bson 4.5.2 → 4.6.1

package/src/objectid.ts

@@ -1,5 +1,6 @@
 import { Buffer } from 'buffer';
 import { ensureBuffer } from './ensure_buffer';
+import { BSONTypeError } from './error';
 import { deprecate, isUint8Array, randomBytes } from './parser/utils';
 
 // Regular expression that checks for hex value
@@ -30,7 +31,7 @@ export class ObjectId {
   _bsontype!: 'ObjectId';
 
   /** @internal */
-  static index = ~~(Math.random() * 0xffffff);
+  static index = Math.floor(Math.random() * 0xffffff);
 
   static cacheHexString: boolean;
 
@@ -42,54 +43,54 @@ export class ObjectId {
   /**
    * Create an ObjectId type
    *
-   * @param id - Can be a 24 character hex string, 12 byte binary Buffer, or a number.
+   * @param inputId - Can be a 24 character hex string, 12 byte binary Buffer, or a number.
    */
-  constructor(id?: string | Buffer | number | ObjectIdLike | ObjectId) {
-    if (!(this instanceof ObjectId)) return new ObjectId(id);
-
-    // Duck-typing to support ObjectId from different npm packages
-    if (id instanceof ObjectId) {
-      this[kId] = id.id;
-      this.__id = id.__id;
-    }
-
-    if (typeof id === 'object' && id && 'id' in id) {
-      if ('toHexString' in id && typeof id.toHexString === 'function') {
-        this[kId] = Buffer.from(id.toHexString(), 'hex');
+  constructor(inputId?: string | number | ObjectId | ObjectIdLike | Buffer | Uint8Array) {
+    if (!(this instanceof ObjectId)) return new ObjectId(inputId);
+
+    // workingId is set based on type of input and whether valid id exists for the input
+    let workingId;
+    if (typeof inputId === 'object' && inputId && 'id' in inputId) {
+      if (typeof inputId.id !== 'string' && !ArrayBuffer.isView(inputId.id)) {
+        throw new BSONTypeError(
+          'Argument passed in must have an id that is of type string or Buffer'
+        );
+      }
+      if ('toHexString' in inputId && typeof inputId.toHexString === 'function') {
+        workingId = Buffer.from(inputId.toHexString(), 'hex');
       } else {
-        this[kId] = typeof id.id === 'string' ? Buffer.from(id.id) : id.id;
+        workingId = inputId.id;
       }
+    } else {
+      workingId = inputId;
     }
 
-    // The most common use case (blank id, new objectId instance)
-    if (id == null || typeof id === 'number') {
+    // the following cases use workingId to construct an ObjectId
+    if (workingId == null || typeof workingId === 'number') {
+      // The most common use case (blank id, new objectId instance)
       // Generate a new id
-      this[kId] = ObjectId.generate(typeof id === 'number' ? id : undefined);
-      // If we are caching the hex string
-      if (ObjectId.cacheHexString) {
-        this.__id = this.id.toString('hex');
-      }
-    }
-
-    if (ArrayBuffer.isView(id) && id.byteLength === 12) {
-      this[kId] = ensureBuffer(id);
-    }
-
-    if (typeof id === 'string') {
-      if (id.length === 12) {
-        const bytes = Buffer.from(id);
+      this[kId] = ObjectId.generate(typeof workingId === 'number' ? workingId : undefined);
+    } else if (ArrayBuffer.isView(workingId) && workingId.byteLength === 12) {
+      this[kId] = ensureBuffer(workingId);
+    } else if (typeof workingId === 'string') {
+      if (workingId.length === 12) {
+        const bytes = Buffer.from(workingId);
         if (bytes.byteLength === 12) {
           this[kId] = bytes;
+        } else {
+          throw new BSONTypeError('Argument passed in must be a string of 12 bytes');
         }
-      } else if (id.length === 24 && checkForHexRegExp.test(id)) {
-        this[kId] = Buffer.from(id, 'hex');
+      } else if (workingId.length === 24 && checkForHexRegExp.test(workingId)) {
+        this[kId] = Buffer.from(workingId, 'hex');
       } else {
-        throw new TypeError(
-          'Argument passed in must be a Buffer or string of 12 bytes or a string of 24 hex characters'
+        throw new BSONTypeError(
+          'Argument passed in must be a string of 12 bytes or a string of 24 hex characters'
         );
       }
+    } else {
+      throw new BSONTypeError('Argument passed in does not match the accepted types');
     }
-
+    // If we are caching the hex string
     if (ObjectId.cacheHexString) {
       this.__id = this.id.toString('hex');
     }
@@ -155,7 +156,7 @@ export class ObjectId {
    */
   static generate(time?: number): Buffer {
     if ('number' !== typeof time) {
-      time = ~~(Date.now() / 1000);
+      time = Math.floor(Date.now() / 1000);
     }
 
     const inc = ObjectId.getInc();
@@ -276,7 +277,7 @@ export class ObjectId {
   static createFromHexString(hexString: string): ObjectId {
     // Throw an error if it's not a valid setup
     if (typeof hexString === 'undefined' || (hexString != null && hexString.length !== 24)) {
-      throw new TypeError(
+      throw new BSONTypeError(
         'Argument passed in must be a single String of 12 bytes or a string of 24 hex characters'
       );
     }
@@ -289,34 +290,15 @@ export class ObjectId {
    *
    * @param id - ObjectId instance to validate.
    */
-  static isValid(id: number | string | ObjectId | Uint8Array | ObjectIdLike): boolean {
+  static isValid(id: string | number | ObjectId | ObjectIdLike | Buffer | Uint8Array): boolean {
     if (id == null) return false;
 
-    if (typeof id === 'number') {
+    try {
+      new ObjectId(id);
       return true;
+    } catch {
+      return false;
     }
-
-    if (typeof id === 'string') {
-      return id.length === 12 || (id.length === 24 && checkForHexRegExp.test(id));
-    }
-
-    if (id instanceof ObjectId) {
-      return true;
-    }
-
-    if (isUint8Array(id) && id.length === 12) {
-      return true;
-    }
-
-    // Duck-Typing detection of ObjectId like objects
-    if (typeof id === 'object' && 'toHexString' in id && typeof id.toHexString === 'function') {
-      if (typeof id.id === 'string') {
-        return id.id.length === 12;
-      }
-      return id.toHexString().length === 24 && checkForHexRegExp.test(id.id.toString('hex'));
-    }
-
-    return false;
   }
 
   /** @internal */

package/src/parser/calculate_size.ts

@@ -24,7 +24,7 @@ export function calculateObjectSize(
   } else {
     // If we have toBSON defined, override the current object
 
-    if (object.toBSON) {
+    if (typeof object?.toBSON === 'function') {
       object = object.toBSON();
     }
 
@@ -47,7 +47,7 @@ function calculateElement(
   ignoreUndefined = false
 ) {
   // If we have toBSON defined, override the current object
-  if (value && value.toBSON) {
+  if (typeof value?.toBSON === 'function') {
     value = value.toBSON();
   }
 

package/src/parser/deserializer.ts

@@ -6,6 +6,7 @@ import * as constants from '../constants';
 import { DBRef, DBRefLike, isDBRefLike } from '../db_ref';
 import { Decimal128 } from '../decimal128';
 import { Double } from '../double';
+import { BSONError } from '../error';
 import { Int32 } from '../int_32';
 import { Long } from '../long';
 import { MaxKey } from '../max_key';
@@ -44,6 +45,22 @@ export interface DeserializeOptions {
   index?: number;
 
   raw?: boolean;
+  /** Allows for opt-out utf-8 validation for all keys or
+   * specified keys. Must be all true or all false.
+   *
+   * @example
+   * ```js
+   * // disables validation on all keys
+   *  validation: { utf8: false }
+   *
+   * // enables validation only on specified keys a, b, and c
+   *  validation: { utf8: { a: true, b: true, c: true } }
+   *
+   *  // disables validation only on specified keys a, b
+   *  validation: { utf8: { a: false, b: false } }
+   * ```
+   */
+  validation?: { utf8: boolean | Record<string, true> | Record<string, false> };
 }
 
 // Internal long versions
@@ -67,26 +84,28 @@ export function deserialize(
     (buffer[index + 3] << 24);
 
   if (size < 5) {
-    throw new Error(`bson size must be >= 5, is ${size}`);
+    throw new BSONError(`bson size must be >= 5, is ${size}`);
   }
 
   if (options.allowObjectSmallerThanBufferSize && buffer.length < size) {
-    throw new Error(`buffer length ${buffer.length} must be >= bson size ${size}`);
+    throw new BSONError(`buffer length ${buffer.length} must be >= bson size ${size}`);
   }
 
   if (!options.allowObjectSmallerThanBufferSize && buffer.length !== size) {
-    throw new Error(`buffer length ${buffer.length} must === bson size ${size}`);
+    throw new BSONError(`buffer length ${buffer.length} must === bson size ${size}`);
   }
 
   if (size + index > buffer.byteLength) {
-    throw new Error(
+    throw new BSONError(
       `(bson size ${size} + options.index ${index} must be <= buffer length ${buffer.byteLength})`
     );
   }
 
   // Illegal end value
   if (buffer[index + size - 1] !== 0) {
-    throw new Error("One object, sized correctly, with a spot for an EOO, but the EOO isn't 0x00");
+    throw new BSONError(
+      "One object, sized correctly, with a spot for an EOO, but the EOO isn't 0x00"
+    );
   }
 
   // Start deserializtion
@@ -117,18 +136,57 @@ function deserializeObject(
   const promoteLongs = options['promoteLongs'] == null ? true : options['promoteLongs'];
   const promoteValues = options['promoteValues'] == null ? true : options['promoteValues'];
 
+  // Ensures default validation option if none given
+  const validation = options.validation == null ? { utf8: true } : options.validation;
+
+  // Shows if global utf-8 validation is enabled or disabled
+  let globalUTFValidation = true;
+  // Reflects utf-8 validation setting regardless of global or specific key validation
+  let validationSetting: boolean;
+  // Set of keys either to enable or disable validation on
+  const utf8KeysSet = new Set();
+
+  // Check for boolean uniformity and empty validation option
+  const utf8ValidatedKeys = validation.utf8;
+  if (typeof utf8ValidatedKeys === 'boolean') {
+    validationSetting = utf8ValidatedKeys;
+  } else {
+    globalUTFValidation = false;
+    const utf8ValidationValues = Object.keys(utf8ValidatedKeys).map(function (key) {
+      return utf8ValidatedKeys[key];
+    });
+    if (utf8ValidationValues.length === 0) {
+      throw new BSONError('UTF-8 validation setting cannot be empty');
+    }
+    if (typeof utf8ValidationValues[0] !== 'boolean') {
+      throw new BSONError('Invalid UTF-8 validation option, must specify boolean values');
+    }
+    validationSetting = utf8ValidationValues[0];
+    // Ensures boolean uniformity in utf-8 validation (all true or all false)
+    if (!utf8ValidationValues.every(item => item === validationSetting)) {
+      throw new BSONError('Invalid UTF-8 validation option - keys must be all true or all false');
+    }
+  }
+
+  // Add keys to set that will either be validated or not based on validationSetting
+  if (!globalUTFValidation) {
+    for (const key of Object.keys(utf8ValidatedKeys)) {
+      utf8KeysSet.add(key);
+    }
+  }
+
   // Set the start index
   const startIndex = index;
 
   // Validate that we have at least 4 bytes of buffer
-  if (buffer.length < 5) throw new Error('corrupt bson message < 5 bytes long');
+  if (buffer.length < 5) throw new BSONError('corrupt bson message < 5 bytes long');
 
   // Read the document size
   const size =
     buffer[index++] | (buffer[index++] << 8) | (buffer[index++] << 16) | (buffer[index++] << 24);
 
   // Ensure buffer is valid size
-  if (size < 5 || size > buffer.length) throw new Error('corrupt bson message');
+  if (size < 5 || size > buffer.length) throw new BSONError('corrupt bson message');
 
   // Create holding object
   const object: Document = isArray ? [] : {};
@@ -154,8 +212,19 @@ function deserializeObject(
     }
 
     // If are at the end of the buffer there is a problem with the document
-    if (i >= buffer.byteLength) throw new Error('Bad BSON Document: illegal CString');
+    if (i >= buffer.byteLength) throw new BSONError('Bad BSON Document: illegal CString');
+
+    // Represents the key
     const name = isArray ? arrayIndex++ : buffer.toString('utf8', index, i);
+
+    // shouldValidateKey is true if the key should be validated, false otherwise
+    let shouldValidateKey = true;
+    if (globalUTFValidation || utf8KeysSet.has(name)) {
+      shouldValidateKey = validationSetting;
+    } else {
+      shouldValidateKey = !validationSetting;
+    }
+
     if (isPossibleDBRef !== false && (name as string)[0] === '$') {
       isPossibleDBRef = allowedDBRefKeys.test(name as string);
     }
@@ -173,20 +242,10 @@ function deserializeObject(
         stringSize <= 0 ||
         stringSize > buffer.length - index ||
         buffer[index + stringSize - 1] !== 0
-      )
-        throw new Error('bad string length in bson');
-
-      value = buffer.toString('utf8', index, index + stringSize - 1);
-
-      for (let i = 0; i < value.length; i++) {
-        if (value.charCodeAt(i) === 0xfffd) {
-          if (!validateUtf8(buffer, index, index + stringSize - 1)) {
-            throw new Error('Invalid UTF-8 string in BSON document');
-          }
-          break;
-        }
+      ) {
+        throw new BSONError('bad string length in bson');
       }
-
+      value = getValidatedString(buffer, index, index + stringSize - 1, shouldValidateKey);
       index = index + stringSize;
     } else if (elementType === constants.BSON_DATA_OID) {
       const oid = Buffer.alloc(12);
@@ -222,7 +281,8 @@ function deserializeObject(
         (buffer[index++] << 24);
       value = new Date(new Long(lowBits, highBits).toNumber());
     } else if (elementType === constants.BSON_DATA_BOOLEAN) {
-      if (buffer[index] !== 0 && buffer[index] !== 1) throw new Error('illegal boolean type value');
+      if (buffer[index] !== 0 && buffer[index] !== 1)
+        throw new BSONError('illegal boolean type value');
       value = buffer[index++] === 1;
     } else if (elementType === constants.BSON_DATA_OBJECT) {
       const _index = index;
@@ -232,13 +292,17 @@ function deserializeObject(
         (buffer[index + 2] << 16) |
         (buffer[index + 3] << 24);
       if (objectSize <= 0 || objectSize > buffer.length - index)
-        throw new Error('bad embedded document length in bson');
+        throw new BSONError('bad embedded document length in bson');
 
       // We have a raw value
       if (raw) {
         value = buffer.slice(index, index + objectSize);
       } else {
-        value = deserializeObject(buffer, _index, options, false);
+        let objectOptions = options;
+        if (!globalUTFValidation) {
+          objectOptions = { ...options, validation: { utf8: shouldValidateKey } };
+        }
+        value = deserializeObject(buffer, _index, objectOptions, false);
       }
 
       index = index + objectSize;
@@ -266,12 +330,14 @@ function deserializeObject(
         }
         arrayOptions['raw'] = true;
       }
-
+      if (!globalUTFValidation) {
+        arrayOptions = { ...arrayOptions, validation: { utf8: shouldValidateKey } };
+      }
       value = deserializeObject(buffer, _index, arrayOptions, true);
       index = index + objectSize;
 
-      if (buffer[index - 1] !== 0) throw new Error('invalid array terminator byte');
-      if (index !== stopIndex) throw new Error('corrupted array bson');
+      if (buffer[index - 1] !== 0) throw new BSONError('invalid array terminator byte');
+      if (index !== stopIndex) throw new BSONError('corrupted array bson');
     } else if (elementType === constants.BSON_DATA_UNDEFINED) {
       value = undefined;
     } else if (elementType === constants.BSON_DATA_NULL) {
@@ -323,11 +389,11 @@ function deserializeObject(
       const subType = buffer[index++];
 
       // Did we have a negative binary size, throw
-      if (binarySize < 0) throw new Error('Negative binary type element size found');
+      if (binarySize < 0) throw new BSONError('Negative binary type element size found');
 
       // Is the length longer than the document
       if (binarySize > buffer.byteLength)
-        throw new Error('Binary type size larger than document size');
+        throw new BSONError('Binary type size larger than document size');
 
       // Decode as raw Buffer object if options specifies it
       if (buffer['slice'] != null) {
@@ -339,11 +405,11 @@ function deserializeObject(
             (buffer[index++] << 16) |
             (buffer[index++] << 24);
           if (binarySize < 0)
-            throw new Error('Negative binary type element size found for subtype 0x02');
+            throw new BSONError('Negative binary type element size found for subtype 0x02');
           if (binarySize > totalBinarySize - 4)
-            throw new Error('Binary type with subtype 0x02 contains too long binary size');
+            throw new BSONError('Binary type with subtype 0x02 contains too long binary size');
           if (binarySize < totalBinarySize - 4)
-            throw new Error('Binary type with subtype 0x02 contains too short binary size');
+            throw new BSONError('Binary type with subtype 0x02 contains too short binary size');
         }
 
         if (promoteBuffers && promoteValues) {
@@ -361,11 +427,11 @@ function deserializeObject(
             (buffer[index++] << 16) |
             (buffer[index++] << 24);
           if (binarySize < 0)
-            throw new Error('Negative binary type element size found for subtype 0x02');
+            throw new BSONError('Negative binary type element size found for subtype 0x02');
           if (binarySize > totalBinarySize - 4)
-            throw new Error('Binary type with subtype 0x02 contains too long binary size');
+            throw new BSONError('Binary type with subtype 0x02 contains too long binary size');
           if (binarySize < totalBinarySize - 4)
-            throw new Error('Binary type with subtype 0x02 contains too short binary size');
+            throw new BSONError('Binary type with subtype 0x02 contains too short binary size');
         }
 
         // Copy the data
@@ -390,7 +456,7 @@ function deserializeObject(
         i++;
       }
       // If are at the end of the buffer there is a problem with the document
-      if (i >= buffer.length) throw new Error('Bad BSON Document: illegal CString');
+      if (i >= buffer.length) throw new BSONError('Bad BSON Document: illegal CString');
       // Return the C string
       const source = buffer.toString('utf8', index, i);
       // Create the regexp
@@ -403,7 +469,7 @@ function deserializeObject(
         i++;
       }
       // If are at the end of the buffer there is a problem with the document
-      if (i >= buffer.length) throw new Error('Bad BSON Document: illegal CString');
+      if (i >= buffer.length) throw new BSONError('Bad BSON Document: illegal CString');
       // Return the C string
       const regExpOptions = buffer.toString('utf8', index, i);
       index = i + 1;
@@ -435,7 +501,7 @@ function deserializeObject(
         i++;
       }
       // If are at the end of the buffer there is a problem with the document
-      if (i >= buffer.length) throw new Error('Bad BSON Document: illegal CString');
+      if (i >= buffer.length) throw new BSONError('Bad BSON Document: illegal CString');
       // Return the C string
       const source = buffer.toString('utf8', index, i);
       index = i + 1;
@@ -447,7 +513,7 @@ function deserializeObject(
         i++;
       }
       // If are at the end of the buffer there is a problem with the document
-      if (i >= buffer.length) throw new Error('Bad BSON Document: illegal CString');
+      if (i >= buffer.length) throw new BSONError('Bad BSON Document: illegal CString');
       // Return the C string
       const regExpOptions = buffer.toString('utf8', index, i);
       index = i + 1;
@@ -464,9 +530,10 @@ function deserializeObject(
         stringSize <= 0 ||
         stringSize > buffer.length - index ||
         buffer[index + stringSize - 1] !== 0
-      )
-        throw new Error('bad string length in bson');
-      const symbol = buffer.toString('utf8', index, index + stringSize - 1);
+      ) {
+        throw new BSONError('bad string length in bson');
+      }
+      const symbol = getValidatedString(buffer, index, index + stringSize - 1, shouldValidateKey);
       value = promoteValues ? symbol : new BSONSymbol(symbol);
       index = index + stringSize;
     } else if (elementType === constants.BSON_DATA_TIMESTAMP) {
@@ -496,9 +563,15 @@ function deserializeObject(
         stringSize <= 0 ||
         stringSize > buffer.length - index ||
         buffer[index + stringSize - 1] !== 0
-      )
-        throw new Error('bad string length in bson');
-      const functionString = buffer.toString('utf8', index, index + stringSize - 1);
+      ) {
+        throw new BSONError('bad string length in bson');
+      }
+      const functionString = getValidatedString(
+        buffer,
+        index,
+        index + stringSize - 1,
+        shouldValidateKey
+      );
 
       // If we are evaluating the functions
       if (evalFunctions) {
@@ -524,7 +597,7 @@ function deserializeObject(
 
       // Element cannot be shorter than totalSize + stringSize + documentSize + terminator
       if (totalSize < 4 + 4 + 4 + 1) {
-        throw new Error('code_w_scope total size shorter minimum expected length');
+        throw new BSONError('code_w_scope total size shorter minimum expected length');
       }
 
       // Get the code string size
@@ -538,11 +611,17 @@ function deserializeObject(
         stringSize <= 0 ||
         stringSize > buffer.length - index ||
         buffer[index + stringSize - 1] !== 0
-      )
-        throw new Error('bad string length in bson');
+      ) {
+        throw new BSONError('bad string length in bson');
+      }
 
       // Javascript function
-      const functionString = buffer.toString('utf8', index, index + stringSize - 1);
+      const functionString = getValidatedString(
+        buffer,
+        index,
+        index + stringSize - 1,
+        shouldValidateKey
+      );
       // Update parse index position
       index = index + stringSize;
       // Parse the element
@@ -560,12 +639,12 @@ function deserializeObject(
 
       // Check if field length is too short
       if (totalSize < 4 + 4 + objectSize + stringSize) {
-        throw new Error('code_w_scope total size is too short, truncating scope');
+        throw new BSONError('code_w_scope total size is too short, truncating scope');
       }
 
       // Check if totalSize field is too long
       if (totalSize > 4 + 4 + objectSize + stringSize) {
-        throw new Error('code_w_scope total size is too long, clips outer document');
+        throw new BSONError('code_w_scope total size is too long, clips outer document');
       }
 
       // If we are evaluating the functions
@@ -595,10 +674,12 @@ function deserializeObject(
         stringSize > buffer.length - index ||
         buffer[index + stringSize - 1] !== 0
       )
-        throw new Error('bad string length in bson');
+        throw new BSONError('bad string length in bson');
       // Namespace
-      if (!validateUtf8(buffer, index, index + stringSize - 1)) {
-        throw new Error('Invalid UTF-8 string in BSON document');
+      if (validation != null && validation.utf8) {
+        if (!validateUtf8(buffer, index, index + stringSize - 1)) {
+          throw new BSONError('Invalid UTF-8 string in BSON document');
+        }
       }
       const namespace = buffer.toString('utf8', index, index + stringSize - 1);
       // Update parse index position
@@ -615,7 +696,7 @@ function deserializeObject(
       // Upgrade to DBRef type
       value = new DBRef(namespace, oid);
     } else {
-      throw new Error(
+      throw new BSONError(
         'Detected unknown BSON type ' + elementType.toString(16) + ' for fieldname "' + name + '"'
       );
     }
@@ -633,8 +714,8 @@ function deserializeObject(
 
   // Check if the deserialization was against a valid array/object
   if (size !== index - startIndex) {
-    if (isArray) throw new Error('corrupt array bson');
-    throw new Error('corrupt object bson');
+    if (isArray) throw new BSONError('corrupt array bson');
+    throw new BSONError('corrupt object bson');
   }
 
   // if we did not find "$ref", "$id", "$db", or found an extraneous $key, don't make a DBRef
@@ -670,3 +751,24 @@ function isolateEval(
   // Set the object
   return functionCache[functionString].bind(object);
 }
+
+function getValidatedString(
+  buffer: Buffer,
+  start: number,
+  end: number,
+  shouldValidateUtf8: boolean
+) {
+  const value = buffer.toString('utf8', start, end);
+  // if utf8 validation is on, do the check
+  if (shouldValidateUtf8) {
+    for (let i = 0; i < value.length; i++) {
+      if (value.charCodeAt(i) === 0xfffd) {
+        if (!validateUtf8(buffer, start, end)) {
+          throw new BSONError('Invalid UTF-8 string in BSON document');
+        }
+        break;
+      }
+    }
+  }
+  return value;
+}