dbgate-tools 7.1.8 → 7.1.10

package/lib/ScriptWriter.js

@@ -26,6 +26,7 @@ class ScriptWriterJavaScript {
         this._put();
     }
     assignCore(variableName, functionName, props) {
+        (0, packageTools_1.assertValidJsIdentifier)(variableName, 'variableName');
         this._put(`const ${variableName} = await ${functionName}(${JSON.stringify(props)});`);
     }
     assign(variableName, functionName, props) {
@@ -33,15 +34,20 @@ class ScriptWriterJavaScript {
         this.packageNames.push(...(0, packageTools_1.extractShellApiPlugins)(functionName, props));
     }
     assignValue(variableName, jsonValue) {
+        (0, packageTools_1.assertValidJsIdentifier)(variableName, 'variableName');
         this._put(`const ${variableName} = ${JSON.stringify(jsonValue)};`);
     }
     requirePackage(packageName) {
         this.packageNames.push(packageName);
     }
     copyStream(sourceVar, targetVar, colmapVar = null, progressName) {
+        (0, packageTools_1.assertValidJsIdentifier)(sourceVar, 'sourceVar');
+        (0, packageTools_1.assertValidJsIdentifier)(targetVar, 'targetVar');
         let opts = '{';
-        if (colmapVar)
+        if (colmapVar) {
+            (0, packageTools_1.assertValidJsIdentifier)(colmapVar, 'colmapVar');
             opts += `columns: ${colmapVar}, `;
+        }
         if (progressName)
             opts += `progressName: ${JSON.stringify(progressName)}, `;
         opts += '}';
@@ -68,7 +74,7 @@ class ScriptWriterJavaScript {
         return prefix + this.s;
     }
     zipDirectory(inputDirectory, outputFile) {
-        this._put(`await dbgateApi.zipDirectory('${inputDirectory}', '${outputFile}');`);
+        this._put(`await dbgateApi.zipDirectory(${JSON.stringify(inputDirectory)}, ${JSON.stringify(outputFile)});`);
     }
 }
 exports.ScriptWriterJavaScript = ScriptWriterJavaScript;
@@ -171,6 +177,8 @@ class ScriptWriterEval {
     endLine() { }
     requirePackage(packageName) { }
     async assign(variableName, functionName, props) {
+        (0, packageTools_1.assertValidJsIdentifier)(variableName, 'variableName');
+        (0, packageTools_1.assertValidShellApiFunctionName)(functionName);
         const func = (0, packageTools_1.evalShellApiFunctionName)(functionName, this.dbgateApi, this.requirePlugin);
         this.variables[variableName] = await func((0, cloneDeepWith_1.default)(props, node => {
             if (node === null || node === void 0 ? void 0 : node.$hostConnection) {
@@ -179,9 +187,14 @@ class ScriptWriterEval {
         }));
     }
     assignValue(variableName, jsonValue) {
+        (0, packageTools_1.assertValidJsIdentifier)(variableName, 'variableName');
         this.variables[variableName] = jsonValue;
     }
     async copyStream(sourceVar, targetVar, colmapVar = null, progressName) {
+        (0, packageTools_1.assertValidJsIdentifier)(sourceVar, 'sourceVar');
+        (0, packageTools_1.assertValidJsIdentifier)(targetVar, 'targetVar');
+        if (colmapVar != null)
+            (0, packageTools_1.assertValidJsIdentifier)(colmapVar, 'colmapVar');
         await this.dbgateApi.copyStream(this.variables[sourceVar], this.variables[targetVar], {
             progressName: (0, cloneDeepWith_1.default)(progressName, node => {
                 if (node === null || node === void 0 ? void 0 : node.$runid) {

package/lib/packageTools.d.ts

@@ -1,4 +1,13 @@
 import type { EngineDriver, ExtensionsDirectory } from 'dbgate-types';
+export declare function isValidJsIdentifier(name: string): boolean;
+export declare function assertValidJsIdentifier(name: string, label: string): void;
+/**
+ * Validates a shell API function name.
+ * Allowed forms:
+ *   - "someFunctionName"  (plain identifier, resolved as dbgateApi.someFunctionName)
+ *   - "funcName@dbgate-plugin-xxx"  (namespaced, resolved as plugin.shellApi.funcName)
+ */
+export declare function assertValidShellApiFunctionName(functionName: string): void;
 export declare function extractShellApiPlugins(functionName: any, props: any): string[];
 export declare function extractPackageName(name: any): string;
 export declare function compileShellApiFunctionName(functionName: any): string;

package/lib/packageTools.js

@@ -3,10 +3,66 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.findEngineDriver = exports.evalShellApiFunctionName = exports.compileShellApiFunctionName = exports.extractPackageName = exports.extractShellApiPlugins = void 0;
+exports.findEngineDriver = exports.evalShellApiFunctionName = exports.compileShellApiFunctionName = exports.extractPackageName = exports.extractShellApiPlugins = exports.assertValidShellApiFunctionName = exports.assertValidJsIdentifier = exports.isValidJsIdentifier = void 0;
 const camelCase_1 = __importDefault(require("lodash/camelCase"));
 const isString_1 = __importDefault(require("lodash/isString"));
 const isPlainObject_1 = __importDefault(require("lodash/isPlainObject"));
+const JS_IDENTIFIER_RE = /^[a-zA-Z_$][a-zA-Z0-9_$]*$/;
+// ECMAScript reserved words, strict-mode keywords, and async-context keywords
+// that cannot be used as variable or function names in the generated scripts.
+// Sources: ECMA-262 §12.7.2 (reserved words), §12.7.3 (strict mode), §14 (contextual).
+const JS_RESERVED_WORDS = new Set([
+    // Keywords
+    'break', 'case', 'catch', 'class', 'const', 'continue', 'debugger', 'default',
+    'delete', 'do', 'else', 'export', 'extends', 'false', 'finally', 'for',
+    'function', 'if', 'import', 'in', 'instanceof', 'let', 'new', 'null', 'return',
+    'static', 'super', 'switch', 'this', 'throw', 'true', 'try', 'typeof', 'var',
+    'void', 'while', 'with', 'yield',
+    // Strict-mode reserved words
+    'implements', 'interface', 'package', 'private', 'protected', 'public',
+    // Async context keywords
+    'async', 'await',
+    // Future reserved
+    'enum',
+    'eval', 'arguments',
+]);
+function isValidJsIdentifier(name) {
+    return typeof name === 'string' && JS_IDENTIFIER_RE.test(name) && !JS_RESERVED_WORDS.has(name);
+}
+exports.isValidJsIdentifier = isValidJsIdentifier;
+function assertValidJsIdentifier(name, label) {
+    if (!isValidJsIdentifier(name)) {
+        throw new Error(`DBGM-00000 Invalid ${label}: ${String(name).substring(0, 100)}`);
+    }
+}
+exports.assertValidJsIdentifier = assertValidJsIdentifier;
+/**
+ * Validates a shell API function name.
+ * Allowed forms:
+ *   - "someFunctionName"  (plain identifier, resolved as dbgateApi.someFunctionName)
+ *   - "funcName@dbgate-plugin-xxx"  (namespaced, resolved as plugin.shellApi.funcName)
+ */
+function assertValidShellApiFunctionName(functionName) {
+    if (typeof functionName !== 'string') {
+        throw new Error('DBGM-00000 functionName must be a string');
+    }
+    const nsMatch = functionName.match(/^([^@]+)@([^@]+)$/);
+    if (nsMatch) {
+        if (!isValidJsIdentifier(nsMatch[1])) {
+            throw new Error(`DBGM-00000 Invalid function part in functionName: ${nsMatch[1].substring(0, 100)}`);
+        }
+        if (!/^dbgate-plugin-[a-zA-Z0-9_-]+$/.test(nsMatch[2])) {
+            throw new Error(`DBGM-00000 Invalid plugin package in functionName: ${nsMatch[2].substring(0, 100)}`);
+        }
+    }
+    else {
+        if (!isValidJsIdentifier(functionName)) {
+            throw new Error(`DBGM-00000 Invalid functionName: ${functionName.substring(0, 100)}`);
+        }
+    }
+}
+exports.assertValidShellApiFunctionName = assertValidShellApiFunctionName;
+const VALID_PLUGIN_NAME_RE = /^dbgate-plugin-[a-zA-Z0-9_-]+$/;
 function extractShellApiPlugins(functionName, props) {
     const res = [];
     const nsMatch = functionName.match(/^([^@]+)@([^@]+)/);
@@ -19,6 +75,11 @@ function extractShellApiPlugins(functionName, props) {
             res.push(nsMatchEngine[2]);
         }
     }
+    for (const plugin of res) {
+        if (!VALID_PLUGIN_NAME_RE.test(plugin)) {
+            throw new Error(`DBGM-00000 Invalid plugin name: ${String(plugin).substring(0, 100)}`);
+        }
+    }
     return res;
 }
 exports.extractShellApiPlugins = extractShellApiPlugins;
@@ -33,7 +94,8 @@ function extractPackageName(name) {
 }
 exports.extractPackageName = extractPackageName;
 function compileShellApiFunctionName(functionName) {
-    const nsMatch = functionName.match(/^([^@]+)@([^@]+)/);
+    assertValidShellApiFunctionName(functionName);
+    const nsMatch = functionName.match(/^([^@]+)@([^@]+)$/);
     if (nsMatch) {
         return `${(0, camelCase_1.default)(nsMatch[2])}.shellApi.${nsMatch[1]}`;
     }
@@ -41,7 +103,8 @@ function compileShellApiFunctionName(functionName) {
 }
 exports.compileShellApiFunctionName = compileShellApiFunctionName;
 function evalShellApiFunctionName(functionName, dbgateApi, requirePlugin) {
-    const nsMatch = functionName.match(/^([^@]+)@([^@]+)/);
+    assertValidShellApiFunctionName(functionName);
+    const nsMatch = functionName.match(/^([^@]+)@([^@]+)$/);
     if (nsMatch) {
         return requirePlugin(nsMatch[2]).shellApi[nsMatch[1]];
     }

package/lib/stringTools.js

@@ -98,22 +98,24 @@ function parseCellValue(value, editorTypes) {
             return null;
     }
     if (editorTypes === null || editorTypes === void 0 ? void 0 : editorTypes.parseHexAsBuffer) {
-        const mUuid3 = value.match(uuid3WrapperRegex);
-        if (mUuid3) {
-            const base64Uuid3 = uuidToBase64(mUuid3[1]);
-            if (base64Uuid3 != null)
-                return { $binary: { base64: base64Uuid3, subType: '03' } };
-        }
-        const mUuid4 = value.match(uuid4WrapperRegex);
-        if (mUuid4) {
-            const base64Uuid4 = uuidToBase64(mUuid4[1]);
-            if (base64Uuid4 != null)
-                return { $binary: { base64: base64Uuid4, subType: '04' } };
-        }
-        if (uuidRegex.test(value)) {
-            const base64UuidPlain = uuidToBase64(value);
-            if (base64UuidPlain != null)
-                return { $binary: { base64: base64UuidPlain, subType: '04' } };
+        if (editorTypes === null || editorTypes === void 0 ? void 0 : editorTypes.parseUuid) {
+            const mUuid3 = value.match(uuid3WrapperRegex);
+            if (mUuid3) {
+                const base64Uuid3 = uuidToBase64(mUuid3[1]);
+                if (base64Uuid3 != null)
+                    return { $binary: { base64: base64Uuid3, subType: '03' } };
+            }
+            const mUuid4 = value.match(uuid4WrapperRegex);
+            if (mUuid4) {
+                const base64Uuid4 = uuidToBase64(mUuid4[1]);
+                if (base64Uuid4 != null)
+                    return { $binary: { base64: base64Uuid4, subType: '04' } };
+            }
+            if (uuidRegex.test(value)) {
+                const base64UuidPlain = uuidToBase64(value);
+                if (base64UuidPlain != null)
+                    return { $binary: { base64: base64UuidPlain, subType: '04' } };
+            }
         }
         const mHex = value.match(/^0x([0-9a-fA-F][0-9a-fA-F])+$/);
         if (mHex) {
@@ -301,24 +303,20 @@ function stringifyCellValue(value, intent, editorTypes, gridFormattingOptions, j
         return { value: 'false', gridStyle: 'valueCellStyle' };
     if ((_a = value === null || value === void 0 ? void 0 : value.$binary) === null || _a === void 0 ? void 0 : _a.base64) {
         const subType = value.$binary.subType;
-        if (subType === '03' || subType === '04') {
-            const uuidStr = base64ToUuid(value.$binary.base64);
-            if (uuidStr != null) {
-                if (intent === 'gridCellIntent' || intent === 'exportIntent' || intent === 'clipboardIntent' || intent === 'stringConversionIntent') {
-                    return { value: uuidStr, gridStyle: 'valueCellStyle' };
-                }
-                // For editing intents: tag with subType so parseCellValue can round-trip it
+        const isUuidType = subType === '03' || subType === '04' || (editorTypes === null || editorTypes === void 0 ? void 0 : editorTypes.parseUuid);
+        const uuidStr = isUuidType ? base64ToUuid(value.$binary.base64) : null;
+        if (uuidStr != null) {
+            // MongoDB editing intents: wrap with UUID()/UUID3() so parseCellValue can round-trip it
+            if ((editorTypes === null || editorTypes === void 0 ? void 0 : editorTypes.parseUuid) && intent !== 'gridCellIntent' && intent !== 'exportIntent' && intent !== 'clipboardIntent' && intent !== 'stringConversionIntent') {
                 const tag = subType === '03' ? 'UUID3' : 'UUID';
                 return { value: `${tag}("${uuidStr}")`, gridStyle: 'valueCellStyle' };
             }
+            return { value: uuidStr, gridStyle: 'valueCellStyle' };
         }
         if (intent === 'gridCellIntent' && value.$binary.base64.length > exports.MAX_GRID_BINARY_SIZE) {
             return { value: `(Field too large, ${formatByteSize(Math.round(value.$binary.base64.length * 3 / 4))})`, gridStyle: 'nullCellStyle' };
         }
-        return {
-            value: base64ToHex(value.$binary.base64),
-            gridStyle: 'valueCellStyle',
-        };
+        return { value: base64ToHex(value.$binary.base64), gridStyle: 'valueCellStyle' };
     }
     if (value === null || value === void 0 ? void 0 : value.$decimal) {
         return {

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "7.1.8",
+  "version": "7.1.10",
   "name": "dbgate-tools",
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
@@ -26,7 +26,7 @@
   ],
   "devDependencies": {
     "@types/node": "^13.7.0",
-    "dbgate-types": "7.1.8",
+    "dbgate-types": "7.1.10",
     "jest": "^28.1.3",
     "ts-jest": "^28.0.7",
     "typescript": "^4.4.3"
@@ -34,7 +34,7 @@
   "dependencies": {
     "blueimp-md5": "^2.19.0",
     "dbgate-query-splitter": "^4.12.0",
-    "dbgate-sqltree": "7.1.8",
+    "dbgate-sqltree": "7.1.10",
     "debug": "^4.3.4",
     "json-stable-stringify": "^1.0.1",
     "lodash": "^4.17.21",