-
Notifications
You must be signed in to change notification settings - Fork 166
Unsafe call to JSON.parse in CsvError class #262
Comments
Could you write us a simple example reproducing the issue? |
Right, sorry, I completely forgot to provide a way to reproduce this 😅 Basically, you need to have a CSV file that looks like this:
If you use the parser without any options, you get the expected behavior. However, the bug comes in only if you happen to use the feature from the So, here's the code to reproduce it (having const {resolve} = require('path');
const {createReadStream} = require('fs');
const parse = require('csv-parse');
const stringify = require('csv-stringify');
const parser = parse({columns: ['a', 'b', null]});
const stringifier = stringify();
createReadStream(resolve(__dirname, './input.csv'))
.pipe(parser)
.pipe(stringifier)
.pipe(process.stdout); I also tried passing Let me know if I can provide additional information or anything else. And as I mentioned before, I'll be glad to help solving it ✌️ |
Hi there 👋
First, thank you guys for the awesome work on this library!
I might have found a bug in the implementation of the
CsvError
class: if a malformed CSV file is being parsed, and by malformed I mean one of the rows have less values than expected, a proper error is thrown from the__onRow
internal handler, but when theCsvError
constructor is reached, an unsafe call toJSON.parse
is made.Here's the stack trace of that error with the latest version (4.6.3) of the library:
This error comes from an anonymous function and is not catchable by the stream error event handler because it's not emitted at all, which makes it impossible to handle it properly.
Just for reference, here's the stack trace for the expected error (got by replacing the
JSON.parse(JSON.stringify(value));
withJSON.parse(JSON.stringify(value || ''));
):If you are fine with the proposed quick fix, I can also open a pull request.
Otherwise, just let me know what you think and/or how can this be fixed in a better way.
Cheers!
The text was updated successfully, but these errors were encountered: