Socket
Socket
Sign inDemoInstall

mysql

Package Overview
Dependencies
Maintainers
9
Versions
65
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

mysql - npm Package Compare versions

Comparing version 2.2.0 to 2.3.0

12

Changes.md

@@ -7,2 +7,14 @@ # Changes

## v2.3.0 (2014-05-16)
* Accept MySQL charset (like `UTF8` or `UTF8MB4`) in `charset` option #808
* Accept pool options in connection string to `mysql.createPool` #811
* Clone connection config for new pool connections
* Default `connectTimeout` to 2 minutes
* Reject unauthorized SSL connections (use `ssl.rejectUnauthorized` to override) #816
* Return last error when PoolCluster exhausts connection retries #818
* Remove connection from pool after `conn.changeUser` is released #806
* Throw on unknown SSL profile name #817
* User newer TLS functions when available #809
## v2.2.0 (2014-04-27)

@@ -9,0 +21,0 @@

5

fixtures/ssl-profiles.json
{
"Amazon RDS": {"ca":"-----BEGIN CERTIFICATE-----\nMIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRMw\nEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNSRFMxHDAaBgNVBAMTE2F3cy5h\nbWF6b24uY29tL3Jkcy8wHhcNMTAwNDA1MjI0NDMxWhcNMTUwNDA0MjI0NDMxWjB1\nMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2Vh\ndHRsZTETMBEGA1UEChMKQW1hem9uLmNvbTEMMAoGA1UECxMDUkRTMRwwGgYDVQQD\nExNhd3MuYW1hem9uLmNvbS9yZHMvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\ngQDKhXGU7tizxUR5WaFoMTFcxNxa05PEjZaIOEN5ctkWrqYSRov0/nOMoZjqk8bC\nmed9vPFoQGD0OTakPs0jVe3wwmR735hyVwmKIPPsGlaBYj1O6llIpZeQVyupNx56\nUzqtiLaDzh1KcmfqP3qP2dInzBfJQKjiRudo1FWnpPt33QIDAQABo4HaMIHXMB0G\nA1UdDgQWBBT/H3x+cqSkR/ePSIinPtc4yWKe3DCBpwYDVR0jBIGfMIGcgBT/H3x+\ncqSkR/ePSIinPtc4yWKe3KF5pHcwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh\nc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoTCkFtYXpvbi5jb20x\nDDAKBgNVBAsTA1JEUzEcMBoGA1UEAxMTYXdzLmFtYXpvbi5jb20vcmRzL4IJAOd1\ntlfiGoEoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAvguZy/BDT66x\nGfgnJlyQwnFSeVLQm9u/FIvz4huGjbq9dqnD6h/Gm56QPFdyMEyDiZWaqY6V08lY\nLTBNb4kcIc9/6pc0/ojKciP5QJRm6OiZ4vgG05nF4fYjhU7WClUx7cxq1fKjNc2J\nUCmmYqgiVkAGWRETVo+byOSDZ4swb10=\n-----END CERTIFICATE-----\n"}
"Amazon RDS": {
"ca": "-----BEGIN CERTIFICATE-----\nMIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRMw\nEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNSRFMxHDAaBgNVBAMTE2F3cy5h\nbWF6b24uY29tL3Jkcy8wHhcNMTAwNDA1MjI0NDMxWhcNMTUwNDA0MjI0NDMxWjB1\nMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2Vh\ndHRsZTETMBEGA1UEChMKQW1hem9uLmNvbTEMMAoGA1UECxMDUkRTMRwwGgYDVQQD\nExNhd3MuYW1hem9uLmNvbS9yZHMvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\ngQDKhXGU7tizxUR5WaFoMTFcxNxa05PEjZaIOEN5ctkWrqYSRov0/nOMoZjqk8bC\nmed9vPFoQGD0OTakPs0jVe3wwmR735hyVwmKIPPsGlaBYj1O6llIpZeQVyupNx56\nUzqtiLaDzh1KcmfqP3qP2dInzBfJQKjiRudo1FWnpPt33QIDAQABo4HaMIHXMB0G\nA1UdDgQWBBT/H3x+cqSkR/ePSIinPtc4yWKe3DCBpwYDVR0jBIGfMIGcgBT/H3x+\ncqSkR/ePSIinPtc4yWKe3KF5pHcwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh\nc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoTCkFtYXpvbi5jb20x\nDDAKBgNVBAsTA1JEUzEcMBoGA1UEAxMTYXdzLmFtYXpvbi5jb20vcmRzL4IJAOd1\ntlfiGoEoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAvguZy/BDT66x\nGfgnJlyQwnFSeVLQm9u/FIvz4huGjbq9dqnD6h/Gm56QPFdyMEyDiZWaqY6V08lY\nLTBNb4kcIc9/6pc0/ojKciP5QJRm6OiZ4vgG05nF4fYjhU7WClUx7cxq1fKjNc2J\nUCmmYqgiVkAGWRETVo+byOSDZ4swb10=\n-----END CERTIFICATE-----\n"
}
}

113

lib/Connection.js

@@ -0,2 +1,4 @@

var Crypto = require('crypto');
var Net = require('net');
var tls = require('tls');
var ConnectionConfig = require('./ConnectionConfig');

@@ -116,4 +118,2 @@ var Protocol = require('./protocol/Protocol');

var self = this;
return this._protocol.changeUser({

@@ -213,45 +213,78 @@ user : options.user || this.config.user,

if (tls.TLSSocket) {
// 0.11+ environment
Connection.prototype._startTLS = function _startTLS(onSecure) {
var secureContext = tls.createSecureContext({
key : this.config.ssl.key,
cert : this.config.ssl.cert,
passphrase : this.config.ssl.passphrase,
ca : this.config.ssl.ca
});
Connection.prototype._startTLS = function(onSecure) {
// "unpipe"
this._socket.removeAllListeners('data');
this._protocol.removeAllListeners('data');
var crypto = require('crypto');
var tls = require('tls');
var sslProfiles, sslProfileName;
if (typeof this.config.ssl == 'string') {
sslProfileName = this.config.ssl;
sslProfiles = require('../fixtures/ssl-profiles.json');
this.config.ssl = sslProfiles[this.config.ssl];
if (!this.config.ssl)
throw new Error('Unknown SSL profile for ' + sslProfileName);
}
// before TLS:
// _socket <-> _protocol
// after:
// _socket <-> securePair.encrypted <-> securePair.cleartext <-> _protocol
// socket <-> encrypted
var rejectUnauthorized = this.config.ssl.rejectUnauthorized;
var secureSocket = new tls.TLSSocket(this._socket, {
rejectUnauthorized : rejectUnauthorized,
requestCert : true,
secureContext : secureContext,
isServer : false
});
var credentials = crypto.createCredentials({
key: this.config.ssl.key,
cert: this.config.ssl.cert,
passphrase: this.config.ssl.passphrase,
ca: this.config.ssl.ca
});
var securePair = tls.createSecurePair(credentials, false);
securePair.encrypted.pipe(this._socket);
securePair.cleartext.pipe(this._protocol);
// cleartext <-> protocol
secureSocket.pipe(this._protocol);
this._protocol.on('data', function(data) {
secureSocket.write(data);
});
// TODO: change to unpipe/pipe (does not work for some reason. Streams1/2 conflict?)
this._socket.removeAllListeners('data');
this._protocol.removeAllListeners('data');
this._socket.on('data', function(data) {
securePair.encrypted.write(data);
});
this._protocol.on('data', function(data) {
securePair.cleartext.write(data);
});
securePair.on('secure', onSecure);
};
secureSocket.on('secure', function() {
onSecure(rejectUnauthorized ? this.ssl.verifyError() : null);
});
// start TLS communications
secureSocket._start();
};
} else {
// pre-0.11 environment
Connection.prototype._startTLS = function _startTLS(onSecure) {
// before TLS:
// _socket <-> _protocol
// after:
// _socket <-> securePair.encrypted <-> securePair.cleartext <-> _protocol
var credentials = Crypto.createCredentials({
key : this.config.ssl.key,
cert : this.config.ssl.cert,
passphrase : this.config.ssl.passphrase,
ca : this.config.ssl.ca
});
var rejectUnauthorized = this.config.ssl.rejectUnauthorized;
var securePair = tls.createSecurePair(credentials, false, true, rejectUnauthorized);
// "unpipe"
this._socket.removeAllListeners('data');
this._protocol.removeAllListeners('data');
// socket <-> encrypted
securePair.encrypted.pipe(this._socket);
this._socket.on('data', function(data) {
securePair.encrypted.write(data);
});
// cleartext <-> protocol
securePair.cleartext.pipe(this._protocol);
this._protocol.on('data', function(data) {
securePair.cleartext.write(data);
});
securePair.on('secure', function() {
onSecure(rejectUnauthorized ? this.ssl.verifyError() : null);
});
};
}
Connection.prototype._handleConnectTimeout = function() {

@@ -258,0 +291,0 @@ if (this._socket) {

28

lib/ConnectionConfig.js
var urlParse = require('url').parse;
var ClientConstants = require('./protocol/constants/client');
var Charsets = require('./protocol/constants/charsets');
var SSLProfiles = null;

@@ -18,3 +19,5 @@ module.exports = ConnectionConfig;

this.database = options.database;
this.connectTimeout = options.connectTimeout || undefined;
this.connectTimeout = (options.connectTimeout === undefined)
? (2 * 60 * 1000)
: options.connectTimeout;
this.insecureAuth = options.insecureAuth || false;

@@ -31,3 +34,5 @@ this.supportBigNumbers = options.supportBigNumbers || false;

this.pool = options.pool || undefined;
this.ssl = options.ssl || undefined;
this.ssl = (typeof options.ssl === 'string')
? ConnectionConfig.getSSLProfile(options.ssl)
: (options.ssl || false);
this.multipleStatements = options.multipleStatements || false;

@@ -45,2 +50,7 @@ this.typeCast = (options.typeCast === undefined)

if (this.ssl) {
// Default rejectUnauthorized to true
this.ssl.rejectUnauthorized = this.ssl.rejectUnauthorized !== false;
}
this.maxPacketSize = 0;

@@ -100,2 +110,16 @@ this.charsetNumber = (options.charset)

ConnectionConfig.getSSLProfile = function getSSLProfile(name) {
if (!SSLProfiles) {
SSLProfiles = require('./../fixtures/ssl-profiles.json');
}
var ssl = SSLProfiles[name];
if (ssl === undefined) {
throw new TypeError('Unknown SSL profile \'' + name + '\'');
}
return ssl;
};
ConnectionConfig.parseUrl = function(url) {

@@ -102,0 +126,0 @@ url = urlParse(url, true);

14

lib/Pool.js

@@ -38,3 +38,3 @@ var mysql = require('../');

if (this.config.connectionLimit === 0 || this._allConnections.length < this.config.connectionLimit) {
connection = new PoolConnection(this, { config: this.config.connectionConfig });
connection = new PoolConnection(this, { config: this.config.newConnectionConfig() });

@@ -100,4 +100,10 @@ this._allConnections.push(connection);

// add connection to end of free queue
this._freeConnections.push(connection);
if (connection._purge) {
// purge connection from pool
this._removeConnection(connection);
return;
} else {
// add connection to end of free queue
this._freeConnections.push(connection);
}
}

@@ -188,2 +194,4 @@

connection._pool = null;
if ((index = this._allConnections.indexOf(connection)) !== -1) {

@@ -190,0 +198,0 @@ // Remove connection from all connections

46

lib/PoolCluster.js

@@ -154,8 +154,4 @@ var Pool = require('./Pool');

self._increaseErrorCount(node);
if (self._canRetry) {
return cb(null, 'retry');
} else {
return cb(err);
}
cb(err);
return;
} else {

@@ -186,2 +182,4 @@ self._decreaseErrorCount(node);

var clusterNode = this._getClusterNode();
var cluster = this._cluster;
var namespace = this;

@@ -192,3 +190,10 @@ if (clusterNode === null) {

this._cluster._getConnection(clusterNode, function(err, connection) {
cluster._getConnection(clusterNode, function(err, connection) {
var retry = err && cluster._canRetry
&& cluster._findNodeIds(namespace._pattern).length !== 0;
if (retry) {
return namespace.getConnection(cb);
}
if (err) {

@@ -198,20 +203,25 @@ return cb(err);

if (connection === 'retry') {
return this.getConnection(cb);
}
cb(null, connection);
}.bind(this));
});
};
PoolNamespace.prototype._getClusterNode = function() {
PoolNamespace.prototype._getClusterNode = function _getClusterNode() {
var foundNodeIds = this._cluster._findNodeIds(this._pattern);
var nodeId;
if (foundNodeIds.length === 0) {
return null;
switch (foundNodeIds.length) {
case 0:
nodeId = null;
break;
case 1:
nodeId = foundNodeIds[0];
break;
default:
nodeId = this._selector(foundNodeIds);
break;
}
var nodeId = (foundNodeIds.length === 1) ? foundNodeIds[0] : this._selector(foundNodeIds);
return this._cluster._getNode(nodeId);
return nodeId !== null
? this._cluster._getNode(nodeId)
: null;
};

@@ -218,0 +228,0 @@

13

lib/PoolConfig.js

@@ -6,2 +6,6 @@

function PoolConfig(options) {
if (typeof options === 'string') {
options = ConnectionConfig.parseUrl(options);
}
this.connectionConfig = new ConnectionConfig(options);

@@ -18,1 +22,10 @@ this.waitForConnections = (options.waitForConnections === undefined)

}
PoolConfig.prototype.newConnectionConfig = function newConnectionConfig() {
var connectionConfig = new ConnectionConfig(this.connectionConfig);
connectionConfig.clientFlags = this.connectionConfig.clientFlags;
connectionConfig.maxPacketSize = this.connectionConfig.maxPacketSize;
return connectionConfig;
};

22

lib/PoolConnection.js

@@ -1,3 +0,4 @@

var inherits = require('util').inherits
, Connection = require('./Connection')
var inherits = require('util').inherits;
var Connection = require('./Connection')
var __changeUser = Connection.prototype.changeUser;

@@ -9,3 +10,4 @@ module.exports = PoolConnection;

Connection.call(this, options);
this._pool = pool;
this._pool = pool;
this._purge = false

@@ -19,8 +21,16 @@ // When a fatal error occurs the connection's protocol ends, which will cause

PoolConnection.prototype.release = function () {
if (!this._pool || this._pool._closed) {
PoolConnection.prototype.changeUser = function changeUser(options, callback) {
this._purge = true;
return __changeUser.apply(this, arguments);
};
PoolConnection.prototype.release = function release() {
var pool = this._pool;
if (!pool || pool._closed) {
return;
}
return this._pool.releaseConnection(this);
return pool.releaseConnection(this);
};

@@ -27,0 +37,0 @@

42

lib/protocol/constants/charsets.js

@@ -221,1 +221,43 @@ exports.BIG5_CHINESE_CI = 1;

exports.UTF8_GENERAL50_CI = 253;
// short aliases
exports.ARMSCII8 = exports.ARMSCII8_GENERAL_CI;
exports.ASCII = exports.ASCII_GENERAL_CI;
exports.BIG5 = exports.BIG5_CHINESE_CI;
exports.BINARY = exports.BINARY;
exports.CP1250 = exports.CP1250_GENERAL_CI;
exports.CP1251 = exports.CP1251_GENERAL_CI;
exports.CP1256 = exports.CP1256_GENERAL_CI;
exports.CP1257 = exports.CP1257_GENERAL_CI;
exports.CP866 = exports.CP866_GENERAL_CI;
exports.CP850 = exports.CP850_GENERAL_CI;
exports.CP852 = exports.CP852_GENERAL_CI;
exports.CP932 = exports.CP932_JAPANESE_CI;
exports.DEC8 = exports.DEC8_SWEDISH_CI;
exports.EUCJPMS = exports.EUCJPMS_JAPANESE_CI;
exports.EUCKR = exports.EUCKR_KOREAN_CI;
exports.GB2312 = exports.GB2312_CHINESE_CI;
exports.GBK = exports.GBK_CHINESE_CI;
exports.GEOSTD8 = exports.GEOSTD8_GENERAL_CI;
exports.GREEK = exports.GREEK_GENERAL_CI;
exports.HEBREW = exports.HEBREW_GENERAL_CI;
exports.HP8 = exports.HP8_ENGLISH_CI;
exports.KEYBCS2 = exports.KEYBCS2_GENERAL_CI;
exports.KOI8R = exports.KOI8R_GENERAL_CI;
exports.KOI8U = exports.KOI8U_GENERAL_CI;
exports.LATIN1 = exports.LATIN1_SWEDISH_CI;
exports.LATIN2 = exports.LATIN2_GENERAL_CI;
exports.LATIN5 = exports.LATIN5_TURKISH_CI;
exports.LATIN7 = exports.LATIN7_GENERAL_CI;
exports.MACCE = exports.MACCE_GENERAL_CI;
exports.MACROMAN = exports.MACROMAN_GENERAL_CI;
exports.SJIS = exports.SJIS_JAPANESE_CI;
exports.SWE7 = exports.SWE7_SWEDISH_CI;
exports.TIS620 = exports.TIS620_THAI_CI;
exports.UCS2 = exports.UCS2_GENERAL_CI;
exports.UJIS = exports.UJIS_JAPANESE_CI;
exports.UTF16 = exports.UTF16_GENERAL_CI;
exports.UTF16LE = exports.UTF16LE_GENERAL_CI;
exports.UTF8 = exports.UTF8_GENERAL_CI;
exports.UTF8MB4 = exports.UTF8MB4_GENERAL_CI;
exports.UTF32 = exports.UTF32_GENERAL_CI;

1

lib/protocol/packets/ComChangeUserPacket.js

@@ -13,2 +13,3 @@ module.exports = ComChangeUserPacket;

ComChangeUserPacket.prototype.parse = function(parser) {
this.command = parser.parseUnsignedNumber(1);
this.user = parser.parseNullTerminatedString();

@@ -15,0 +16,0 @@ this.scrambleBuff = parser.parseLengthCodedBuffer();

7

lib/protocol/packets/HandshakeInitializationPacket.js

@@ -0,1 +1,3 @@

var Client = require('../constants/client');
module.exports = HandshakeInitializationPacket;

@@ -20,2 +22,7 @@ function HandshakeInitializationPacket(options) {

this.protocol41 = options.protocol41;
if (this.protocol41) {
// force set the bit in serverCapabilities1
this.serverCapabilities1 |= Client.CLIENT_PROTOCOL_41;
}
}

@@ -22,0 +29,0 @@

10

lib/protocol/Protocol.js

@@ -127,3 +127,11 @@ var Parser = require('./Parser');

.on('start-tls', function() {
self._connection._startTLS(function() {
self._connection._startTLS(function(err) {
if (err) {
// SSL negotiation error are fatal
err.code = 'HANDSHAKE_SSL_ERROR';
err.fatal = true;
sequence.end(err);
return
}
sequence._tlsUpgradeCompleteHandler();

@@ -130,0 +138,0 @@ })

23

package.json
{
"author": "Felix Geisendörfer <felix@debuggable.com> (http://debuggable.com/)",
"name": "mysql",
"description": "A node.js driver for mysql. It is written in JavaScript, does not require compiling, and is 100% MIT licensed.",
"version": "2.2.0",
"version": "2.3.0",
"license": "MIT",
"author": "Felix Geisendörfer <felix@debuggable.com> (http://debuggable.com/)",
"contributors": [
{
"name": "Andrey Sidorov",
"email": "sidorares@yandex.ru"
},
{
"name": "Douglas Christopher Wilson",
"email": "doug@somethingdoug.com"
},
{
"name": "Diogo Resende",
"email": "dresende@thinkdigital.pt"
}
],
"homepage": "https://github.com/felixge/node-mysql",

@@ -16,3 +31,3 @@ "repository": {

"dependencies": {
"bignumber.js": "1.3.0",
"bignumber.js": "1.4.0",
"readable-stream": "~1.1.13",

@@ -23,3 +38,3 @@ "require-all": "0.0.8"

"underscore": "1.6.0",
"urun": "0.0.7",
"urun": "0.0.8",
"utest": "0.0.8"

@@ -26,0 +41,0 @@ },

39

Readme.md

@@ -1,9 +0,7 @@

# node-mysql
# mysql [![Build Status](https://travis-ci.org/felixge/node-mysql.svg?branch=master)](https://travis-ci.org/felixge/node-mysql) [![NPM version](https://badge.fury.io/js/mysql.svg)](http://badge.fury.io/js/mysql)
[![Build Status](https://travis-ci.org/felixge/node-mysql.svg?branch=master)](https://travis-ci.org/felixge/node-mysql)
## Install
```bash
npm install mysql
```sh
$ npm install mysql
```

@@ -16,5 +14,5 @@

```sh
$ npm install felixge/node-mysql
```
npm install felixge/node-mysql
```

@@ -147,6 +145,8 @@ [v0.9 branch]: https://github.com/felixge/node-mysql/tree/v0.9

* `database`: Name of the database to use for this connection (Optional).
* `charset`: The charset for the connection. (Default: `'UTF8_GENERAL_CI'`)
* `charset`: The charset for the connection. This is called "collation" in the SQL-level
of MySQL (like `utf8_general_ci`). If a SQL-level charset is specified (like `utf8mb4`)
then the default collation for that charset is used. (Default: `'UTF8_GENERAL_CI'`)
* `timezone`: The timezone used to store local dates. (Default: `'local'`)
* `connectTimeout`: The milliseconds before a timeout occurs during the initial connection
to the MySQL server. (Default: no timeout)
to the MySQL server. (Default: 2 minutes)
* `stringifyObjects`: Stringify objects instead of converting to values. See

@@ -212,2 +212,16 @@ issue [#501](https://github.com/felixge/node-mysql/issues/501). (Default: `'false'`)

You can also connect to a MySQL server without properly providing the appropriate
CA to trust. _You should not do this_.
```js
var connection = mysql.createConnection({
host : 'localhost',
ssl : {
// DO NOT DO THIS
// set up your ca correctly to trust the connection
rejectUnauthorized: false
}
});
```
## Terminating connections

@@ -246,5 +260,6 @@

var pool = mysql.createPool({
host : 'example.org',
user : 'bob',
password : 'secret'
connectionLimit : 10,
host : 'example.org',
user : 'bob',
password : 'secret'
});

@@ -251,0 +266,0 @@ 

.travis.yml
tool/generate-error-constants.js
.npmignore

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc