From 7e0591aa080f1a2507e3a36192d22bb6f04d8227 Mon Sep 17 00:00:00 2001 From: PIC&cie <64333185+ciePIC@users.noreply.github.com> Date: Thu, 25 Jan 2024 15:58:24 +0100 Subject: [PATCH 1/5] HOTFIX : objectGUID Buffer cause error HOTFIX : objectGUID Buffer is limited to 16 bytes. When escape function need to escape a 2 or 3byte code, if index is at the end of the buffer, error are throw because trying to access unavailable index. Fix by adding check of index position. --- lib/utils/escape-filter-value.js | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/utils/escape-filter-value.js b/lib/utils/escape-filter-value.js index 62808e7..e858768 100644 --- a/lib/utils/escape-filter-value.js +++ b/lib/utils/escape-filter-value.js @@ -31,18 +31,19 @@ function escapeBuffer (buf) { for (let i = 0; i < buf.length; i += 1) { if (buf[i] >= 0xc0 && buf[i] <= 0xdf) { // Represents the first byte in a 2-byte UTF-8 character. - result += '\\' + buf[i].toString(16) + '\\' + buf[i + 1].toString(16) + console.log("-- use 1", i); + result += '\\' + buf[i].toString(16); + if(i<15) { result += '\\' + buf[i + 1].toString(16); } //Only add second byte if exist in buffer i += 1 continue } if (buf[i] >= 0xe0 && buf[i] <= 0xef) { // Represents the first byte in a 3-byte UTF-8 character. - result += [ - '\\', buf[i].toString(16), - '\\', buf[i + 1].toString(16), - '\\', buf[i + 2].toString(16) - ].join('') + console.log("-- use 2", i); + result += '\\' + buf[i].toString(16); + if(i<15) { result += '\\' + buf[i + 1].toString(16); } //Only add second byte if exist in buffer + if(i<14) { result += '\\' + buf[i + 2].toString(16); } //Only add third byte if exist in buffer i += 2 continue } @@ -50,10 +51,12 @@ function escapeBuffer (buf) { if (buf[i] <= 31) { // It's an ASCII control character so we will straight // encode it (excluding the "space" character). + console.log("-- use 3", i); result += '\\' + buf[i].toString(16).padStart(2, '0') continue } + console.log("-- use 4", i); const char = String.fromCharCode(buf[i]) switch (char) { case '*': { @@ -82,7 +85,8 @@ function escapeBuffer (buf) { } default: { - result += char + //result += char + result += '\\' + buf[i].toString(16).padStart(2, '0') break } } From 013b42073a70ffc537177a17ae51105149584eb2 Mon Sep 17 00:00:00 2001 From: PIC&cie <64333185+ciePIC@users.noreply.github.com> Date: Thu, 25 Jan 2024 16:02:12 +0100 Subject: [PATCH 2/5] Clean log --- lib/utils/escape-filter-value.js | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/lib/utils/escape-filter-value.js b/lib/utils/escape-filter-value.js index e858768..f8f113b 100644 --- a/lib/utils/escape-filter-value.js +++ b/lib/utils/escape-filter-value.js @@ -31,7 +31,6 @@ function escapeBuffer (buf) { for (let i = 0; i < buf.length; i += 1) { if (buf[i] >= 0xc0 && buf[i] <= 0xdf) { // Represents the first byte in a 2-byte UTF-8 character. - console.log("-- use 1", i); result += '\\' + buf[i].toString(16); if(i<15) { result += '\\' + buf[i + 1].toString(16); } //Only add second byte if exist in buffer i += 1 @@ -40,7 +39,6 @@ function escapeBuffer (buf) { if (buf[i] >= 0xe0 && buf[i] <= 0xef) { // Represents the first byte in a 3-byte UTF-8 character. - console.log("-- use 2", i); result += '\\' + buf[i].toString(16); if(i<15) { result += '\\' + buf[i + 1].toString(16); } //Only add second byte if exist in buffer if(i<14) { result += '\\' + buf[i + 2].toString(16); } //Only add third byte if exist in buffer @@ -51,12 +49,10 @@ function escapeBuffer (buf) { if (buf[i] <= 31) { // It's an ASCII control character so we will straight // encode it (excluding the "space" character). - console.log("-- use 3", i); result += '\\' + buf[i].toString(16).padStart(2, '0') continue } - console.log("-- use 4", i); const char = String.fromCharCode(buf[i]) switch (char) { case '*': { @@ -85,8 +81,7 @@ function escapeBuffer (buf) { } default: { - //result += char - result += '\\' + buf[i].toString(16).padStart(2, '0') + result += char break } } From 756b363a128928123004ae4556037ce12b7c15e9 Mon Sep 17 00:00:00 2001 From: PIC&cie <64333185+ciePIC@users.noreply.github.com> Date: Fri, 26 Jan 2024 17:31:08 +0100 Subject: [PATCH 3/5] Replace magic number Replace magic number by number based on buffer length --- lib/utils/escape-filter-value.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/utils/escape-filter-value.js b/lib/utils/escape-filter-value.js index f8f113b..9bff14e 100644 --- a/lib/utils/escape-filter-value.js +++ b/lib/utils/escape-filter-value.js @@ -27,12 +27,13 @@ function escapeFilterValue (toEscape) { } function escapeBuffer (buf) { - let result = '' + let bufLen = buf.length; + let result = ''; for (let i = 0; i < buf.length; i += 1) { if (buf[i] >= 0xc0 && buf[i] <= 0xdf) { // Represents the first byte in a 2-byte UTF-8 character. result += '\\' + buf[i].toString(16); - if(i<15) { result += '\\' + buf[i + 1].toString(16); } //Only add second byte if exist in buffer + if(i= 0xe0 && buf[i] <= 0xef) { // Represents the first byte in a 3-byte UTF-8 character. result += '\\' + buf[i].toString(16); - if(i<15) { result += '\\' + buf[i + 1].toString(16); } //Only add second byte if exist in buffer - if(i<14) { result += '\\' + buf[i + 2].toString(16); } //Only add third byte if exist in buffer + if(i Date: Sat, 27 Jan 2024 16:46:36 +0100 Subject: [PATCH 4/5] add unit-test Add test for binary data ending by value that trig 2 or 3 bytes escaping UTF8. Implemented with a buffer length of 4bytes. --- lib/utils/escape-filter-value.test.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/utils/escape-filter-value.test.js b/lib/utils/escape-filter-value.test.js index e7ac53d..17a089e 100644 --- a/lib/utils/escape-filter-value.test.js +++ b/lib/utils/escape-filter-value.test.js @@ -83,3 +83,9 @@ tap.test('leaves encoded characters intact', async t => { t.equal(result, expected[i]) } }) + +tap.test('parse binary data with end byte >0xc0', async t => { + const input = Buffer.from([0x30, 0x41, 0x62, 0xd2]) + const expected = '0Ab\\d2' + t.equal(escapeFilterValue(input), expected) +}) From 1b2b15f375c12729be1dacfdf1398d010ff340cb Mon Sep 17 00:00:00 2001 From: Nicolas CHUTIN Date: Mon, 12 Feb 2024 17:15:10 +0100 Subject: [PATCH 5/5] Fix eslint + byteLength + split test --- lib/utils/escape-filter-value.js | 14 +++++++------- lib/utils/escape-filter-value.test.js | 12 +++++++++--- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/lib/utils/escape-filter-value.js b/lib/utils/escape-filter-value.js index 9bff14e..48a2d25 100644 --- a/lib/utils/escape-filter-value.js +++ b/lib/utils/escape-filter-value.js @@ -27,22 +27,22 @@ function escapeFilterValue (toEscape) { } function escapeBuffer (buf) { - let bufLen = buf.length; - let result = ''; + const bufLen = buf.byteLength + let result = '' for (let i = 0; i < buf.length; i += 1) { if (buf[i] >= 0xc0 && buf[i] <= 0xdf) { // Represents the first byte in a 2-byte UTF-8 character. - result += '\\' + buf[i].toString(16); - if(i= 0xe0 && buf[i] <= 0xef) { // Represents the first byte in a 3-byte UTF-8 character. - result += '\\' + buf[i].toString(16); - if(i { } }) -tap.test('parse binary data with end byte >0xc0', async t => { - const input = Buffer.from([0x30, 0x41, 0x62, 0xd2]) - const expected = '0Ab\\d2' +tap.test('handle start of two byte utf-8 character at end of buffer', async t => { + const input = Buffer.from([0x30, 0xc2]) + const expected = '0\\c2' + t.equal(escapeFilterValue(input), expected) +}) + +tap.test('handle start of three byte utf-8 character at end of buffer', async t => { + const input = Buffer.from([0x30, 0xe2]) + const expected = '0\\e2' t.equal(escapeFilterValue(input), expected) })