UNPKG

bfj

Version:

Big-friendly JSON. Asynchronous streaming functions for large JSON data sets.

gitlab.com/philbooth/bfj

152 lines (119 loc) 4.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
'use strict' module.exports = parseJsonPath /* Minimal jsonpath parser, * replacing `jsonpath` which depended on `static-eval` * (CVE-2026-1615, arbitrary code execution from untrusted input). * * Only the subset used by bfj is supported: * $.foo.bar dot-notation properties * $["foo"] bracket-notation strings * $[0] numeric indices * $[*] wildcards * * Filter expressions, script expressions, recursive descent, slices, and negative indices * are all rejected. * No eval, no regex, no dynamic code. */ function parseJsonPath (selector) { if (typeof selector !== 'string' || selector.length === 0 || selector[0] !== '$') { throw new SyntaxError('Invalid jsonpath: must start with $') } const result = [ { expression: { type: 'root', value: '$' } } ] let position = 1 if (position >= selector.length) { throw new SyntaxError('Invalid jsonpath: must have at least one segment after $') } while (position < selector.length) { const character = selector[position] if (character === '.') { position += 1 if (position >= selector.length || selector[position] === '.') { throw new SyntaxError('Invalid jsonpath: unexpected character after dot') } const id = parseIdentifier(selector, position) result.push({ expression: { type: 'identifier', value: id.value }, operation: 'member', scope: 'child' }) position = id.position } else if (character === '[') { position += 1 const content = parseBracketContent(selector, position) result.push({ expression: content.expression, operation: 'subscript', scope: 'child' }) position = content.position if (position >= selector.length || selector[position] !== ']') { throw new SyntaxError('Invalid jsonpath: unterminated bracket') } position += 1 } else { throw new SyntaxError(`Invalid jsonpath: unexpected character "${character}"`) } } return result } function parseBracketContent (selector, position) { if (position >= selector.length) { throw new SyntaxError('Invalid jsonpath: unterminated bracket') } const character = selector[position] if (character === '*') { return { expression: { type: 'wildcard', value: '*' }, position: position + 1 } } if (character === '"' || character === "'") { const str = parseStringLiteral(selector, position) return { expression: { type: 'string_literal', value: str.value }, position: str.position } } if (isDigit(character)) { const num = parseNumericLiteral(selector, position) return { expression: { type: 'numeric_literal', value: num.value }, position: num.position } } throw new SyntaxError(`Invalid jsonpath: unexpected bracket content "${character}"`) } function parseIdentifier (selector, position) { const start = position if (position >= selector.length || !isIdentifierStart(selector[position])) { throw new SyntaxError('Invalid jsonpath: expected identifier') } position += 1 while (position < selector.length && isIdentifier(selector[position])) { position += 1 } return { value: selector.slice(start, position), position } } function parseNumericLiteral (selector, position) { const start = position while (position < selector.length && isDigit(selector[position])) { position += 1 } return { value: parseInt(selector.slice(start, position), 10), position } } function parseStringLiteral (selector, position) { const quote = selector[position] position += 1 const start = position while (position < selector.length && selector[position] !== quote) { if (selector[position] === '\\') { throw new SyntaxError('Invalid jsonpath: escape sequences in strings are not supported') } position += 1 } if (position >= selector.length) { throw new SyntaxError('Invalid jsonpath: unterminated string') } const value = selector.slice(start, position) position += 1 return { value, position } } function isDigit (character) { return character >= '0' && character <= '9' } function isIdentifier (character) { return (character >= 'a' && character <= 'z') || (character >= 'A' && character <= 'Z') || (character >= '0' && character <= '9') || character === '_' || character === '$' } function isIdentifierStart (character) { return (character >= 'a' && character <= 'z') || (character >= 'A' && character <= 'Z') || character === '_' || character === '$' }