Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2026-03-02 04:09:24 +00:00
Code Issues Projects Releases Wiki Activity

(core) Fix issue with lodash's map interpreting objects with length as array-like

Browse Source 
Summary:
Here's a series of badness that easily leads to a crash, in reverse order:
- Lodash's map() function interprets an object with a .length property as an array.
- Some very old code generated human-friendly descriptions of user actions,
  applying map() to parts of them. It so happens that this generated description
  isn't even used.
- If a user action is encountered with a sufficiently large length propery,
  map() would exhaust the server memory.

Fixed by removing old unneeded code, and replacing some other occurrences of
lodash's map() with native equivalents.

Test Plan: Tested manually on a local reproduction of the issue.

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D3938
This commit is contained in:
Dmitry S
2023-07-01 14:31:21 -04:00
parent b0aa17c932
commit 2b581ab7dc
6 changed files with 16 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/common/DocActions.ts
View File

@@ -14,8 +14,6 @@ export interface AllCellVersions {
}
export type CellVersions = Partial<AllCellVersions>;
import map = require('lodash/map');
export type AddRecord = ['AddRecord', string, number, ColValues];
export type BulkAddRecord = ['BulkAddRecord', string, number[], BulkColValues];
export type RemoveRecord = ['RemoveRecord', string, number];
@@ -150,21 +148,6 @@ export type UserAction = Array<string|number|object|boolean|null|undefined>;
// Actions that trigger formula calculations in the data engine
export const CALCULATING_USER_ACTIONS = new Set(['Calculate', 'UpdateCurrentTime', 'RespondToRequests']);
/**
* Gives a description for an action which involves setting values to a selection.
* @param {Array} action - The (Bulk)AddRecord/(Bulk)UpdateRecord action to describe.
* @param {Boolean} optExcludeVals - Indicates whether the values should be excluded from
* the description.
*/
export function getSelectionDesc(action: UserAction, optExcludeVals: boolean): string {
const table = action[1];
const rows = action[2];
const colValues: number[] = action[3] as any; // TODO: better typing - but code may evaporate
const columns = map(colValues, (values, col) => optExcludeVals ? col : `${col}: ${values}`);
const s = typeof rows === 'object' ? 's' : '';
return `table ${table}, row${s} ${rows}; ${columns.join(", ")}`;
}
export function getNumRows(action: DocAction): number {
return !isDataAction(action) ? 0
: Array.isArray(action[2]) ? action[2].length

2
app/common/ThemePrefs-ti.ts
View File

@@ -185,6 +185,8 @@ export const ThemeColors = t.iface([], {
"left-panel-page-options-selected-hover-bg": "string",
"left-panel-page-initials-fg": "string",
"left-panel-page-initials-bg": "string",
"left-panel-page-emoji-fg": "string",
"left-panel-page-emoji-outline": "string",
"right-panel-tab-fg": "string",
"right-panel-tab-bg": "string",
"right-panel-tab-icon": "string",