Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

mariadb

Package Overview
Dependencies
Maintainers
3
Versions
46
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

mariadb - npm Package Compare versions

Comparing version 3.3.1 to 3.3.2

2

lib/cmd/handshake/auth/handshake.js

@@ -53,4 +53,4 @@ // SPDX-License-Identifier: LGPL-2.1-or-later

const serverCert = secureSocket.getPeerCertificate(false);
info.tlsCert = serverCert;
info.tlsFingerprint = serverCert ? serverCert.fingerprint256.replace(/:/gi, '').toLowerCase() : null;
Handshake.send.call(this, this, out, opts, handshake.pluginName, info);

@@ -57,0 +57,0 @@ });

60

lib/cmd/handshake/authentication.js

@@ -15,2 +15,3 @@ // SPDX-License-Identifier: LGPL-2.1-or-later

const utils = require('../../misc/utils');
const tls = require('tls');
const authenticationPlugins = {

@@ -76,23 +77,36 @@ mysql_native_password: require('./auth/native-password-auth.js'),

if (info.requireValidCert && info.selfSignedCertificate) {
// TLS was forced to trust, and certificate validation is required
packet.skip(2); //skip warning count
if (packet.remaining()) {
const validationHash = packet.readBufferLengthEncoded();
if (validationHash.length > 0) {
if (!this.plugin.permitHash() || !this.cmdParam.opts.password || this.cmdParam.opts.password === '') {
return this.throwNewError(
'Self signed certificates. Either set `ssl: { rejectUnauthorized: false }` (trust mode) or provide server certificate to client',
true,
info,
'08000',
Errors.ER_SELF_SIGNED_NO_PWD
);
if (info.requireValidCert) {
if (info.selfSignedCertificate) {
// TLS was forced to trust, and certificate validation is required
packet.skip(2); //skip warning count
if (packet.remaining()) {
const validationHash = packet.readBufferLengthEncoded();
if (validationHash.length > 0) {
if (!this.plugin.permitHash() || !this.cmdParam.opts.password || this.cmdParam.opts.password === '') {
return this.throwNewError(
'Self signed certificates. Either set `ssl: { rejectUnauthorized: false }` (trust mode) or provide server certificate to client',
true,
info,
'08000',
Errors.ER_SELF_SIGNED_NO_PWD
);
}
if (this.validateFingerPrint(validationHash, info)) {
return this.successEnd();
}
}
if (this.validateFingerPrint(validationHash, info)) {
return this.successEnd();
}
}
return this.throwNewError('self-signed certificate', true, info, '08000', Errors.ER_SELF_SIGNED);
} else if (info.requireIdentifyCheck) {
const identityError = tls.checkServerIdentity(opts.host, info.tlsCert);
if (identityError) {
return this.throwNewError(
'certificate identify Error: ' + identityError.message,
true,
info,
'08000',
Errors.ER_TLS_IDENTITY_ERROR
);
}
}
return this.throwNewError('self-signed certificate', true, info, '08000', Errors.ER_SELF_SIGNED);
}

@@ -168,2 +182,12 @@

authErr.fatal = true;
if (info.requireValidCert && info.selfSignedCertificate) {
// TLS was forced to trust, and certificate validation is required
return this.plugin.throwNewError(
'Self signed certificates. Either set `ssl: { rejectUnauthorized: false }` (trust mode) or provide server certificate to client',
true,
info,
'08000',
Errors.ER_SELF_SIGNED_NO_PWD
);
}
return this.plugin.throwError(authErr, info);

@@ -170,0 +194,0 @@

29

lib/cmd/parser.js

@@ -299,3 +299,3 @@ // SPDX-License-Identifier: LGPL-2.1-or-later

}
this.checkNestTablesDuplicates();
this.checkNestTablesDuplicatesAndPrivateFields();
}

@@ -331,3 +331,3 @@ } else {

checkNestTablesDuplicates() {
checkNestTablesDuplicatesAndPrivateFields() {
if (this.opts.checkDuplicate) {

@@ -348,2 +348,19 @@ for (let i = 0; i < this._columnCount; i++) {

}
for (let i = 0; i < this._columnCount; i++) {
if (privateFields.has(this.tableHeader[i][0])) {
this.throwUnexpectedError(
`Use of \`${this.tableHeader[i][0]}\` is not permitted with option \`nestTables\``,
false,
null,
'42000',
Errors.ER_PRIVATE_FIELDS_USE
);
// continue parsing results to keep connection state
// but without assigning possible dangerous value
this.parseRow = () => {
return {};
};
}
}
}

@@ -707,2 +724,10 @@

const privateFields = new Set([
'__defineGetter__',
'__defineSetter__',
'__lookupGetter__',
'__lookupSetter__',
'__proto__'
]);
module.exports = Parser;

5

lib/connection.js

@@ -1013,7 +1013,8 @@ // SPDX-License-Identifier: LGPL-2.1-or-later

this.opts.ssl.rejectUnauthorized === true;
info.requireIdentifyCheck = this.opts.ssl === true || this.opts.ssl.checkServerIdentity === undefined;
const baseConf = {
servername: this.opts.host,
socket: this.socket,
rejectUnauthorized: false
rejectUnauthorized: false,
checkServerIdentity: () => {}
};

@@ -1020,0 +1021,0 @@ const sslOption = this.opts.ssl === true ? baseConf : Object.assign({}, this.opts.ssl, baseConf);

2

lib/misc/errors.js

@@ -151,2 +151,4 @@ // SPDX-License-Identifier: LGPL-2.1-or-later

module.exports.ER_SELF_SIGNED_NO_PWD = 45057;
module.exports.ER_PRIVATE_FIELDS_USE = 45058;
module.exports.ER_TLS_IDENTITY_ERROR = 45059;

@@ -153,0 +155,0 @@ const keys = Object.keys(module.exports);

12

package.json
{
"name": "mariadb",
"version": "3.3.1",
"version": "3.3.2",
"description": "fast mariadb or mysql connector.",

@@ -52,10 +52,10 @@ "main": "promise.js",

"@types/geojson": "^7946.0.14",
"@types/node": "^20.11.17",
"@types/node": "^22.5.4",
"denque": "^2.1.0",
"iconv-lite": "^0.6.3",
"lru-cache": "^10.2.0"
"lru-cache": "^10.3.0"
},
"devDependencies": {
"@typescript-eslint/eslint-plugin": "^6.6.0",
"@typescript-eslint/parser": "^6.6.0",
"@typescript-eslint/eslint-plugin": "^7.18.0",
"@typescript-eslint/parser": "^7.18.0",
"benchmark": "^2.1.4",

@@ -73,3 +73,3 @@ "chai": "^4.4.1",

"prettier": "^3.0.3",
"typescript": "^5.3.3",
"typescript": "^5.6.2",
"winston": "^3.10.0"

@@ -76,0 +76,0 @@ },

15

types/index.d.ts

@@ -236,3 +236,3 @@ // SPDX-License-Identifier: LGPL-2.1-or-later

export interface ConnectionConfig extends UserConnectionConfig, QueryConfig {
export interface ConnectionConfig extends UserConnectionConfig, Omit<QueryConfig, 'timeout'> {
/**

@@ -264,2 +264,7 @@ * The hostname of the database you are connecting to. (Default: localhost)

/**
* Allows timeout for command execution.
*/
queryTimeout?: number;
/**
* This will print all incoming and outgoing packets on stdout.

@@ -912,2 +917,3 @@ * (Default: false)

msg: string,
sql?: string,
fatal?: boolean,

@@ -918,3 +924,4 @@ info?: { threadId?: number },

additionalStack?: string,
addHeader?: boolean
addHeader?: boolean,
cause?: unknown
): SqlError;

@@ -935,3 +942,3 @@ readonly prototype: SqlError;

TIMESTAMP = 7,
LONGLONG = 8,
BIGINT = 8,
INT24 = 9,

@@ -1003,3 +1010,3 @@ DATE = 10,

TIMESTAMP = 'TIMESTAMP',
LONGLONG = 'LONGLONG',
BIGINT = 'BIGINT',
INT24 = 'INT24',

@@ -1006,0 +1013,0 @@ DATE = 'DATE',

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc