protobuf.js
protobuf.js copied to clipboard
Published
20 hours ago •
protobufjs
protobufjs
not support eval and new Function()/Function()
protobuf.js version: <6.11.3>
Hello, I encountered the following error when using protobuf 6.11.3 for file codec, indicating that eval and new Function()/Function() are not supported. How can I avoid this problem?
protobuf.load(path, function(err, root) {
if (err){
console.info('-----------------------awesome: ' + err)
throw err;
}
// Obtain a message type
var AwesomeMessage = root.lookupType("awesomepackage.AwesomeMessage");
// Exemplary payload
var payload = { awesomeField: "AwesomeString" };
// Verify the payload if necessary (i.e. when possibly incomplete or invalid)
var errMsg = AwesomeMessage.verify(payload);
if (errMsg){
console.info('-----------------------errMsg: ' + errMsg)
throw Error(errMsg);
}
// Create a new message
var message = AwesomeMessage.create(payload); // or use .fromObject if conversion is necessary
// Encode a message to an Uint8Array (browser) or Buffer (node)
var buffer = AwesomeMessage.encode(message).finish();
console.info('-----------------------encode message: ' + new Uint8Array(buffer))
// ... do something with buffer
// Decode an Uint8Array (browser) or Buffer (node) to a message
var message = AwesomeMessage.decode(buffer);
console.info('-----------------------decode message: ' + JSON.stringify(message))
// ... do something with message
// If the application uses length-delimited buffers, there is also encodeDelimited and decodeDelimited.
// Maybe convert the message back to a plain object
var object = AwesomeMessage.toObject(message, {
longs: String,
enums: String,
bytes: String,
// see ConversionOptions
});
Type.generateConstructor = function generateConstructor(mtype) {
/* eslint-disable no-unexpected-multiline */
var gen = util.codegen(["p"], mtype.name);
// explicitly initialize mutable object/array fields so that these aren't just inherited from the prototype
for (var i = 0, field; i < mtype.fieldsArray.length; ++i)
if ((field = mtype._fieldsArray[i]).map) gen
("this%s={}", util.safeProp(field.name));
else if (field.repeated) gen
("this%s=[]", util.safeProp(field.name));
return gen
("if(p)for(var ks=Object.keys(p),i=0;i<ks.length;++i)if(p[ks[i]]!=null)") // omit undefined or null
("this[ks[i]]=p[ks[i]]");
/* eslint-enable no-unexpected-multiline */
};
function Codegen(formatStringOrScope) {
// note that explicit array handling below makes this ~50% faster
// finish the function
if (typeof formatStringOrScope !== "string") {
var source = toString();
if (codegen.verbose)
console.log("codegen: " + source); // eslint-disable-line no-console
source = "return " + source;
if (formatStringOrScope) {
var scopeKeys = Object.keys(formatStringOrScope),
scopeParams = new Array(scopeKeys.length + 1),
scopeValues = new Array(scopeKeys.length),
scopeOffset = 0;
while (scopeOffset < scopeKeys.length) {
scopeParams[scopeOffset] = scopeKeys[scopeOffset];
scopeValues[scopeOffset] = formatStringOrScope[scopeKeys[scopeOffset++]];
}
scopeParams[scopeOffset] = source;
return Function.apply(null, scopeParams).apply(null, scopeValues); // eslint-disable-line no-new-func
}
return Function(source)(); // eslint-disable-line no-new-func
}
// otherwise append to body
var formatParams = new Array(arguments.length - 1),
formatOffset = 0;
while (formatOffset < formatParams.length)
formatParams[formatOffset] = arguments[++formatOffset];
formatOffset = 0;
formatStringOrScope = formatStringOrScope.replace(/%([%dfijs])/g, function replace($0, $1) {
var value = formatParams[formatOffset++];
switch ($1) {
case "d": case "f": return String(Number(value));
case "i": return String(Math.floor(value));
case "j": return JSON.stringify(value);
case "s": return String(value);
}
return "%";
});
if (formatOffset !== formatParams.length)
throw Error("parameter count mismatch");
body.push(formatStringOrScope);
return Codegen;
}
stack info:
page: pages/Index.js
Error message: Not support eval. Forbidden using new Function()/Function().
SourceCode:
return Function(source)(); // eslint-disable-line no-new-func
^
Stacktrace:
at Codegen (entry/oh_modules/.ohpm/@[email protected]/oh_modules/@protobufjs/codegen/index.js:51:14)
at get (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/type.js:145:41)
at resolve (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/field.js:281:7)
at encoder (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/encoder.js:34:17)
at setup (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/type.js:380:17)
at verify_setup (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/type.js:470:10)
at anonymous (entry/src/main/ets/pages/Index.ets:102:34)
at finish (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/root.js:100:5)
at process (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/root.js:128:27)
at anonymous (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/root.js:173:9)
at anonymous (entry/src/main/ets/pages/Index.ets:22:12)
at fetch (entry/oh_modules/.ohpm/@[email protected]/oh_modules/@protobufjs/fetch/index.js:46:10)
at fetch (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/root.js:161:7)
at load (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/root.js:182:105)
at load (entry/oh_modules/.ohpm/[email protected]/oh_modules/protobufjs/src/index-light.js:28:10)
at anonymous (entry/src/main/ets/pages/Index.ets:92:17)
Same here. I've been using electron's cast library which uses protobuf as a dependency. Some security changes have stopped it from working due to no-new-func. It's kind of bad practice to use eval (as noted by the lint message).
https://github.com/protobufjs/protobuf.js/pull/1941
support me. This project seems really out of maintenance. We have to unite until the contributors see this pull request.
