JSONAta expression can be created that ends up in mutation of original input object #694

adamscybot · 2024-05-09T19:16:17Z

As discussed here $clone is an internal that is used to ultimately provide an external interface that has no side effects.

$clone was put in the environment so it can be customised, but I'm not sure if this was intended just as a binding from the outside or if it was accepted it could be used inside expression.

One can manipulate the $clone method in order to manipulate the original input object. I feel the original input object should probably never be touched and it is surprising there is a way to get JSONata to alter the input object.

const expression = jsonata(`
 (
    $clone := function($a) {
      $a
    };
    (
      $ ~> | $ | {'newKey': 'this is added to the original input object!'} |
    )
  )
`)

const input = {
  existingKey: 'existing key',
}

console.log('ORIGINAL INPUT BEFORE EXPRESSION', input)
console.log('OUTPUT', await expression.evaluate(input))
console.log('ORIGINAL INPUT AFTER EXPRESSION', input)

In this example, the last console line does show that the newKey has actually been added to the original input object.

The text was updated successfully, but these errors were encountered:

adamscybot changed the title ~~JSONAta expression can be hacked to mutate original input object~~ JSONAta expression can be created that ends up in mutation of original input object May 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

JSONAta expression can be created that ends up in mutation of original input object #694

JSONAta expression can be created that ends up in mutation of original input object #694

adamscybot commented May 9, 2024

JSONAta expression can be created that ends up in mutation of original input object #694

JSONAta expression can be created that ends up in mutation of original input object #694

Comments

adamscybot commented May 9, 2024