dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-19 17:46:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

disallow shell scripting in web by default

Browse Source
This commit is contained in:
Jan Prochazka
2022-03-20 11:17:49 +01:00
parent 6fb582249c
commit 2bec053809
11 changed files with 204 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
packages/web/src/impexp/ScriptWriter.ts
View File

@@ -1,58 +0,0 @@
import _ from 'lodash';
import { extractShellApiFunctionName, extractShellApiPlugins } from 'dbgate-tools';
export default class ScriptWriter {
s = '';
packageNames: string[] = [];
varCount = 0;
constructor(varCount = '0') {
this.varCount = parseInt(varCount) || 0;
}
allocVariable(prefix = 'var') {
this.varCount += 1;
return `${prefix}${this.varCount}`;
}
put(s = '') {
this.s += s;
this.s += '\n';
}
assign(variableName, functionName, props) {
this.put(`const ${variableName} = await ${extractShellApiFunctionName(functionName)}(${JSON.stringify(props)});`);
this.packageNames.push(...extractShellApiPlugins(functionName, props));
}
assignValue(variableName, jsonValue) {
this.put(`const ${variableName} = ${JSON.stringify(jsonValue)};`);
}
requirePackage(packageName) {
this.packageNames.push(packageName);
}
copyStream(sourceVar, targetVar, colmapVar = null) {
if (colmapVar) {
this.put(`await dbgateApi.copyStream(${sourceVar}, ${targetVar}, {columns: ${colmapVar}});`);
} else {
this.put(`await dbgateApi.copyStream(${sourceVar}, ${targetVar});`);
}
}
comment(s) {
this.put(`// ${s}`);
}
getScript(schedule = null) {
const packageNames = this.packageNames;
let prefix = _.uniq(packageNames)
.map(packageName => `// @require ${packageName}\n`)
.join('');
if (schedule) prefix += `// @schedule ${schedule}`;
if (prefix) prefix += '\n';
return prefix + this.s;
}
}

12
packages/web/src/impexp/createImpExpScript.ts
View File

@@ -1,5 +1,5 @@
import _ from 'lodash';
import ScriptWriter from './ScriptWriter';
import { ScriptWriter, ScriptWriterJson } from 'dbgate-tools';
import getAsArray from '../utility/getAsArray';
import { getConnectionInfo } from '../utility/metadataLoaders';
import { findEngineDriver, findObjectLike } from 'dbgate-tools';
@@ -187,8 +187,12 @@ export function normalizeExportColumnMap(colmap) {
return null;
}
export default async function createImpExpScript(extensions, values, addEditorInfo = true) {
const script = new ScriptWriter(values.startVariableIndex || 0);
export default async function createImpExpScript(extensions, values, addEditorInfo = true, forceScript = false) {
const config = getCurrentConfig();
const script =
config.allowShellScripting || forceScript
? new ScriptWriter(values.startVariableIndex || 0)
: new ScriptWriterJson(values.startVariableIndex || 0);
const [sourceConnection, sourceDriver] = await getConnection(
extensions,
@@ -222,7 +226,7 @@ export default async function createImpExpScript(extensions, values, addEditorIn
}
script.copyStream(sourceVar, targetVar, colmapVar);
script.put();
script.endLine();
}
if (addEditorInfo) {
script.comment('@ImportExportConfigurator');