Add size constraint check for attribute and element values of DbOject class (Issue #1630)

Author: sharadraju

doc/src/release_notes.rst

@@ -13,6 +13,12 @@ node-oracledb `v6.4.0 <https://github.com/oracle/node-oracledb/compare/v6.3.0...
 Common Changes
 ++++++++++++++
 
+#)  Attribute and element values of :ref:`DbObject Class
+    <dbobjectclass>` objects that contain strings or bytes now have their
+    maximum size constraints checked. Errors ``NJS-142`` and ``NJS-143`` are
+    now raised when the size constraints are violated.
+    `Issue #1630 <https://github.com/oracle/node-oracledb/issues/1630>`__.
+
 Thin Mode Changes
 ++++++++++++++++++
 
@@ -533,13 +539,13 @@ node-oracledb `v5.5.0 <https://github.com/oracle/node-oracledb/compare/v5.4.0...
 
     - Deprecated ``pool.setAccessToken()``.
 
-#)  ResultSets now implement the ``asyncIterator()`` symbol to support asynchonous
-    iteration.
+#)  ResultSets now implement the ``asyncIterator()`` symbol to support
+    asynchronous iteration.
 
 #)  Added support for Oracle Advanced Queuing (AQ) :ref:`aqrecipientlists`.
 
 #)  Fixed a regression that could cause a pool alias to be recorded in the
-    internal list of aliases even if pool creation failed.
+    internal list of aliases even if pool creation had failed.
 
 
 node-oracledb `v5.4.0 <https://github.com/oracle/node-oracledb/compare/v5.3.0...v5.4.0>`__ (9 Jun 2022)
@@ -717,8 +723,8 @@ node-oracledb `v5.1.0 <https://github.com/oracle/node-oracledb/compare/v5.0.0...
     format.  A new type ``oracledb.DB_TYPE_JSON`` was added.
 
 #)  Numeric suffixes are now added to duplicate SELECT column names when using
-    ``oracledb.OUT_FORMAT_OBJECT`` mode, allowing all columns to be represented in
-    the JavaScript object.
+    ``oracledb.OUT_FORMAT_OBJECT`` mode, allowing all columns to be represented
+    in the JavaScript object.
 
 #)  The value of ``prefetchRows`` set when getting a REF CURSOR as a BIND_OUT
     parameter is now used in the subsequent data retrieval from that cursor.
@@ -759,8 +765,8 @@ node-oracledb `v5.0.0 <https://github.com/oracle/node-oracledb/compare/v4.2.0...
       to the Node.js image `Issue #1201 <https://github.com/oracle/
       node-oracledb/issues/1201>`__.
 
-    - Removed use of git in `package/buildpackage.js` making offline builds cleaner
-      for self-hosting node-oracledb.
+    - Removed use of git in `package/buildpackage.js` making offline builds
+      cleaner for self-hosting node-oracledb.
 
 #)  Connection Pool changes:
 
@@ -770,8 +776,8 @@ node-oracledb `v5.0.0 <https://github.com/oracle/node-oracledb/compare/v4.2.0...
       `Issue #514 <https://github.com/oracle/node-oracledb/issues/514>`__.
 
     - Made an internal change to use an Oracle Client 20 Session Pool feature
-      allowing node-oracledb connection pools to shrink to ``poolMin`` even when
-      there is no pool activity.
+      allowing node-oracledb connection pools to shrink to ``poolMin`` even
+      when there is no pool activity.
 
 #)  Added :attr:`oracledb.prefetchRows` and equivalent ``execute()`` option
     attribute :ref:`prefetchRows <propexecprefetchrows>` for query row fetch

lib/connection.js

@@ -105,7 +105,10 @@ class Connection extends EventEmitter {
       const cls = this._getDbObjectClass(objType.elementTypeClass);
       objType.elementTypeClass = cls;
     }
-    nodbUtil.addTypeProperties(objType, "elementType");
+    if (objType.isCollection) {
+      nodbUtil.addTypeProperties(objType, "elementType");
+      objType.elementTypeInfo.type = objType.elementType;
+    }
     if (objType.attributes) {
       const props = {};
       for (const attr of objType.attributes) {

lib/dbObject.js

@@ -32,6 +32,48 @@ const errors = require('./errors.js');
 const types = require('./types.js');
 const util = require('util');
 
+//---------------------------------------------------------------------------
+// validatePropertyValue
+//
+// Validate the value based on metadata.
+// For object type, metaData corresponds to the attribute which is set.
+// For collection type, metaData corresponds to element in the collection.
+//---------------------------------------------------------------------------
+function validatePropertyValue(objType, metaData, value, index) {
+  let valueLen, lengthErr = false;
+
+  if (value) {
+    switch (metaData.type) {
+      case types.DB_TYPE_VARCHAR:
+      case types.DB_TYPE_NVARCHAR:
+      case types.DB_TYPE_NCHAR:
+      case types.DB_TYPE_CHAR:
+        valueLen = Buffer.byteLength(value);
+        if (valueLen > metaData.maxSize) {
+          lengthErr = true;
+        }
+        break;
+      case types.DB_TYPE_RAW:
+        valueLen = value.length;
+        if (valueLen > metaData.maxSize) {
+          lengthErr = true;
+        }
+        break;
+      default:
+        break;
+    }
+    if (lengthErr) {
+      if (index !== undefined) {
+        errors.throwErr(errors.ERR_WRONG_LENGTH_FOR_DBOBJECT_ELEM,
+          index, objType.fqn, valueLen, metaData.maxSize);
+      } else {
+        errors.throwErr(errors.ERR_WRONG_LENGTH_FOR_DBOBJECT_ATTR,
+          metaData.name, objType.fqn, valueLen, metaData.maxSize);
+      }
+    }
+  }
+}
+
 // define base database object class; instances of this class are never
 // instantiated; instead, classes subclassed from this one will be
 // instantiated; a cache of these classes are maintained on each connection
@@ -61,6 +103,7 @@ class BaseDbObject {
     };
     const options = {allowArray: false};
     value = transformer.transformValueIn(info, value, options);
+    validatePropertyValue(this._objType, attr, value);
     this._impl.setAttrValue(attr, value);
   }
 
@@ -124,6 +167,13 @@ class BaseDbObject {
     };
     const options = {allowArray: false};
     value = transformer.transformValueIn(info, value, options);
+    let index = this._impl.getLastIndex();
+    if (index) {
+      index = index + 1; // element will be appended at index + 1.
+    } else {
+      index = 0; // undefined for initial append, so set it to 0
+    }
+    validatePropertyValue(this._objType, this._objType.elementTypeInfo, value, index);
     this._impl.append(value);
   }
 
@@ -344,6 +394,7 @@ class BaseDbObject {
     };
     const options = {allowArray: false};
     value = transformer.transformValueIn(info, value, options);
+    validatePropertyValue(this._objType, this._objType.elementTypeInfo, value, index);
     this._impl.setElement(index, value);
   }
 

lib/errors.js

@@ -139,6 +139,8 @@ const ERR_SERVER_VERSION_NOT_SUPPORTED = 138;
 const ERR_UNEXPECTED_XML_TYPE = 139;
 const ERR_WRONG_USER_FORMAT_EXTAUTH_PROXY = 140;
 const ERR_TOO_MANY_BATCH_ERRORS = 141;
+const ERR_WRONG_LENGTH_FOR_DBOBJECT_ATTR = 142;
+const ERR_WRONG_LENGTH_FOR_DBOBJECT_ELEM = 143;
 
 // Oracle Net layer errors start from 500
 const ERR_CONNECTION_CLOSED = 500;
@@ -406,6 +408,10 @@ messages.set(ERR_WRONG_USER_FORMAT_EXTAUTH_PROXY,       // NJS-140
   'user name must be enclosed in [] when using external authentication with a proxy user');
 messages.set(ERR_TOO_MANY_BATCH_ERRORS,                 // NJS-141
   'the number of batch errors from executemany() exceeds 65535');
+messages.set(ERR_WRONG_LENGTH_FOR_DBOBJECT_ATTR,        // NJS-142
+  'value too large for attribute %s of object %s (actual: %d, maximum: %d)');
+messages.set(ERR_WRONG_LENGTH_FOR_DBOBJECT_ELEM,        // NJS-143
+  'value too large for element %d of object %s (actual: %d, maximum: %d)');
 
 // Oracle Net layer errors
 
@@ -793,6 +799,8 @@ module.exports = {
   ERR_UNEXPECTED_XML_TYPE,
   ERR_WRONG_USER_FORMAT_EXTAUTH_PROXY,
   ERR_TOO_MANY_BATCH_ERRORS,
+  ERR_WRONG_LENGTH_FOR_DBOBJECT_ATTR,
+  ERR_WRONG_LENGTH_FOR_DBOBJECT_ELEM,
   ERR_CONNECTION_CLOSED_CODE: `${ERR_PREFIX}-${ERR_CONNECTION_CLOSED}`,
   WRN_COMPILATION_CREATE,
   assert,