npm - prisma-sql - Versions diffs - 1.23.0 → 1.24.0 - Mend

prisma-sql 1.23.0 → 1.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/generator.js CHANGED Viewed

@@ -54,7 +54,7 @@ var require_package = __commonJS({
   "package.json"(exports$1, module) {
     module.exports = {
       name: "prisma-sql",
-      version: "1.23.0",
+      version: "1.24.0",
       description: "Convert Prisma queries to optimized SQL with type safety. 2-7x faster than Prisma Client.",
       main: "dist/index.cjs",
       module: "dist/index.js",
@@ -790,8 +790,140 @@ var NUL = String.fromCharCode(0);
 function containsControlChars(s) {
   return s.includes(NUL) || s.includes("\n") || s.includes("\r");
 }
-function containsUnsafeSqlFragmentChars(s) {
-  return containsControlChars(s) || s.includes(";");
+function assertNoControlChars(label, s) {
+  if (containsControlChars(s)) {
+    throw new Error(
+      `${label} contains invalid characters: ${JSON.stringify(s)}`
+    );
+  }
+}
+function isIdentCharCode(c) {
+  return c >= 48 && c <= 57 || c >= 65 && c <= 90 || c >= 97 && c <= 122 || c === 95;
+}
+function isIdentStartCharCode(c) {
+  return c >= 65 && c <= 90 || c >= 97 && c <= 122 || c === 95;
+}
+function parseQuotedPart(input, start) {
+  const n = input.length;
+  let i = start + 1;
+  let sawAny = false;
+  while (i < n) {
+    const c = input.charCodeAt(i);
+    if (c === 34) {
+      const next = i + 1;
+      if (next < n && input.charCodeAt(next) === 34) {
+        sawAny = true;
+        i += 2;
+        continue;
+      }
+      if (!sawAny) {
+        throw new Error(
+          `tableName/tableRef has empty quoted identifier part: ${JSON.stringify(input)}`
+        );
+      }
+      return i + 1;
+    }
+    if (c === 10 || c === 13 || c === 0) {
+      throw new Error(
+        `tableName/tableRef contains invalid characters: ${JSON.stringify(input)}`
+      );
+    }
+    sawAny = true;
+    i++;
+  }
+  throw new Error(
+    `tableName/tableRef has unterminated quoted identifier: ${JSON.stringify(input)}`
+  );
+}
+function parseUnquotedPart(input, start) {
+  const n = input.length;
+  let i = start;
+  if (i >= n) {
+    throw new Error(`tableName/tableRef is invalid: ${JSON.stringify(input)}`);
+  }
+  const c0 = input.charCodeAt(i);
+  if (!isIdentStartCharCode(c0)) {
+    throw new Error(
+      `tableName/tableRef must use identifiers (or quoted identifiers). Got: ${JSON.stringify(input)}`
+    );
+  }
+  i++;
+  while (i < n) {
+    const c = input.charCodeAt(i);
+    if (c === 46) break;
+    if (!isIdentCharCode(c)) {
+      throw new Error(
+        `tableName/tableRef contains invalid identifier characters: ${JSON.stringify(input)}`
+      );
+    }
+    i++;
+  }
+  return i;
+}
+function assertSafeQualifiedName(tableRef) {
+  const raw = String(tableRef);
+  const trimmed = raw.trim();
+  if (trimmed.length === 0) {
+    throw new Error("tableName/tableRef is required and cannot be empty");
+  }
+  if (raw !== trimmed) {
+    throw new Error(
+      `tableName/tableRef must not contain leading/trailing whitespace: ${JSON.stringify(raw)}`
+    );
+  }
+  assertNoControlChars("tableName/tableRef", trimmed);
+  for (let i2 = 0; i2 < trimmed.length; i2++) {
+    const c = trimmed.charCodeAt(i2);
+    if (c === 9 || c === 11 || c === 12 || c === 32) {
+      throw new Error(
+        `tableName/tableRef must not contain whitespace: ${JSON.stringify(trimmed)}`
+      );
+    }
+    if (c === 59) {
+      throw new Error(
+        `tableName/tableRef must not contain ';': ${JSON.stringify(trimmed)}`
+      );
+    }
+    if (c === 40 || c === 41) {
+      throw new Error(
+        `tableName/tableRef must not contain parentheses: ${JSON.stringify(trimmed)}`
+      );
+    }
+  }
+  let i = 0;
+  const n = trimmed.length;
+  let parts = 0;
+  while (i < n) {
+    const c = trimmed.charCodeAt(i);
+    if (c === 46) {
+      throw new Error(
+        `tableName/tableRef has empty identifier part: ${JSON.stringify(trimmed)}`
+      );
+    }
+    if (c === 34) {
+      i = parseQuotedPart(trimmed, i);
+    } else {
+      i = parseUnquotedPart(trimmed, i);
+    }
+    parts++;
+    if (parts > 2) {
+      throw new Error(
+        `tableName/tableRef must be 'table' or 'schema.table' (max 2 parts). Got: ${JSON.stringify(trimmed)}`
+      );
+    }
+    if (i === n) break;
+    if (trimmed.charCodeAt(i) !== 46) {
+      throw new Error(
+        `tableName/tableRef is invalid: ${JSON.stringify(trimmed)}`
+      );
+    }
+    i++;
+    if (i === n) {
+      throw new Error(
+        `tableName/tableRef cannot end with '.': ${JSON.stringify(trimmed)}`
+      );
+    }
+  }
 }
 function quote(id) {
   if (isEmptyString(id)) {
@@ -856,7 +988,7 @@ function assertSafeAlias(alias) {
   if (a.trim().length === 0) {
     throw new Error("alias is required and cannot be empty");
   }
-  if (containsUnsafeSqlFragmentChars(a)) {
+  if (containsControlChars(a) || a.includes(";")) {
     throw new Error(`alias contains unsafe characters: ${JSON.stringify(a)}`);
   }
   if (!/^[A-Za-z_]\w*$/.test(a)) {
@@ -866,15 +998,7 @@ function assertSafeAlias(alias) {
   }
 }
 function assertSafeTableRef(tableRef) {
-  const t = String(tableRef);
-  if (t.trim().length === 0) {
-    throw new Error("tableName/tableRef is required and cannot be empty");
-  }
-  if (containsUnsafeSqlFragmentChars(t)) {
-    throw new Error(
-      `tableName/tableRef contains unsafe characters: ${JSON.stringify(t)}`
-    );
-  }
+  assertSafeQualifiedName(tableRef);
 }
 function normalizeKeyList(input) {
   if (!isNotNullish(input)) return [];