feat(autocomplete): add type generator from the php yaml definitions #521
Conversation
… have a schema defined
There was a problem hiding this comment.
Fwiw my gut feeling would still be that the generated files are not something we need to check into the repo.
If you do want to keep them, I'd suggest doing something like https://github.com/mongodb/specifications/blob/master/.gitattributes where we inform GH that the files are generated so that we don't end up reviewing the diffs manually by default
|
|
||
| return new Date(value); | ||
| } | ||
| } |
There was a problem hiding this comment.
Yeah, this looks a lot like the type of logic we have in https://github.com/mongodb-js/devtools-shared/tree/main/packages/ejson-shell-parser 🙂
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| class NumberLongProcessor extends RegexCustomTypeProcessor { | ||
| constructor() { | ||
| super('\\bNumberLong\\(\\s*"?([\\d\.]*)"?\\s*\\)'); |
Check failure
Code scanning / CodeQL
Useless regular-expression character escape High
Copilot Autofix
AI 2 days ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
| operatorFilter?: string, | ||
| ): Promise<void> { | ||
| const categoryRegex = categoryFilter | ||
| ? new RegExp(categoryFilter) |
Check failure
Code scanning / CodeQL
Regular expression injection High
| ? new RegExp(categoryFilter) | ||
| : undefined; | ||
| const operatorRegex = operatorFilter | ||
| ? new RegExp(operatorFilter) |
Check failure
Code scanning / CodeQL
Regular expression injection High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 days ago
To fix the issue, we need to sanitize the operatorFilter input before using it to construct a regular expression. The best way to achieve this is by using a library like lodash and its _.escapeRegExp function, which escapes special characters in a string to make it safe for use in a regular expression. This ensures that user input cannot introduce malicious patterns into the regular expression.
The changes will be made in the generate method of GeneratorBase in packages/mql-typescript/src/generator.ts. Additionally, we will add the required lodash import to the file.
| @@ -4,2 +4,3 @@ | ||
| import * as fs from 'fs/promises'; | ||
| import _ from 'lodash'; | ||
| import * as yaml from 'js-yaml'; | ||
| @@ -282,6 +283,6 @@ | ||
| const categoryRegex = categoryFilter | ||
| ? new RegExp(categoryFilter) | ||
| ? new RegExp(_.escapeRegExp(categoryFilter)) | ||
| : undefined; | ||
| const operatorRegex = operatorFilter | ||
| ? new RegExp(operatorFilter) | ||
| ? new RegExp(_.escapeRegExp(operatorFilter)) | ||
| : undefined; |
| @@ -80,3 +80,4 @@ | ||
| "yargs": "^17.7.2", | ||
| "zod": "^3.24.2" | ||
| "zod": "^3.24.2", | ||
| "lodash": "^4.17.21" | ||
| } |
| Package | Version | Security advisories |
| lodash (npm) | 4.17.21 | None |
Warning
This is very much WIP and likely to change significantly
Description
TBD
Open Questions
TBD
Checklist