node-mysql2 icon indicating copy to clipboard operation
node-mysql2 copied to clipboard

Published 20 hours ago verified publisher icon sidorares

Defect executing immediate dependency generate-function - pushLine is not defined

Open prettydiff opened this issue 2 years ago • 6 comments

I am getting an error to the generate-function dependency that comes from Query.prototype.readField of lib/commands/query.js around line 218.

This error occurs when I attempt any from of query executing on a connection pool:

const params = {
    connectionLimit: 25,
    host: hostString,
    pass: password,
    port: 3306,
    user: dynamicName,
    ssl: "Amazon RDS:
};
const pool = mysql2.createPool(params);
pool.query("SHOW PROCEDURE STATUS", queryCallback); // error is here, callback never fires

I have tried all the examples on the projects readme.md for queries against a connection pool and also tried removing the connectionLimit and ssl parameters. I still get the same error.

prettydiff avatar Jan 28 '23 16:01 prettydiff

can you post full stack trace @prettydiff ?

sidorares avatar Jan 29 '23 01:01 sidorares 

undefined:12
      pushLine(util.format.apply(util, arguments))

ReferenceError: pushLine is not defined
    at new eval (eval at line.toFunction (project\node_modules\generate-function\index.js:172:21), <anonymous>:12:7)
    at Query.readField (project\node_modules\mysql2\lib\commands\query.js:215:25)
    at Query.execute (project\node_modules\mysql2\lib\commands\commands.js:45:22)
    at PoolConnection.handlePacket (project\node_modules\mysql2\lib\connection.js:487:32)
    at PacketParser.onPacket (project\node_modules\mysql2\lib\connection.js:94:12)
    at PacketParser.executeStart (project\node_modules\mysql2\lib\packet_parser.js:75:16)
    at Socket.<anonymous> (project\node_modules\mysql2\lib\connection.js:101:25)
    at Socket.emit (node:events:513:28)
    at addChunk (node:internal/streams/readable:324:12)
    at readableAddChunk (node:internal/streams/readable:297:9)

Node.js v19.4.0

I apologize in advance for any typos as I had to manually transcribe that stack trace. I am using mysql2 on a separate business machine that uses a separate GitHub account for private company access.

prettydiff avatar Jan 29 '23 02:01 prettydiff

unfortunately need some reliable way of reproducing this to be able to help

sidorares avatar Jan 29 '23 12:01 sidorares

Here is the most minimal example of how I am executing the query.

db.ts

import mysql from "mysql2";
const db = function (callback:(pool) => void):void {
    const params = {
        connectionLimit: 25,
        host: hostString,
        pass: password,
        port: 3306,
        user: dynamicName,
        ssl: "Amazon RDS"
    };
    const pool = mysql.createPool(params);
    callback(pool);
};

export default db;

query.ts

import db from "./db.js";
const query = function ():void {
    db(function (pool) {
        const queryCallback = function (errorQuery:NodeJS.ErrnoException, response:any):void {
            if (errorQuery === null) {
                console.log(response);
            } else {
                console.log(errorQuery);
            }
        };
        pool.query("SHOW PROCEDURE STATUS", queryCallback);
    });
};

export default list;

start.ts

import query from "./query.js";
query();

prettydiff avatar Jan 29 '23 14:01 prettydiff

For the ones who arrive here, check if your app freezes objects etc (preventing prototype pollution vulnerabilities).

hansott avatar Feb 26 '24 14:02 hansott

For the ones who arrive here, check if your app freezes objects etc (preventing prototype pollution vulnerabilities).

Yeah, this was it. Stopped freezing when I commented out a neat little security function with no implications whatsoever (I should've read the fine text, lol).

function freezeVulnerablePrototypes() {
    const vulnerablePrototypes = [
        Object, Object.prototype,
        Function, Function.prototype,
        Array, Array.prototype,
        String, String.prototype,
        Number, Number.prototype,
        Boolean, Boolean.prototype
    ];

    vulnerablePrototypes.forEach(Object.freeze);
}

ReferenceError: pushLine is not defined
    at new eval (eval at line.toFunction (<private>\node_modules\generate-function\index.js:172:21), <anonymous>:12:7)
    at Query.readField (<private>\node_modules\mysql2\lib\commands\query.js:215:25)
    at Query.execute (<private>\node_modules\mysql2\lib\commands\command.js:45:22)
    at Connection.handlePacket (<private>\node_modules\mysql2\lib\connection.js:481:34)
    at PacketParser.onPacket (<private>\node_modules\mysql2\lib\connection.js:97:12)
    at PacketParser.executeStart (<private>\node_modules\mysql2\lib\packet_parser.js:75:16)
    at Socket.<anonymous> (<private>\node_modules\mysql2\lib\connection.js:104:25)
    at Socket.emit (node:events:511:28)
    at addChunk (node:internal/streams/readable:332:12)
    at readableAddChunk (node:internal/streams/readable:305:9) {
  fatal: true
}

SleepyMode avatar Mar 21 '24 17:03 SleepyMode