-
-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Min/Max for type array to generate better faker.helpers.arrayElements
functionality
#1339
Conversation
…ements` functionality
🦋 Changeset detectedLatest commit: 646e6b2 The changes in this PR will be included in the next version bump. This PR includes changesets to release 24 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1339 +/- ##
==========================================
- Coverage 86.14% 86.11% -0.04%
==========================================
Files 155 155
Lines 9571 9571
Branches 1824 1824
==========================================
- Hits 8245 8242 -3
- Misses 1315 1318 +3
Partials 11 11 ☔ View full report in Codecov by Sentry. |
98120d4
to
646e6b2
Compare
const item = items.at(0) | ||
|
||
if (min !== undefined && max !== undefined) { | ||
return `faker.helpers.multiple(() => (${item}), { count: { min: ${min}, max: ${max} }}) as any` |
Check warning
Code scanning / CodeQL
Improper code sanitization Medium
improperly sanitized value
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 months ago
To fix the problem, we need to ensure that any potentially dangerous characters in the item
variable are properly escaped before being used in the template literal. This can be achieved by implementing an escapeUnsafeChars
function that replaces dangerous characters with their escaped equivalents. We will then use this function to sanitize the item
variable before including it in the template literal.
-
Copy modified lines R7-R25 -
Copy modified line R81
@@ -6,2 +6,21 @@ | ||
|
||
const charMap = { | ||
'<': '\\u003C', | ||
'>' : '\\u003E', | ||
'/': '\\u002F', | ||
'\\': '\\\\', | ||
'\b': '\\b', | ||
'\f': '\\f', | ||
'\n': '\\n', | ||
'\r': '\\r', | ||
'\t': '\\t', | ||
'\0': '\\0', | ||
'\u2028': '\\u2028', | ||
'\u2029': '\\u2029' | ||
}; | ||
|
||
function escapeUnsafeChars(str) { | ||
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029]/g, x => charMap[x]) | ||
} | ||
|
||
const fakerKeywordMapper = { | ||
@@ -61,3 +80,3 @@ | ||
} | ||
const item = items.at(0) | ||
const item = escapeUnsafeChars(items.at(0)) | ||
|
return `faker.helpers.multiple(() => (${item}), { count: { min: ${min}, max: ${max} }}) as any` | ||
} | ||
if (min !== undefined) { | ||
return `faker.helpers.multiple(() => (${item}), { count: ${min} }) as any` |
Check warning
Code scanning / CodeQL
Improper code sanitization Medium
improperly sanitized value
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 months ago
To fix the problem, we need to ensure that any user-controlled input used in constructing JavaScript code is properly sanitized. This involves escaping potentially dangerous characters before using them in template literals. We can create a utility function to escape these characters and use it in the relevant parts of the code.
- Create a utility function
escapeUnsafeChars
to escape potentially dangerous characters. - Use this function to sanitize the
item
variable in thefakerKeywordMapper.array
function.
-
Copy modified lines R7-R25 -
Copy modified line R81
@@ -6,2 +6,21 @@ | ||
|
||
const charMap = { | ||
'<': '\\u003C', | ||
'>' : '\\u003E', | ||
'/': '\\u002F', | ||
'\\': '\\\\', | ||
'\b': '\\b', | ||
'\f': '\\f', | ||
'\n': '\\n', | ||
'\r': '\\r', | ||
'\t': '\\t', | ||
'\0': '\\0', | ||
'\u2028': '\\u2028', | ||
'\u2029': '\\u2029' | ||
}; | ||
|
||
function escapeUnsafeChars(str) { | ||
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029]/g, x => charMap[x]) | ||
} | ||
|
||
const fakerKeywordMapper = { | ||
@@ -61,3 +80,3 @@ | ||
} | ||
const item = items.at(0) | ||
const item = escapeUnsafeChars(items.at(0)) | ||
|
return `faker.helpers.multiple(() => (${item}), { count: ${min} }) as any` | ||
} | ||
if (max !== undefined) { | ||
return `faker.helpers.multiple(() => (${item}), { count: { min: 0, max: ${max} }}) as any` |
Check warning
Code scanning / CodeQL
Improper code sanitization Medium
improperly sanitized value
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 months ago
To fix the problem, we need to ensure that the item
variable is properly sanitized before being used in the template literal. We can achieve this by escaping potentially dangerous characters in the item
string. This can be done by creating a utility function to escape unsafe characters and applying it to the item
variable before it is used in the template literal.
- Create a utility function
escapeUnsafeChars
to escape potentially dangerous characters. - Apply this function to the
item
variable before it is used in the template literal on line 71 inpackages/plugin-faker/src/parser/index.ts
.
-
Copy modified lines R7-R25 -
Copy modified line R81
@@ -6,2 +6,21 @@ | ||
|
||
const charMap = { | ||
'<': '\\u003C', | ||
'>' : '\\u003E', | ||
'/': '\\u002F', | ||
'\\': '\\\\', | ||
'\b': '\\b', | ||
'\f': '\\f', | ||
'\n': '\\n', | ||
'\r': '\\r', | ||
'\t': '\\t', | ||
'\0': '\\0', | ||
'\u2028': '\\u2028', | ||
'\u2029': '\\u2029' | ||
}; | ||
|
||
function escapeUnsafeChars(str) { | ||
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029]/g, x => charMap[x]) | ||
} | ||
|
||
const fakerKeywordMapper = { | ||
@@ -61,3 +80,3 @@ | ||
} | ||
const item = items.at(0) | ||
const item = escapeUnsafeChars(items.at(0)) | ||
|
return `faker.helpers.multiple(() => (${item}), { count: { min: 0, max: ${max} }}) as any` | ||
} | ||
|
||
return `faker.helpers.multiple(() => (${item})) as any` |
Check warning
Code scanning / CodeQL
Improper code sanitization Medium
improperly sanitized value
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 months ago
To fix the problem, we need to ensure that any potentially dangerous characters in the item
variable are properly escaped before being used in string concatenation. We can achieve this by implementing an escapeUnsafeChars
function similar to the one provided in the example and using it to sanitize the item
variable.
- Implement an
escapeUnsafeChars
function to escape potentially dangerous characters. - Use this function to sanitize the
item
variable before it is used in string concatenation.
-
Copy modified lines R7-R25 -
Copy modified line R81
@@ -6,2 +6,21 @@ | ||
|
||
const charMap = { | ||
'<': '\\u003C', | ||
'>' : '\\u003E', | ||
'/': '\\u002F', | ||
'\\': '\\\\', | ||
'\b': '\\b', | ||
'\f': '\\f', | ||
'\n': '\\n', | ||
'\r': '\\r', | ||
'\t': '\\t', | ||
'\0': '\\0', | ||
'\u2028': '\\u2028', | ||
'\u2029': '\\u2029' | ||
}; | ||
|
||
function escapeUnsafeChars(str) { | ||
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029]/g, x => charMap[x]) | ||
} | ||
|
||
const fakerKeywordMapper = { | ||
@@ -61,3 +80,3 @@ | ||
} | ||
const item = items.at(0) | ||
const item = escapeUnsafeChars(items.at(0)) | ||
|
No description provided.