Minor code enhancement for settable parameters to work in all scenarios

Author: sharadraju

lib/oracledb.js

@@ -324,31 +324,33 @@ async function _verifyOptions(options, inCreatePool) {
 
   // machine must be a string
   if (options.machine !== undefined) {
-    errors.assertPropValue(typeof options.machine === 'string', "machine");
+    nodbUtil.assertParamPropNetworkName(options, 1, "machine");
     outOptions.machine = options.machine;
   }
 
   // osUser must be a string
   if (options.osUser !== undefined) {
-    errors.assertPropValue(typeof options.osUser === 'string', "osUser");
+    nodbUtil.assertParamPropNetworkName(options, 1, "osUser");
     outOptions.osUser = options.osUser;
   }
 
   // driverName must be a string
   if (options.driverName !== undefined) {
-    errors.assertPropValue(typeof options.driverName === 'string', "driverName");
+    errors.assertParamPropValue(typeof options.driverName === 'string',
+      1, "driverName");
     outOptions.driverName = options.driverName;
   }
 
   // program must be a string
   if (options.program !== undefined) {
-    errors.assertPropValue(typeof options.program === 'string', "program");
+    nodbUtil.assertParamPropNetworkName(options, 1, "program");
     outOptions.program = options.program;
   }
 
   // terminal must be a string
   if (options.terminal !== undefined) {
-    errors.assertPropValue(typeof options.terminal === 'string', "terminal");
+    errors.assertParamPropValue(typeof options.terminal === 'string',
+      1, "terminal");
     outOptions.terminal = options.terminal;
   }
 
@@ -1411,6 +1413,8 @@ module.exports = {
 
   set machine(value) {
     errors.assertPropValue(typeof value === 'string', "machine");
+    const sanitizedValue = nodbUtil.sanitize(value);
+    errors.assertPropValue(value == sanitizedValue, "machine");
     settings.machine = value;
   },
 
@@ -1421,6 +1425,8 @@ module.exports = {
 
   set osUser(value) {
     errors.assertPropValue(typeof value === 'string', "osUser");
+    const sanitizedValue = nodbUtil.sanitize(value);
+    errors.assertPropValue(value == sanitizedValue, "osUser");
     settings.osUser = value;
   },
 
@@ -1480,6 +1486,8 @@ module.exports = {
 
   set program(value) {
     errors.assertPropValue(typeof value === 'string', "program");
+    const sanitizedValue = nodbUtil.sanitize(value);
+    errors.assertPropValue(value == sanitizedValue, "program");
     settings.program = value;
   },
 

lib/thin/sqlnet/navNodes.js

@@ -778,7 +778,7 @@ class NavDescription extends Description {
         this.connectData = "(SERVICE_NAME=)";
       }
 
-      let pgmName = "\"'" + cInfo.program + "'\"";
+      let pgmName = cInfo.program;
       if (cs.program) {
         pgmName = cs.program;
       }

lib/thin/util.js

@@ -29,22 +29,23 @@
 const constants = require('../constants');
 const errors = require('../errors.js');
 const os = require('os');
+const nodbUtil = require('../util.js');
 
 //---------------------------------------------------------------------------
 // populateClientInfo()
 //
 // Populates client process information
 //---------------------------------------------------------------------------
 function populateClientInfo() {
-  this.program = process.argv0;
+  this.program = nodbUtil.sanitize(process.argv0);
   this.terminal = "unknown";
   this.pid = process.pid.toString();
   try {
-    this.userName = os.userInfo().username;
+    this.userName = nodbUtil.sanitize(os.userInfo().username);
   } catch {
     this.userName = "unknown";
   }
-  this.hostName = os.hostname();
+  this.hostName = nodbUtil.sanitize(os.hostname());
 }
 // Initialize client data on startup.
 const CLIENT_INFO = new populateClientInfo();

lib/util.js

@@ -34,6 +34,14 @@ const types = require('./types.js');
 const constants = require('./constants.js');
 const traceHandler = require('./traceHandler.js');
 
+// set of valid network characters
+const validNetworkCharacterSet = new Set(['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I',
+  'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+  'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+  'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3',
+  '4', '5', '6', '7', '8', '9', '0', '<', '>', '/', '\\', ',', '.', ':', ';', '\'',
+  '"', '-', '_', '$', '+', '*', '#', '&', '!', '%', '?', '@']);
+
 // node-oracledb version number
 let packageJSON;
 try {
@@ -55,6 +63,17 @@ const BUILD_FILE = 'oracledb.node';
 // Staging directory used by maintainers building the npm package
 const STAGING_DIR = 'package/Staging';
 
+//-----------------------------------------------------------------------------
+// assertParamPropNetworkName()
+//
+// Asserts input vaue and sanitized value passes specified condition
+// -----------------------------------------------------------------------------
+function assertParamPropNetworkName(obj, parameterNum, propName) {
+  errors.assertParamPropString(obj, parameterNum, propName);
+  const sanitizedValue = sanitize(obj[propName]);
+  errors.assertParamPropValue(obj[propName] === sanitizedValue, parameterNum, propName);
+}
+
 // getInstallURL returns a string with installation URL
 function getInstallURL() {
   return ('Node-oracledb installation instructions: https://node-oracledb.readthedocs.io/en/latest/user_guide/installation.html');
@@ -501,6 +520,42 @@ function makeDate(useLocal, year, month, day, hour, minute,
     fseconds) - offset * 60000);
 }
 
+//---------------------------------------------------------------------------
+// sanitize()
+//
+// this function replaces invalid characters in a string with characters
+// guaranteed to be in the Network Character Set.
+//---------------------------------------------------------------------------
+function sanitize(text) {
+  let value = text.split('');
+
+  // if first character is single/double quote
+  if ((value[0] === '\'' || value[0] === '"')) {
+    value = value.splice(1);
+  }
+
+  // if last character is single/double quote
+  if ((value[value.length - 1] === '\'' || value[value.length - 1] === '"')) {
+    value.pop();
+  }
+
+  // look for invalid characters, and replace them with '?'
+  // in case of default values and throw an error
+  // for user provided values
+  for (let i = 0; i < value.length; i++) {
+    if (!validNetworkCharacterSet.has(value[i])) {
+      value[i] = '?';
+    }
+  }
+
+  // if last character is a backslash
+  if (value[value.length - 1] === '\\') {
+    value[value.length - 1] = '?';
+  }
+
+  return value.join('');
+}
+
 // define exports
 module.exports = {
   BINARY_FILE,
@@ -509,6 +564,7 @@ module.exports = {
   RELEASE_DIR,
   STAGING_DIR,
   addTypeProperties,
+  assertParamPropNetworkName,
   callbackify,
   denormalizePrivateKey,
   getInstallURL,
@@ -525,6 +581,7 @@ module.exports = {
   isXid,
   normalizeXid,
   makeDate,
+  sanitize,
   verifySodaDoc,
   wrapFn,
   wrapFns

test/connection.js

@@ -609,11 +609,11 @@ describe('1. connection.js', function() {
       if (!dbConfig.test.DBA_PRIVILEGE || !oracledb.thin) return;
 
       // Set the original parameters back
-      oracledb.driverName = origDriverName;
-      oracledb.program = origProgramName;
-      oracledb.terminal = origTerminalName;
-      oracledb.machine = origMachineName;
-      oracledb.osUser = origUserName;
+      oracledb.driverName = origDriverName ?? "";
+      oracledb.program = origProgramName ?? "";
+      oracledb.terminal = origTerminalName ?? "";
+      oracledb.machine = origMachineName ?? "";
+      oracledb.osUser = origUserName ?? "";
     });
 
     it('1.18.1 negative - Check parameter value type', async function() {
@@ -627,61 +627,61 @@ describe('1. connection.js', function() {
       dbaConfig.driverName = null;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.driverName = 1;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.machine = null;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.machine = 1;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.terminal = null;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.terminal = 1;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.program = null;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.program = 1;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.osUser = null;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
 
       dbaConfig.osUser = 1;
       await assert.rejects(
         async () => await oracledb.getConnection(dbaConfig),
-        /NJS-004:/
+        /NJS-007:/
       );
     });
 
@@ -780,6 +780,106 @@ describe('1. connection.js', function() {
       // above change in config won't effect already existing connection
       res = await conn.execute(sqlDriverName);
       assert.deepStrictEqual(res.rows[0][0], 'mydriver');
+
+      // new connection with parameters value having invalid special character
+      // We check for parameters i.e. program, machine and osUser
+      dbaConfig.program = 'pg(m4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.program = 'pgm)4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.program = 'pgm4=';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.program = 'pgm4\\';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.program = '"pgm4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.program = 'pgm4"';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.osUser = '(myuser4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.osUser = 'myus)er4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.osUser = 'myus=er4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.osUser = 'myuser4\\';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.osUser = '"myuser4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.osUser = 'myuser4"';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.machine = '(machine4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.machine = ')machine4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.machine = 'machine4\\';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.machine = 'machine4=';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.machine = '"machine4';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      dbaConfig.machine = 'machine4"';
+      await assert.rejects(
+        async () => await oracledb.getConnection(dbaConfig),
+        /NJS-007:/
+      );
+      res = await conn3.execute(sqlDriverName);
+      assert.deepStrictEqual(res.rows[0][0], 'mydriver3');
+
+      // above change in config won't effect already existing connection
+      res = await conn.execute(sqlDriverName);
+      assert.deepStrictEqual(res.rows[0][0], 'mydriver');
+
       await conn1.close();
       await conn.close();
       await conn2.close();