Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
arbitrary code execution
See original GitHub issueVery cool project! I’m just starting to look into the docs etc and familiarize myself so forgive my ignorance on the subject. From what I can tell the ‘functions’ can only use jsonata specific/defined/allowed function such that arbitrary code execution is not allowed? They are not actual js functions?
I’m not saying it’s good or bad, just want to know what I’m getting myself into for scenarios where the ‘query’ is potentially untrusted.
Is it safe to assume that under no circumstance/code path arbitrary code can be executed via expressions/queries?
In my case I’ll be using it in a nodejs environment and want to understand the risks that could be associated with it (ie: process.exit() getting executed or the like).
Thanks!
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Ah I’ll have a look. I’m generally dealing with very simplistic data but potentially repetitive in aggregate so across many many invocations it adds up. Some background here as an example: https://github.com/sanack/node-jq/issues/222
My similar test with jsonata results in very similar times as jsonpath…of course it’s very simplistic but the overhead seems much lower than what’s associated with jq as a base line. I’m sure invoking more complex queries would up things a bit but generally seems ok. I am already monitoring the open issue with this project revolving around performance 😃
EDIT: running the same arbitrary test from above with jsonpath vs jsonata over 500 iterations the timing difference is negligible, however, over 500k jsonpath takes ~6 seconds and jsonata takes ~24 seconds. Given the added power I can handle that over 500k requests, jq was simply a non-starter in the performance arena for my use case.
I think this has been answered. Closing.