Skip to content

Commit 0c9622a

Browse files
Replace eval() for parsing JSON strings (#465)
* Replace eval() with JSON.parse() for parsing JSON strings * Replace eval with safe-eval for parsing JSON strings * Replace eval with better-eval for parsing JSON strings * Use assert without strict for comparing objects created by better-eval * Use assert without strict for comparing objects created by better-eval * Use assert without strict for comparing objects created by better-eval --------- Co-authored-by: ilesh garish <111810784+sfc-gh-igarish@users.noreply.github.com>
1 parent ca2f5e6 commit 0c9622a

File tree

5 files changed

+27
-11
lines changed

5 files changed

+27
-11
lines changed

Diff for: lib/connection/result/column.js

+2-1
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ var SfTimestamp = require('./sf_timestamp');
99
var SqlTypes = require('./data_types').SqlTypes;
1010
var bigInt = require('big-integer');
1111
var { XMLParser, XMLValidator } = require("fast-xml-parser");
12+
var betterEval = require("better-eval");
1213

1314
var NULL_UPPERCASE = 'NULL';
1415

@@ -551,7 +552,7 @@ function convertRawVariant(rawColumnValue, column, context)
551552
{
552553
try
553554
{
554-
ret = eval("(" + rawColumnValue + ")");
555+
ret = betterEval("(" + rawColumnValue + ")");
555556
}
556557
catch (parseError)
557558
{

Diff for: package.json

+1
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
"async": "^3.2.3",
1212
"aws-sdk": "^2.878.0",
1313
"axios": "^0.27.2",
14+
"better-eval": "^1.3.0",
1415
"big-integer": "^1.6.43",
1516
"bignumber.js": "^2.4.0",
1617
"binascii": "0.0.2",

Diff for: test/integration/testDataType.js

+8-2
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,10 @@ describe('Test DataType', function ()
234234
connection,
235235
selectVariant,
236236
[{'COLA': {a: 1, b: [1, 2, 3, -Infinity, undefined], c: {a: 1}}}],
237-
callback
237+
callback,
238+
null,
239+
true,
240+
false
238241
);
239242
}],
240243
done
@@ -259,7 +262,10 @@ describe('Test DataType', function ()
259262
connection,
260263
selectArray,
261264
[{'COLA': ['a', 1]}],
262-
callback
265+
callback,
266+
null,
267+
true,
268+
false
263269
);
264270
}],
265271
done

Diff for: test/integration/testUtil.js

+10-2
Original file line numberDiff line numberDiff line change
@@ -51,10 +51,11 @@ module.exports.checkError = function (err)
5151
assert.ok(!err, JSON.stringify(err));
5252
};
5353

54-
module.exports.executeQueryAndVerify = function (connection, sql, expected, callback, bindArray, normalize)
54+
module.exports.executeQueryAndVerify = function (connection, sql, expected, callback, bindArray, normalize, strict)
5555
{
5656
// Sometimes we may not want to normalize the row first
5757
normalize = (typeof normalize !== "undefined" && normalize != null) ? normalize : true;
58+
strict = (typeof strict !== "undefined" && strict != null) ? strict : true;
5859
var executeOptions = {};
5960
executeOptions.sqlText = sql;
6061
executeOptions.complete = function (err, stmt)
@@ -67,7 +68,14 @@ module.exports.executeQueryAndVerify = function (connection, sql, expected, call
6768
var row;
6869
while ((row = stream.read()) !== null)
6970
{
70-
assert.deepStrictEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]);
71+
if (strict)
72+
{
73+
assert.deepStrictEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]);
74+
}
75+
else
76+
{
77+
assert.deepEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]);
78+
}
7179
rowCount++;
7280
}
7381
});

Diff for: test/unit/connection/result/result_test_variant.js

+6-6
Original file line numberDiff line numberDiff line change
@@ -59,18 +59,18 @@ describe('Result: test variant', function ()
5959
function (row)
6060
{
6161
// variant
62-
assert.deepStrictEqual(row.getColumnValue('C1'), {a: 1});
63-
assert.strictEqual(
62+
assert.deepEqual(row.getColumnValue('C1'), {a: 1});
63+
assert.equal(
6464
row.getColumnValueAsString('C1'), JSON.stringify({a: 1}));
6565

6666
// object
67-
assert.deepStrictEqual(row.getColumnValue('C2'), {a: 1});
68-
assert.strictEqual(
67+
assert.deepEqual(row.getColumnValue('C2'), {a: 1});
68+
assert.equal(
6969
row.getColumnValueAsString('C2'), JSON.stringify({a: 1}));
7070

7171
// array
72-
assert.deepStrictEqual(row.getColumnValue('C3'), [1, 2]);
73-
assert.strictEqual(
72+
assert.deepEqual(row.getColumnValue('C3'), [1, 2]);
73+
assert.equal(
7474
row.getColumnValueAsString('C3'), JSON.stringify([1, 2]));
7575
},
7676
function (result)

0 commit comments

Comments
 (0)