suyiiyii
/
yq
mirror of https://github.com/mikefarah/yq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixing issues found by codeql

This commit is contained in:
Mike Farah 2022-05-06 13:46:14 +10:00
parent 1aeb8e3025
commit 72cdde78f6
10 changed files with 42 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/yqlib/compare_operators.go
View File

@ -87,11 +87,11 @@ func compareScalars(context Context, prefs compareTypePref, lhs *yaml.Node, rhs
if isDateTime { if isDateTime {
return compareDateTime(context.GetDateTimeLayout(), prefs, lhs, rhs) return compareDateTime(context.GetDateTimeLayout(), prefs, lhs, rhs)
} else if lhsTag == "!!int" && rhsTag == "!!int" { } else if lhsTag == "!!int" && rhsTag == "!!int" {
_, lhsNum, err := parseInt(lhs.Value) _, lhsNum, err := parseInt64(lhs.Value)
if err != nil { if err != nil {
return false, err return false, err
} }
_, rhsNum, err := parseInt(rhs.Value) _, rhsNum, err := parseInt64(rhs.Value)
if err != nil { if err != nil {
return false, err return false, err
} }

3
pkg/yqlib/doc/operators/unique.md
View File

@ -1,6 +1,7 @@
# Unique # Unique
This is used to filter out duplicated items in an array. This is used to filter out duplicated items in an array. Note that the original order of the array is maintained.
{% hint style="warning" %} {% hint style="warning" %}
Note that versions prior to 4.18 require the 'eval/e' command to be specified.  Note that versions prior to 4.18 require the 'eval/e' command to be specified. 

24
pkg/yqlib/lib.go
View File

@ -6,6 +6,7 @@ import (
"bytes" "bytes"
"container/list" "container/list"
"fmt" "fmt"
"math"
"strconv" "strconv"
"strings" "strings"
@ -320,7 +321,7 @@ func deepCloneWithOptions(node *yaml.Node, cloneContent bool) *yaml.Node {
} }
// yaml numbers can be hex encoded... // yaml numbers can be hex encoded...
func parseInt(numberString string) (string, int64, error) { func parseInt64(numberString string) (string, int64, error) {
if strings.HasPrefix(numberString, "0x") || if strings.HasPrefix(numberString, "0x") ||
strings.HasPrefix(numberString, "0X") { strings.HasPrefix(numberString, "0X") {
num, err := strconv.ParseInt(numberString[2:], 16, 64) num, err := strconv.ParseInt(numberString[2:], 16, 64)
@ -330,6 +331,27 @@ func parseInt(numberString string) (string, int64, error) {
return "%v", num, err return "%v", num, err
} }
func parseInt(numberString string) (string, int, error) {
var err error
var parsed int64
format := "%v"
if strings.HasPrefix(numberString, "0x") ||
strings.HasPrefix(numberString, "0X") {
format = "0x%X"
parsed, err = strconv.ParseInt(numberString[2:], 16, 64)
} else {
parsed, err = strconv.ParseInt(numberString, 10, 64)
}
if err != nil {
return "", 0, err
} else if parsed > math.MaxInt {
return "", 0, fmt.Errorf("%v is too big (larger than %v)", parsed, math.MaxInt)
}
return format, int(parsed), err
}
func createScalarNode(value interface{}, stringValue string) *yaml.Node { func createScalarNode(value interface{}, stringValue string) *yaml.Node {
var node = &yaml.Node{Kind: yaml.ScalarNode} var node = &yaml.Node{Kind: yaml.ScalarNode}
node.Value = stringValue node.Value = stringValue

4
pkg/yqlib/operator_add.go
View File

@ -104,11 +104,11 @@ func addScalars(context Context, target *CandidateNode, lhs *yaml.Node, rhs *yam
target.Node.Tag = lhs.Tag target.Node.Tag = lhs.Tag
target.Node.Value = lhs.Value + rhs.Value target.Node.Value = lhs.Value + rhs.Value
} else if lhsTag == "!!int" && rhsTag == "!!int" { } else if lhsTag == "!!int" && rhsTag == "!!int" {
format, lhsNum, err := parseInt(lhs.Value) format, lhsNum, err := parseInt64(lhs.Value)
if err != nil { if err != nil {
return err return err
} }
_, rhsNum, err := parseInt(rhs.Value) _, rhsNum, err := parseInt64(rhs.Value)
if err != nil { if err != nil {
return err return err
} }

4
pkg/yqlib/operator_multiply.go
View File

@ -124,11 +124,11 @@ func multiplyIntegers(lhs *CandidateNode, rhs *CandidateNode) (*CandidateNode, e
target.Node.Style = lhs.Node.Style target.Node.Style = lhs.Node.Style
target.Node.Tag = lhs.Node.Tag target.Node.Tag = lhs.Node.Tag
format, lhsNum, err := parseInt(lhs.Node.Value) format, lhsNum, err := parseInt64(lhs.Node.Value)
if err != nil { if err != nil {
return nil, err return nil, err
} }
_, rhsNum, err := parseInt(rhs.Node.Value) _, rhsNum, err := parseInt64(rhs.Node.Value)
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
pkg/yqlib/operator_pick.go
View File

@ -36,7 +36,7 @@ func pickSequence(original *yaml.Node, indices *yaml.Node) (*yaml.Node, error) {
return nil, fmt.Errorf("cannot index array with %v", indices.Content[index].Value) return nil, fmt.Errorf("cannot index array with %v", indices.Content[index].Value)
} }
if int(indexInArray) > -1 && int(indexInArray) < len(original.Content) { if indexInArray > -1 && indexInArray < len(original.Content) {
filteredContent = append(filteredContent, deepClone(original.Content[indexInArray])) filteredContent = append(filteredContent, deepClone(original.Content[indexInArray]))
} }
} }

4
pkg/yqlib/operator_sort.go
View File

@ -106,11 +106,11 @@ func (a sortableNodeArray) Less(i, j int) bool {
} else if lhs.Tag != rhs.Tag || lhs.Tag == "!!str" { } else if lhs.Tag != rhs.Tag || lhs.Tag == "!!str" {
return strings.Compare(lhs.Value, rhs.Value) < 0 return strings.Compare(lhs.Value, rhs.Value) < 0
} else if lhs.Tag == "!!int" && rhs.Tag == "!!int" { } else if lhs.Tag == "!!int" && rhs.Tag == "!!int" {
_, lhsNum, err := parseInt(lhs.Value) _, lhsNum, err := parseInt64(lhs.Value)
if err != nil { if err != nil {
panic(err) panic(err)
} }
_, rhsNum, err := parseInt(rhs.Value) _, rhsNum, err := parseInt64(rhs.Value)
if err != nil { if err != nil {
panic(err) panic(err)
} }

4
pkg/yqlib/operator_subtract.go
View File

@ -104,11 +104,11 @@ func subtractScalars(context Context, target *CandidateNode, lhs *yaml.Node, rhs
} else if lhsTag == "!!str" { } else if lhsTag == "!!str" {
return fmt.Errorf("strings cannot be subtracted") return fmt.Errorf("strings cannot be subtracted")
} else if lhsTag == "!!int" && rhsTag == "!!int" { } else if lhsTag == "!!int" && rhsTag == "!!int" {
format, lhsNum, err := parseInt(lhs.Value) format, lhsNum, err := parseInt64(lhs.Value)
if err != nil { if err != nil {
return err return err
} }
_, rhsNum, err := parseInt(rhs.Value) _, rhsNum, err := parseInt64(rhs.Value)
if err != nil { if err != nil {
return err return err
} }

10
pkg/yqlib/operator_traverse_path.go
View File

@ -188,15 +188,15 @@ func traverseArrayWithIndices(candidate *CandidateNode, indices []*yaml.Node, pr
for _, indexNode := range indices { for _, indexNode := range indices {
log.Debug("traverseArrayWithIndices: '%v'", indexNode.Value) log.Debug("traverseArrayWithIndices: '%v'", indexNode.Value)
index, err := strconv.ParseInt(indexNode.Value, 10, 64) _, index, err := parseInt(indexNode.Value)
if err != nil && prefs.OptionalTraverse { if err != nil && prefs.OptionalTraverse {
continue continue
} }
if err != nil { if err != nil {
return nil, fmt.Errorf("Cannot index array with '%v' (%w)", indexNode.Value, err) return nil, fmt.Errorf("cannot index array with '%v' (%w)", indexNode.Value, err)
} }
indexToUse := index indexToUse := index
contentLength := int64(len(node.Content)) contentLength := len(node.Content)
for contentLength <= index { for contentLength <= index {
if contentLength == 0 { if contentLength == 0 {
// default to nice yaml formating // default to nice yaml formating
@ -204,7 +204,7 @@ func traverseArrayWithIndices(candidate *CandidateNode, indices []*yaml.Node, pr
} }
node.Content = append(node.Content, &yaml.Node{Tag: "!!null", Kind: yaml.ScalarNode, Value: "null"}) node.Content = append(node.Content, &yaml.Node{Tag: "!!null", Kind: yaml.ScalarNode, Value: "null"})
contentLength = int64(len(node.Content)) contentLength = len(node.Content)
} }
if indexToUse < 0 { if indexToUse < 0 {
@ -215,7 +215,7 @@ func traverseArrayWithIndices(candidate *CandidateNode, indices []*yaml.Node, pr
return nil, fmt.Errorf("index [%v] out of range, array size is %v", index, contentLength) return nil, fmt.Errorf("index [%v] out of range, array size is %v", index, contentLength)
} }
newMatches.PushBack(candidate.CreateChildInArray(int(index), node.Content[indexToUse])) newMatches.PushBack(candidate.CreateChildInArray(index, node.Content[indexToUse]))
} }
return newMatches, nil return newMatches, nil
} }

2
pkg/yqlib/operator_variables_test.go
View File

@ -17,7 +17,7 @@ var variableOperatorScenarios = []expressionScenario{
document: "a: [cat]", document: "a: [cat]",
skipDoc: true, skipDoc: true,
expression: "(.[] | {.name: .}) as $item", expression: "(.[] | {.name: .}) as $item",
expectedError: `Cannot index array with 'name' (strconv.ParseInt: parsing "name": invalid syntax)`, expectedError: `cannot index array with 'name' (strconv.ParseInt: parsing "name": invalid syntax)`,
}, },
{ {
description: "Single value variable", description: "Single value variable",