BUG#27361584: prevent invalid usage of globstars

ruiquelhas · ruiquelhas · commit ec76bc99b791 · 2022-07-20T15:55:25.000+01:00
Globstars ("**") can be used to create an implicit link between two
elements of a document path. They make it easier and less verbose to
perform operations on a deeper level of a document. However, they are
only valid in a specific setting where the both the leading and trailing
elements in the document path are correctly specified, like the
following:

  '$.foo**.bar'
  '$**.bar'

In practice, this means they cannot be used as the last item in a
document path.

The expression parser does not account for invalid usage of a globstar,
for instance, like in the following instances.

  '$.foo.**bar'
  '$.foo**'
  '$**'

This patch addresses this issue and updates the sub-parser for
"documentPath" expressions to explicitely fail for the cases where a
globstar is the last item in such an expression.

Change-Id: If16c9e1d81af09e912026a566ecb4be173585c89
diff --git a/lib/ExprParser/lib/grammar/collectionOrTableExpressions/documentPath.js b/lib/ExprParser/lib/grammar/collectionOrTableExpressions/documentPath.js
@@ -48,6 +48,15 @@ const PARSER_OPTIONS = {
  * .foo.*
  * .foo[*]
  */
-const parser = _ => r => r.documentPathItem.many();
+const parser = _ => r => r.documentPathItem
+    .many()
+    .assert(items => {
+        // The last item in the document path cannot be a globstar ("**").
+        if (items.length && items[items.length - 1].type === 'doubleAsterisk') {
+            return false;
+        }
+
+        return true;
+    });
 
 module.exports = { name: PARSER_OPTIONS.NAME, parser };
diff --git a/test/unit/ExprParser/columnIdent.js b/test/unit/ExprParser/columnIdent.js
@@ -435,8 +435,7 @@ describe('ExprParser', () => {
             expect(() => Parser.parse("foo->'$foo.[1]'", { type, mode })).to.throw();
             expect(() => Parser.parse("foo->'$foo*[1]'", { type, mode })).to.throw();
             expect(() => Parser.parse("foo->'$foo.*[1]'", { type, mode })).to.throw();
-            // TODO(Rui): BUG#27361584
-            // expect(() => Parser.parse("foo->'$**'", { type, mode })).to.throw();
+            expect(() => Parser.parse("foo->'$**'", { type, mode })).to.throw();
             expect(() => Parser.parse("foo->'$foo**bar'", { type, mode })).to.throw();
             expect(() => Parser.parse("foo->'$foo.**bar'", { type, mode })).to.throw();
             expect(() => Parser.parse("doc->'foo**.bar'", { type, mode })).to.throw();
diff --git a/test/unit/ExprParser/documentField.js b/test/unit/ExprParser/documentField.js
@@ -189,8 +189,7 @@ describe('ExprParser', () => {
                 });
             });
 
-            // TODO(Rui): BUG#27361584
-            it.skip('fails to parse a path to multiple fields linked by a globstar', () => {
+            it('fails to parse a path to multiple fields linked by a globstar', () => {
                 expect(() => Parser.parse('$**', { type })).to.throw();
                 return expect(() => Parser.parse('$.foo**', { type })).to.throw();
             });
@@ -328,8 +327,7 @@ describe('ExprParser', () => {
                 });
             });
 
-            // TODO(Rui): BUG#27361584
-            it.skip('fails to parse a path to multiple fields linked by a globstar', () => {
+            it('fails to parse a path to multiple fields linked by a globstar', () => {
                 expect(() => Parser.parse('**', { type })).to.throw();
                 return expect(() => Parser.parse('foo**', { type })).to.throw();
             });
@@ -341,17 +339,14 @@ describe('ExprParser', () => {
                 expect(() => Parser.parse('.doc', { type })).to.throw();
                 expect(() => Parser.parse('**', { type })).to.throw();
                 expect(() => Parser.parse('**foo', { type })).to.throw();
-                // TODO(Rui): BUG#27361584
-                // expect(() => Parser.parse('_**', { type })).to.throw();
+                expect(() => Parser.parse('_**', { type })).to.throw();
                 expect(() => Parser.parse('_**[*]_**._', { type })).to.throw();
                 expect(() => Parser.parse('_**[*]._.**._', { type })).to.throw();
                 expect(() => Parser.parse('_**[*]_.**._', { type })).to.throw();
-                // TODO(Rui): BUG#27361584
-                // expect(() => Parser.parse('$.foo**', { type })).to.throw();
+                expect(() => Parser.parse('$.foo**', { type })).to.throw();
                 expect(() => Parser.parse('$.foo.**.bar', { type })).to.throw();
                 expect(() => Parser.parse('$.foo[**]', { type })).to.throw();
-                // TODO(Rui): BUG#27361584
-                // expect(() => Parser.parse('$**', { type })).to.throw();
+                expect(() => Parser.parse('$**', { type })).to.throw();
                 expect(() => Parser.parse('$.**', { type })).to.throw();
                 expect(() => Parser.parse('$.**bar', { type })).to.throw();
                 expect(() => Parser.parse('$.**".bar"', { type })).to.throw();
