Replace eval() for parsing JSON strings (#465)

* Replace eval() with JSON.parse() for parsing JSON strings * Replace eval with safe-eval for parsing JSON strings * Replace eval with better-eval for parsing JSON strings * Use assert without strict for comparing objects created by better-eval * Use assert without strict for comparing objects created by better-eval * Use assert without strict for comparing objects created by better-eval --------- Co-authored-by: ilesh garish <111810784+sfc-gh-igarish@users.noreply.github.com>
snowflakedb · Apr 17, 2023 · 0c9622a · 0c9622a
1 parent ca2f5e6
commit 0c9622a
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 11 deletions.
diff --git a/lib/connection/result/column.js b/lib/connection/result/column.js
@@ -9,6 +9,7 @@ var SfTimestamp = require('./sf_timestamp');
 var SqlTypes = require('./data_types').SqlTypes;
 var bigInt = require('big-integer');
 var { XMLParser, XMLValidator } = require("fast-xml-parser");
+var betterEval = require("better-eval");
 
 var NULL_UPPERCASE = 'NULL';
 
@@ -551,7 +552,7 @@ function convertRawVariant(rawColumnValue, column, context)
   {
     try
     {
-      ret = eval("(" + rawColumnValue + ")");
+      ret = betterEval("(" + rawColumnValue + ")");
     }
     catch (parseError)
     {

diff --git a/package.json b/package.json
@@ -11,6 +11,7 @@
 	"async": "^3.2.3",
     "aws-sdk": "^2.878.0",
     "axios": "^0.27.2",
+    "better-eval": "^1.3.0",
     "big-integer": "^1.6.43",
     "bignumber.js": "^2.4.0",
     "binascii": "0.0.2",

diff --git a/test/integration/testDataType.js b/test/integration/testDataType.js
@@ -234,7 +234,10 @@ describe('Test DataType', function ()
               connection,
               selectVariant,
               [{'COLA': {a: 1, b: [1, 2, 3, -Infinity, undefined], c: {a: 1}}}],
-              callback
+              callback,
+              null,
+              true,
+              false
             );
           }],
         done
@@ -259,7 +262,10 @@ describe('Test DataType', function ()
               connection,
               selectArray,
               [{'COLA': ['a', 1]}],
-              callback
+              callback,
+              null,
+              true,
+              false
             );
           }],
         done

diff --git a/test/integration/testUtil.js b/test/integration/testUtil.js
@@ -51,10 +51,11 @@ module.exports.checkError = function (err)
   assert.ok(!err, JSON.stringify(err));
 };
 
-module.exports.executeQueryAndVerify = function (connection, sql, expected, callback, bindArray, normalize)
+module.exports.executeQueryAndVerify = function (connection, sql, expected, callback, bindArray, normalize, strict)
 {
   // Sometimes we may not want to normalize the row first
   normalize = (typeof normalize !== "undefined" && normalize != null) ? normalize : true;
+  strict = (typeof strict !== "undefined" && strict != null) ? strict : true;
   var executeOptions = {};
   executeOptions.sqlText = sql;
   executeOptions.complete = function (err, stmt)
@@ -67,7 +68,14 @@ module.exports.executeQueryAndVerify = function (connection, sql, expected, call
       var row;
       while ((row = stream.read()) !== null)
       {
-        assert.deepStrictEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]);
+        if (strict)
+        {
+          assert.deepStrictEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]);
+        }
+        else
+        {
+          assert.deepEqual(normalize ? normalizeRowObject(row) : row, expected[rowCount]);
+        }
         rowCount++;
       }
     });

diff --git a/test/unit/connection/result/result_test_variant.js b/test/unit/connection/result/result_test_variant.js
@@ -59,18 +59,18 @@ describe('Result: test variant', function ()
         function (row)
         {
           // variant
-          assert.deepStrictEqual(row.getColumnValue('C1'), {a: 1});
-          assert.strictEqual(
+          assert.deepEqual(row.getColumnValue('C1'), {a: 1});
+          assert.equal(
             row.getColumnValueAsString('C1'), JSON.stringify({a: 1}));
 
           // object
-          assert.deepStrictEqual(row.getColumnValue('C2'), {a: 1});
-          assert.strictEqual(
+          assert.deepEqual(row.getColumnValue('C2'), {a: 1});
+          assert.equal(
             row.getColumnValueAsString('C2'), JSON.stringify({a: 1}));
 
           // array
-          assert.deepStrictEqual(row.getColumnValue('C3'), [1, 2]);
-          assert.strictEqual(
+          assert.deepEqual(row.getColumnValue('C3'), [1, 2]);
+          assert.equal(
             row.getColumnValueAsString('C3'), JSON.stringify([1, 2]));
         },
         function (result)