petru/dbgate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance JavaScript identifier validation and update variable storage method in ScriptWriterEval

Browse Source
This commit is contained in:
Stela Augustinova
2026-04-10 16:15:45 +02:00
parent 9c97e347c5
commit 5d04d7f01f
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/tools/src/ScriptWriter.ts
View File

@@ -235,10 +235,14 @@ export class ScriptWriterEval implements ScriptWriterGeneric {
}
assignValue(variableName, jsonValue) {
assertValidJsIdentifier(variableName, 'variableName');
this.variables[variableName] = jsonValue;
}
async copyStream(sourceVar, targetVar, colmapVar = null, progressName?: string | { name: string; runid: string }) {
assertValidJsIdentifier(sourceVar, 'sourceVar');
assertValidJsIdentifier(targetVar, 'targetVar');
if (colmapVar != null) assertValidJsIdentifier(colmapVar, 'colmapVar');
await this.dbgateApi.copyStream(this.variables[sourceVar], this.variables[targetVar], {
progressName: _cloneDeepWith(progressName, node => {
if (node?.$runid) {

20
packages/tools/src/packageTools.ts
View File

@@ -5,8 +5,26 @@ import _isPlainObject from 'lodash/isPlainObject';
const JS_IDENTIFIER_RE = /^[a-zA-Z_$][a-zA-Z0-9_$]*$/;
// ECMAScript reserved words, strict-mode keywords, and async-context keywords
// that cannot be used as variable or function names in the generated scripts.
// Sources: ECMA-262 §12.7.2 (reserved words), §12.7.3 (strict mode), §14 (contextual).
const JS_RESERVED_WORDS = new Set([
// Keywords
'break', 'case', 'catch', 'class', 'const', 'continue', 'debugger', 'default',
'delete', 'do', 'else', 'export', 'extends', 'false', 'finally', 'for',
'function', 'if', 'import', 'in', 'instanceof', 'let', 'new', 'null', 'return',
'static', 'super', 'switch', 'this', 'throw', 'true', 'try', 'typeof', 'var',
'void', 'while', 'with', 'yield',
// Strict-mode reserved words
'implements', 'interface', 'package', 'private', 'protected', 'public',
// Async context keywords
'async', 'await',
// Future reserved
'enum',
]);
export function isValidJsIdentifier(name: string): boolean {
return typeof name === 'string' && JS_IDENTIFIER_RE.test(name);
return typeof name === 'string' && JS_IDENTIFIER_RE.test(name) && !JS_RESERVED_WORDS.has(name);
}
export function assertValidJsIdentifier(name: string, label: string): void {