tedious icon indicating copy to clipboard operation
tedious copied to clipboard

Published 20 hours ago verified publisher icon tediousjs

UniqueIdentifier parameter is not validated, terminates node

Open jon-shipley opened this issue 4 years ago • 4 comments

UUID parameters are not validated which can lead to unexpected behaviour, including terminating node.

Tedious: 6.7.0

    request.addParameter('uuid', TYPES.UniqueIdentifier, 'random-txt')

results in the following output:

> node -r dotenv/config ./minimal.js
/Users/jon/Code/projects/tedious-bug/node_modules/tedious/lib/guid-parser.js:34
  return [CHARCODEMAP[guid.charCodeAt(6)][guid.charCodeAt(7)], CHARCODEMAP[guid.charCodeAt(4)][guid.charCodeAt(5)], CHARCODEMAP[guid.charCodeAt(2)][guid.charCodeAt(3)], CHARCODEMAP[guid.charCodeAt(0)][guid.charCodeAt(1)], CHARCODEMAP[guid.charCodeAt(11)][guid.charCodeAt(12)], CHARCODEMAP[guid.charCodeAt(9)][guid.charCodeAt(10)], CHARCODEMAP[guid.charCodeAt(16)][guid.charCodeAt(17)], CHARCODEMAP[guid.charCodeAt(14)][guid.charCodeAt(15)], CHARCODEMAP[guid.charCodeAt(19)][guid.charCodeAt(20)], CHARCODEMAP[guid.charCodeAt(21)][guid.charCodeAt(22)], CHARCODEMAP[guid.charCodeAt(24)][guid.charCodeAt(25)], CHARCODEMAP[guid.charCodeAt(26)][guid.charCodeAt(27)], CHARCODEMAP[guid.charCodeAt(28)][guid.charCodeAt(29)], CHARCODEMAP[guid.charCodeAt(30)][guid.charCodeAt(31)], CHARCODEMAP[guid.charCodeAt(32)][guid.charCodeAt(33)], CHARCODEMAP[guid.charCodeAt(34)][guid.charCodeAt(35)]];
                                         ^

TypeError: Cannot read property '116' of undefined
    at guidToArray (/Users/jon/Code/projects/tedious-bug/node_modules/tedious/lib/guid-parser.js:34:42)
    at Object.writeParameterData (/Users/jon/Code/projects/tedious-bug/node_modules/tedious/lib/data-types/uniqueidentifier.js:27:66)
    at RpcRequestPayload._writeParameterData (/Users/jon/Code/projects/tedious-bug/node_modules/tedious/lib/rpcrequest-payload.js:113:10)
    at writeNext (/Users/jon/Code/projects/tedious-bug/node_modules/tedious/lib/rpcrequest-payload.js:64:12)
    at Immediate.<anonymous> (/Users/jon/Code/projects/tedious-bug/node_modules/tedious/lib/rpcrequest-payload.js:66:11)
    at processImmediate (internal/timers.js:456:21)

The error causes node to terminate.

jon-shipley avatar Feb 10 '21 16:02 jon-shipley

Hi @jon-shipley, this error is fixed in the latest version of tedious (11.0.4). Is it possible for you to upgrade?

IanChokS avatar Feb 16 '21 16:02 IanChokS

Hi @IanChokS

Not at the moment. Our dependency is actually node-mssql, and the latest stable version of that is v6.3.1 which uses tedious v6.7.0.

jon-shipley avatar Feb 16 '21 17:02 jon-shipley

@jon-shipley Is there a specific reason you're using node-mssql instead of using tedious directly? I'm not saying there is anything wrong with node-mssql, I'm just trying to understand if we're missing any crucial functionality.

[email protected] is pretty old, and I'm not very keen on providing any patch releases for a version that is essentially not maintained/supported. I hope that makes sense. 🙇‍♂️

arthurschreiber avatar Mar 06 '21 12:03 arthurschreiber

@arthurschreiber i'm intrigued by your question on using node-mssql.

as you own both packages is there any particular reason why we should avoid it? The API on node-mssql feels easier to use.

Is it still maintained? and should new projects opt for tedious?

GuyHarwood avatar May 05 '21 09:05 GuyHarwood