (value) => (_.isNil(value) ? value : btoa(value));
+const stringToBase64 = (value) =>
+  _.isNil(value)
+    ? value
+    : _.flow((value) => new TextEncoder().encode(value), bytesToBase64)(value);
+// https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
+const bytesToBase64 = (bytes) => {
+  const binString = Array.from(bytes, (x) => String.fromCodePoint(x)).join("");
+  return btoa(binString);
+};
 const encodeProps = (o) =>
   _.flow(
     _.pick(["dataset", "population", "validations", "segments"]),
-    _.mapValues(encodeValue),
+    _.mapValues(stringToBase64),
     _.assign(o)
   )(o);
@@ -13,6 +22,9 @@ export const encodeRawContent = (ruleImplementation) =>
   _.has("raw_content.dataset")(ruleImplementation)
     ? {
         ...ruleImplementation,
+        /* OWASP-enabled firewalls identify these requests as potential SQL
+         * injection attacks, avoid detection by base 64 encoding
+         */
         raw_content: encodeProps(ruleImplementation.raw_content),
       }
     : ruleImplementation;