Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
bson-transpilers
Advanced tools
Source to source compilers using ANTLR
Transpilers for building BSON documents in any language. Current support
provided for shell
as inputs. java
, c#
, node
, shell
, python
, ruby
and go
as outputs.
See also the original presentation: https://drive.google.com/file/d/1jvwtR3k9oBUzIjL4z_VtpHvdWahfcjTK/view
NOTES:
python
with corresponding test cases has been removed to avoid bundling and supporting unused code, however it can be still be found in https://github.com/mongodb-js/compass/tree/80cf701e44cd966207f956fac69e8233861b1cd5/packages/bson-transpilers.shell
output is disabled as is essentially the only input in use and it produces code that is compatible only with legacy mongo
shell not the new mongosh
shell. See COMPASS-4930 for some additional context.const transpiler = require('bson-transpilers');
const input = 'shell';
const output = 'java';
const string =`
{ item: "book", qty: Int32(10), tags: ["red", "blank"], dim_cm: [14, Int32("81")] }`;
try {
const compiledString = transpiler[input][output].compile(string);
console.log(compiledCode);
// new Document("item", "book").append("qty", 10)
// .append("tags", Arrays.asList("red", "blank"))
// .append("dim_cm", Arrays.asList(14L, 81")))
} catch (error) {
console.error(error);
}
Output a compiled string given input and output languages.
shell
and javascript
are currently supported.java
,
python
, shell
, javascript
, and csharp
are currently supported.Output a string containing the set of import statements for the generated code to compile. These are all the packages that the compiled code could use so that the transpiler output will be runnable.
shell
and javascript
are currently supported.java
,
python
, shell
, javascript
, and csharp
are currently supported..find()
method or 'Pipeline' for .aggregate()
.Any transpiler errors that occur will be thrown. To catch them, wrap the
transpiler
in a try/catch
block.
bson-transpilers
will send back letting you know
the transpiler error.bson-transpilers
adds to the error object to
help you distinguish error types.The CodeGenerationVisitor
class manages a global state which is bound to the argsTemplate
functions. This state is intended to be used as a solution for the argsTemplate
functions to communicate with the DriverTemplate
function. For example:
ObjectIdEqualsArgsTemplate: &ObjectIdEqualsArgsTemplate !!js/function >
(_) => {
this.oneLineStatement = "Hello World";
return '';
}
DriverTemplate: &DriverTemplate !!js/function >
(_spec) => {
return this.oneLineStatement;
}
The output of the driver syntax for this language will be the one-line statement Hello World
.
A more practical use-case of state is to accumulate variable declarations throughout the argsTemplate
to be rendered by the DriverTemplate
. That is, the motivation for using DeclarationStore
is to prepend the driver syntax with variable declarations rather than using non-idiomatic solutions such as closures.
The DeclarationStore
class maintains an internal state concerning variable declarations. For example,
// within the args template
(arg) => {
return this.declarations.add("Temp", "objectID", (varName) => {
return [
`${varName}, err := primitive.ObjectIDFromHex(${arg})`,
'if err != nil {',
' log.Fatal(err)',
'}'
].join('\n')
})
}
Note that each use of the same variable name will result in an increment being added to the declaration statement. For example, if the variable name objectIDForTemp
is used two times the resulting declaration statements will use objectIDForTemp
for the first declaration and objectID2ForTemp
for the second declaration. The add
method returns the incremented variable name, and is therefore what would be expected as the right-hand side of the statement defined by the argsTemplate
function.
The instance of the DeclarationStore
constructed by the transpiler class is passed into the driver, syntax via state, for use:
(spec) => {
const comment = '// some comment'
const client = 'client, err := mongo.Connect(context.Background(), options.Client().ApplyURI(cs.String()))'
return "#{comment}\n\n#{client}\n\n${this.declarations.toString()}"
}
There are a few different error classes thrown by bson-transpilers
, each with
their own error code:
This will occur when you're using a method with a wrong number of arguments, or
the arguments are of the wrong type.
For example, ObjectId().equals()
requires one argument and it will throw if
anything other than one argument is provided:
// ✘: this will throw a BsonTranspilersArgumentError.
ObjectId().equals(ObjectId(), ObjectId());
// ✔: this won't throw
ObjectId().equals(ObjectId());
// ✘: this will throw a BsonTranspilersArgumentError.
ObjectId({});
// ✔: this won't throw
ObjectId();
Will be thrown if an invalid method or property is used on a BSON object. For
example, since new DBRef()
doesn't have a method .foo()
, transpiler will
throw:
// ✘: method foo doesn't exist, so this will throw a BsonTranspilersAttributeError .
new DBRef('newCollection', new ObjectId()).foo()
// ✔: this won't throw, since .toString() method exists
new DBRef('newCollection', new ObjectId()).toString(10)
This will throw if you have a syntax error. For example missing a colon in Object assignment, or forgetting a comma in array definition:
// ✘: this is not a proper object definition; will throw E_SYNTAX_GENERIC
{ key 'beep' }
// ✘: this is not a proper array definition, will throw E_SYNTAX_GENERIC
[ 'beep'; 'boop' 'beepBoop' ]
// ✔: neither of these will throw
{ key: 'beep' }
[ 'beep', 'boop', 'beepBoop' ]
This error will occur if a symbol is treated as the wrong type. For example, if a non-function is called:
// ✘: MAX_VALUE is a constant, not a function
Long.MAX_VALUE()
// ✔: MAX_VALUE without a call will not throw
Long.MAX_VALUE
If there is a feature in the input code that is not currently supported by the transpiler.
A generic runtime error will be thrown for all errors that are not covered by the
above list of errors. These are usually constructor requirements, for example
when using a RegExp()
an unsupported flag is given:
// ✘: these are not proper 'RegExp()' flags, a BsonTranspilersRuntimeError will be thrown.
new RegExp('ab+c', 'beep')
// ✔: 'im' are proper 'RegExp()' flags
new RegExp('ab+c', 'im')
In the case where something has gone wrong within compilation, and an error has occured. If you see this error, please create an issue on Github!
npm install -S bson-transpilers
Head over to the readme on contributing to find out more information on project structure and setting up your environment.
FAQs
Source to source compilers using ANTLR
The npm package bson-transpilers receives a total of 120 weekly downloads. As such, bson-transpilers popularity was classified as not popular.
We found that bson-transpilers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.