kuzzle 2.15.0 → 2.15.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/service/storage/elasticsearch.js +14 -9
  2. package/package-lock.json +21 -21
  3. package/package.json +4 -4
package/lib/service/storage/elasticsearch.js CHANGED
@@ -128,12 +128,11 @@ class ElasticSearch extends Service {
128
128
  '_source_includes'
129
129
  ];
130
130
 
131
- // Forbidden keys in a query
132
- this.scriptKeys = [
133
- 'script',
134
- '_script'
135
- ];
136
-
131
+ /**
132
+ * Only allow stored-scripts in queries
133
+ */
134
+ this.scriptKeys = ['script', '_script'];
135
+ this.scriptAllowedArgs = ['id', 'params'];
137
136
 
138
137
  this.maxScrollDuration = this._loadMsConfig('maxScrollDuration');
139
138
 
@@ -2979,14 +2978,20 @@ class ElasticSearch extends Service {
2979
2978
  }
2980
2979
 
2981
2980
  /**
2982
- * Throw if any script keyword is contained in the object
2981
+ * Throw if a script is used in the query.
2982
+ *
2983
+ * Only Stored Scripts are accepted
2983
2984
  *
2984
2985
  * @param {Object} object
2985
2986
  */
2986
- _scriptCheck(object) {
2987
+ _scriptCheck (object) {
2987
2988
  for (const [key, value] of Object.entries(object)) {
2988
2989
  if (this.scriptKeys.includes(key)) {
2989
- throw kerror.get('invalid_query_keyword', key);
2990
+ for (const scriptArg of Object.keys(value)) {
2991
+ if (! this.scriptAllowedArgs.includes(scriptArg)) {
2992
+ throw kerror.get('invalid_query_keyword', `${key}.${scriptArg}`);
2993
+ }
2994
+ }
2990
2995
  }
2991
2996
  // Every object must be checked here, even the ones nested into an array
2992
2997
  else if (typeof value === 'object' && value !== null) {
package/package-lock.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "kuzzle",
3
- "version": "2.15.0",
3
+ "version": "2.15.1",
4
4
  "lockfileVersion": 1,
5
5
  "requires": true,
6
6
  "dependencies": {
@@ -2471,9 +2471,9 @@
2471
2471
  "dev": true
2472
2472
  },
2473
2473
  "eslint": {
2474
- "version": "8.2.0",
2475
- "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.2.0.tgz",
2476
- "integrity": "sha512-erw7XmM+CLxTOickrimJ1SiF55jiNlVSp2qqm0NuBWPtHYQCegD5ZMaW0c3i5ytPqL+SSLaCxdvQXFPLJn+ABw==",
2474
+ "version": "8.3.0",
2475
+ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.3.0.tgz",
2476
+ "integrity": "sha512-aIay56Ph6RxOTC7xyr59Kt3ewX185SaGnAr8eWukoPLeriCrvGjvAubxuvaXOfsxhtwV5g0uBOsyhAom4qJdww==",
2477
2477
  "dev": true,
2478
2478
  "requires": {
2479
2479
  "@eslint/eslintrc": "^1.0.4",
@@ -2485,10 +2485,10 @@
2485
2485
  "doctrine": "^3.0.0",
2486
2486
  "enquirer": "^2.3.5",
2487
2487
  "escape-string-regexp": "^4.0.0",
2488
- "eslint-scope": "^6.0.0",
2488
+ "eslint-scope": "^7.1.0",
2489
2489
  "eslint-utils": "^3.0.0",
2490
- "eslint-visitor-keys": "^3.0.0",
2491
- "espree": "^9.0.0",
2490
+ "eslint-visitor-keys": "^3.1.0",
2491
+ "espree": "^9.1.0",
2492
2492
  "esquery": "^1.4.0",
2493
2493
  "esutils": "^2.0.2",
2494
2494
  "fast-deep-equal": "^3.1.3",
@@ -2563,9 +2563,9 @@
2563
2563
  "dev": true
2564
2564
  },
2565
2565
  "eslint-scope": {
2566
- "version": "6.0.0",
2567
- "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-6.0.0.tgz",
2568
- "integrity": "sha512-uRDL9MWmQCkaFus8RF5K9/L/2fn+80yoW3jkD53l4shjCh26fCtvJGasxjUqP5OT87SYTxCVA3BwTUzuELx9kA==",
2566
+ "version": "7.1.0",
2567
+ "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.0.tgz",
2568
+ "integrity": "sha512-aWwkhnS0qAXqNOgKOK0dJ2nvzEbhEvpy8OlJ9kZ0FeZnA6zpjv1/Vei+puGFFX7zkPCkHHXb7IDX3A+7yPrRWg==",
2569
2569
  "dev": true,
2570
2570
  "requires": {
2571
2571
  "esrecurse": "^4.3.0",
@@ -2573,14 +2573,14 @@
2573
2573
  }
2574
2574
  },
2575
2575
  "espree": {
2576
- "version": "9.0.0",
2577
- "resolved": "https://registry.npmjs.org/espree/-/espree-9.0.0.tgz",
2578
- "integrity": "sha512-r5EQJcYZ2oaGbeR0jR0fFVijGOcwai07/690YRXLINuhmVeRY4UKSAsQPe/0BNuDgwP7Ophoc1PRsr2E3tkbdQ==",
2576
+ "version": "9.1.0",
2577
+ "resolved": "https://registry.npmjs.org/espree/-/espree-9.1.0.tgz",
2578
+ "integrity": "sha512-ZgYLvCS1wxOczBYGcQT9DDWgicXwJ4dbocr9uYN+/eresBAUuBu+O4WzB21ufQ/JqQT8gyp7hJ3z8SHii32mTQ==",
2579
2579
  "dev": true,
2580
2580
  "requires": {
2581
- "acorn": "^8.5.0",
2581
+ "acorn": "^8.6.0",
2582
2582
  "acorn-jsx": "^5.3.1",
2583
- "eslint-visitor-keys": "^3.0.0"
2583
+ "eslint-visitor-keys": "^3.1.0"
2584
2584
  }
2585
2585
  },
2586
2586
  "estraverse": {
@@ -3621,9 +3621,9 @@
3621
3621
  }
3622
3622
  },
3623
3623
  "ioredis": {
3624
- "version": "4.28.0",
3625
- "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-4.28.0.tgz",
3626
- "integrity": "sha512-I+zkeeWp3XFgPT2CtJKxvaF5FjGBGt4yGYljRjQecdQKteThuAsKqffeF1lgHVlYnuNeozRbPOCDNZ7tDWPeig==",
3624
+ "version": "4.28.1",
3625
+ "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-4.28.1.tgz",
3626
+ "integrity": "sha512-7gcrUJEcPHWy+eEyq6wIZpXtfHt8crhbc5+z0sqrnHUkwBblXinygfamj+/jx83Qo+2LW3q87Nj2VsuH6BF2BA==",
3627
3627
  "requires": {
3628
3628
  "cluster-key-slot": "^1.1.0",
3629
3629
  "debug": "^4.3.1",
@@ -4401,9 +4401,9 @@
4401
4401
  }
4402
4402
  },
4403
4403
  "long": {
4404
- "version": "5.1.0",
4405
- "resolved": "https://registry.npmjs.org/long/-/long-5.1.0.tgz",
4406
- "integrity": "sha512-eNc10JP6ezXp/qxXZlKS4OHAKNae3je9LUkjmXPDEa+Iidlz0n4nFi/9LT+GOgcayMWhykLoISN+v0THeOiWQQ=="
4404
+ "version": "5.2.0",
4405
+ "resolved": "https://registry.npmjs.org/long/-/long-5.2.0.tgz",
4406
+ "integrity": "sha512-9RTUNjK60eJbx3uz+TEGF7fUr29ZDxR5QzXcyDpeSfeH28S9ycINflOgOlppit5U+4kNTe83KQnMEerw7GmE8w=="
4407
4407
  },
4408
4408
  "lower-case": {
4409
4409
  "version": "1.1.4",
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "kuzzle",
3
3
  "author": "The Kuzzle Team <support@kuzzle.io>",
4
- "version": "2.15.0",
4
+ "version": "2.15.1",
5
5
  "description": "Kuzzle is an open-source solution that handles all the data management through a secured API, with a large choice of protocols.",
6
6
  "bin": {
7
7
  "kuzzle": "bin/start-kuzzle-server"
@@ -50,7 +50,7 @@
50
50
  "dumpme": "^1.0.3",
51
51
  "eventemitter3": "^4.0.7",
52
52
  "inquirer": "^8.2.0",
53
- "ioredis": "^4.28.0",
53
+ "ioredis": "^4.28.1",
54
54
  "js-yaml": "^4.1.0",
55
55
  "json-stable-stringify": "^1.0.1",
56
56
  "json2yaml": "^1.1.0",
@@ -61,7 +61,7 @@
61
61
  "kuzzle-sdk": "7.7.6",
62
62
  "kuzzle-vault": "^2.0.4",
63
63
  "lodash": "4.17.21",
64
- "long": "^5.1.0",
64
+ "long": "^5.2.0",
65
65
  "moment": "^2.29.1",
66
66
  "ms": "^2.1.3",
67
67
  "murmurhash-native": "^3.5.0",
@@ -96,7 +96,7 @@
96
96
  "codecov": "^3.8.3",
97
97
  "cucumber": "^6.0.5",
98
98
  "ergol": "^1.0.1",
99
- "eslint": "^8.2.0",
99
+ "eslint": "^8.3.0",
100
100
  "mocha": "^9.1.3",
101
101
  "mock-require": "^3.0.3",
102
102
  "mqtt": "^4.2.8",