Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

maybeCoerceNumber bombs if coerce produced an object without toString #352

Open
groner opened this issue Feb 12, 2021 · 3 comments
Open

maybeCoerceNumber bombs if coerce produced an object without toString #352

groner opened this issue Feb 12, 2021 · 3 comments
Labels
bug

Comments

@groner
Copy link

groner commented Feb 12, 2021

I ran into this trying to use pg-connection-string.parse as a coerce function today, it returns an object with a null prototype which can't be coerced to a string.

import yargs from 'yargs';
import {parse as pgcs_parse} from 'pg-connection-string';


const parser = yargs('--db=postgresql://db/something'.split(/\s+/))
  .strict()
  .option('db', {
    coerce: pgcs_parse,
  })
  .fail((_, err) => {
    console.error(err.stack);
    process.exit(1);
  })
  ;

const argv = parser.parse();

console.log(argv);
:; ts-node test.ts
YError: Cannot convert object to primitive value
    at Object.parseArgs [as _parseArgs] (.../node_modules/yargs/build/index.cjs:2762:27)
    at Object.parse (.../node_modules/yargs/build/index.cjs:2260:31)
    at Object.<anonymous> (.../test.ts:16:21)
    at Module._compile (internal/modules/cjs/loader.js:1063:30)
    at Module.m._compile (/usr/local/lib/node_modules/ts-node/src/index.ts:858:23)
    at Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
    at Object.require.extensions.<computed> [as .ts] (/usr/local/lib/node_modules/ts-node/src/index.ts:861:12)
    at Module.load (internal/modules/cjs/loader.js:928:32)
    at Function.Module._load (internal/modules/cjs/loader.js:769:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)

The original stack trace is lost when it gets converted to YError, but the problem occurs in looksLikeNumber when the regexp is applied. It seems to me that maybeCoerceNumber could check if value is a string before doing anything more.
@sTEVE7611

This comment was marked as off-topic.

Sign in to view
@bcoe bcoe added the bug label Feb 13, 2021
@bcoe
Copy link
Member

bcoe commented Feb 13, 2021

@groner is the correct behavior for us to detect there's no .toString and just return false?

@groner
Copy link
Author

groner commented Feb 13, 2021

The bug comes from something looksLikeNumber doing something that tries and fails to coerce an object to a string. My thinking is that if the value is anything but a string, it probably doesn't need further interpretation. I would add a typeof value === 'string' check in maybeCoerceNumber or looksLikeNumber would solve this.

A more conservative fix might be to check if String(value) works without throwing an exception. Testing for .toString is probably fine too. There's a corner case with null/undefined, but we know they're not numbers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@groner @bcoe @sTEVE7611