Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@balena/sbvr-types
Advanced tools
This module defines the data types that can be used in the SBVR model specification, as well as the possible relations between them. For each data type, there is a correspondence with a database data type, according to the various database engines that are supported.
The SBVR definition for types can be found at Type.sbvr
"The Rest" can be found at: balena-io-modules/sbvr-types/src/types
For a new type you should add a module to the types folder. The module should return a single object, which has the following format:
A types object, which specifies how the type is declared in various systems. This contains:
postgres: 'Serial'
mysql: (necessity, index) ->
return 'INTEGER' + necessity + index + ' AUTO_INCREMENT'
websql: (necessity, index) ->
return 'INTEGER' + necessity + index + ' AUTOINCREMENT'
odata:
name: 'Edm.Int64'
odata:
name: 'Self.Color'
complexType: '''
<ComplexType Name="Color">
<Property Name="r" Nullable="false" Type="Edm.Int8"/>\
<Property Name="g" Nullable="false" Type="Edm.Int8"/>\
<Property Name="b" Nullable="false" Type="Edm.Int8"/>\
<Property Name="a" Nullable="false" Type="Edm.Int8"/>\
</ComplexType>'''
(value, required) => Promise
that must be provided, and which should validate that incoming data is valid for this type.
value
is the value that has been received as part of the request.required
specifies whether this value is required (true: NOT NULL, false: NULL).Promise
should be returned with the resolved value being the valid, processed data, and any rejection being an error message explaining why the data is invalid.An example of validating a Color
type, we accept either a number that specifies the Color
, or an object {'r' or 'red', 'g' or 'green', 'b' or 'blue', 'a' or 'alpha'}, and return an integer that represents the Color
.
validate: Promise.method (value, required) ->
if typeof value != 'object'
processedValue = parseInt(value, 10)
if Number.isNaN(processedValue)
throw new Error('is neither an integer or color object: ' + value)
else
processedValue = 0
for own component, componentValue of value
if Number.isNaN(componentValue) or componentValue > 255
throw new Error('has invalid component value of ' + componentValue + ' for component ' + component)
switch component.toLowerCase()
when 'r', 'red'
processedValue |= componentValue << 16
when 'g', 'green'
processedValue |= componentValue << 8
when 'b', 'blue'
processedValue |= componentValue
when 'a', 'alpha'
processedValue |= componentValue << 24
else
throw new Error('has an unknown component: ' + component)
return processedValue
(data) => any
that may be specified to process the data after fetching from the database and before sending to the client. If specified this function should return the modified datafetchProcessing: (data) ->
return {
r: (data >> 16) & 0xFF
g: (data >> 8) & 0xFF
b: data & 0xFF
a: (data >> 24) & 0xFF
}
nativeProperties:
Verb:
Term: (from) -> ...
Term2: (from) -> ...
Verb2:
Term3: (from) -> ...
The (from) -> ...
function should return a chunk of abstract sql that can be used to fetch the property specified by this fact type, the from
parameter is abstract sql that will refer to an instance of the term that is of this type.
Text has Length:
nativeProperties:
'has':
'Length': (from) -> ['CharacterLength', from]
For the various properties of Color:
nativeProperties:
'has':
'Red Component': (from) -> ['BitwiseAnd', ['BitwiseShiftRight', from, 16], 255]
'Green Component': (from) -> ['BitwiseAnd', ['BitwiseShiftRight', from, 8], 255]
'Blue Component': (from) -> ['BitwiseShiftRight', from, 255]
'Alpha Component': (from) -> ['BitwiseAnd', ['BitwiseShiftRight', from, 24], 255]
nativeFactTypes:
'Term':
'Verb1': (from, to) -> ...
'Verb2': (from, to) -> ...
'Term2':
'Verb3': (from, to) -> ...
The (from, to) -> ...
function should return a chunk of abstract sql that can be used to resolve this fact type.
The from
parameter is abstract sql that will refer to an instance of the term that is of this type.
The to
parameter is abstract sql that will refer to an instance of the term that is of the type specified by the property name.
Note: The reasoning the ordering of this is SecondTerm -> Verb
, rather than Verb -> SecondTerm
is that it allows declaring all the links between two terms much easier (as you will see in the examples)
A selection of the the native fact types for Integer (in the actual file much more DRY is practiced):
nativeFactTypes:
'Integer':
'is greater than': (from, to) -> ['GreaterThan', from, to]
'is greater than or equal to': (from, to) -> ['GreaterThanOrEqual', from, to]
'is less than': (from, to) -> ['LessThan', from, to]
'is less than or equal to': (from, to) -> ['LessThanOrEqual', from, to]
'Real':
'is greater than': (from, to) -> ['GreaterThan', from, to]
'is greater than or equal to': (from, to) -> ['GreaterThanOrEqual', from, to]
'is less than': (from, to) -> ['LessThan', from, to]
'is less than or equal to': (from, to) -> ['LessThanOrEqual', from, to]
Tests can be found under the test/
folder, to run the whole suite use npm test
v3.1.0
FAQs
SBVR type definitions.
The npm package @balena/sbvr-types receives a total of 8,680 weekly downloads. As such, @balena/sbvr-types popularity was classified as popular.
We found that @balena/sbvr-types demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.