From 7cc345d28d1e7d30936a1e8f142592855e049135 Mon Sep 17 00:00:00 2001 From: 18rameez <18rameez@gmail.com> Date: Sat, 12 Oct 2024 22:25:14 +0530 Subject: [PATCH 1/2] Fix: Add validation for invalid date query parameter values --- packages/pg/lib/utils.js | 3 +++ .../client/error-handling-tests.js | 22 +++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/packages/pg/lib/utils.js b/packages/pg/lib/utils.js index 09b8d3dd8..95c91272c 100644 --- a/packages/pg/lib/utils.js +++ b/packages/pg/lib/utils.js @@ -60,6 +60,9 @@ var prepareValue = function (val, seen) { return buf.slice(val.byteOffset, val.byteOffset + val.byteLength) // Node.js v4 does not support those Buffer.from params } if (val instanceof Date) { + if (isNaN(val.getTime())) { + throw new Error('Query parameter value cannot be an invalid date.'); + } if (defaults.parseInputDatesAsUTC) { return dateToStringUTC(val) } else { diff --git a/packages/pg/test/integration/client/error-handling-tests.js b/packages/pg/test/integration/client/error-handling-tests.js index 0cf7dfabb..b4a11c760 100644 --- a/packages/pg/test/integration/client/error-handling-tests.js +++ b/packages/pg/test/integration/client/error-handling-tests.js @@ -257,3 +257,25 @@ suite.test('cannot pass non-string values to query as text', (done) => { }) }) }) + + +if (!helper.args.native) { + suite.test('when a query has an invalid date binding', function (done) { + var client = createErorrClient() + var calledDone = false + + client.query( + new pg.Query({ + text: 'SELECT $1::timestamp', + values: [new Date(undefined)], + }), + function (err, res) { + if (!calledDone) { + calledDone = true + assert.equal(err.message, 'Query parameter value cannot be an invalid date.') + client.end(done) + } + } + ) + }) +} From 497ada0b7da90c5820e14f767dbfb98b1bc3ba8c Mon Sep 17 00:00:00 2001 From: 18rameez <18rameez@gmail.com> Date: Sun, 13 Oct 2024 08:37:41 +0530 Subject: [PATCH 2/2] fix: resolve linting issues --- packages/pg/lib/utils.js | 2 +- .../client/error-handling-tests.js | 19 ++++++------------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/packages/pg/lib/utils.js b/packages/pg/lib/utils.js index 95c91272c..6cf91ed6a 100644 --- a/packages/pg/lib/utils.js +++ b/packages/pg/lib/utils.js @@ -61,7 +61,7 @@ var prepareValue = function (val, seen) { } if (val instanceof Date) { if (isNaN(val.getTime())) { - throw new Error('Query parameter value cannot be an invalid date.'); + throw new Error('Query parameter value cannot be an invalid date.') } if (defaults.parseInputDatesAsUTC) { return dateToStringUTC(val) diff --git a/packages/pg/test/integration/client/error-handling-tests.js b/packages/pg/test/integration/client/error-handling-tests.js index b4a11c760..96bb60e77 100644 --- a/packages/pg/test/integration/client/error-handling-tests.js +++ b/packages/pg/test/integration/client/error-handling-tests.js @@ -258,24 +258,17 @@ suite.test('cannot pass non-string values to query as text', (done) => { }) }) - if (!helper.args.native) { suite.test('when a query has an invalid date binding', function (done) { var client = createErorrClient() var calledDone = false - client.query( - new pg.Query({ - text: 'SELECT $1::timestamp', - values: [new Date(undefined)], - }), - function (err, res) { - if (!calledDone) { - calledDone = true - assert.equal(err.message, 'Query parameter value cannot be an invalid date.') - client.end(done) - } + client.query(new pg.Query({ text: 'SELECT $1::timestamp', values: [new Date(undefined)] }), function (err, res) { + if (!calledDone) { + calledDone = true + assert.equal(err.message, 'Query parameter value cannot be an invalid date.') + client.end(done) } - ) + }) }) }