Release some of the safety measures, some of them are incomplete at this

TotalTechGeek · TotalTechGeek · commit bf2fa278af0a · 2025-11-01T18:16:29.000-05:00
time. Also add a tiny bug fix for try.
diff --git a/asyncLogic.js b/asyncLogic.js
@@ -23,15 +23,15 @@ class AsyncLogicEngine {
    * - In mainline: empty arrays are falsey; in our implementation, they are truthy.
    *
    * @param {Object} methods An object that stores key-value pairs between the names of the commands & the functions they execute.
-   * @param {{ disableInline?: Boolean, disableInterpretedOptimization?: boolean, permissive?: boolean, enableObjectAccumulators?: boolean, maxArrayLength?: number, maxStringLength?: number }} options
+   * @param {{ disableInline?: Boolean, disableInterpretedOptimization?: boolean, permissive?: boolean, maxDepth?: number, maxArrayLength?: number, maxStringLength?: number }} options
    */
   constructor (
     methods = defaultMethods,
-    options = { disableInline: false, disableInterpretedOptimization: false, permissive: false, enableObjectAccumulators: false, maxArrayLength: 1 << 15, maxStringLength: 1 << 16 }
+    options = { disableInline: false, disableInterpretedOptimization: false, permissive: false, maxDepth: 0, maxArrayLength: 1 << 15, maxStringLength: 1 << 16 }
   ) {
     this.methods = { ...methods }
-    /** @type {{disableInline?: Boolean, disableInterpretedOptimization?: Boolean, enableObjectAccumulators?: Boolean, maxArrayLength?: number, maxStringLength?: number}} */
-    this.options = { disableInline: options.disableInline, disableInterpretedOptimization: options.disableInterpretedOptimization, enableObjectAccumulators: options.enableObjectAccumulators || false, maxArrayLength: options.maxArrayLength || (1 << 15), maxStringLength: options.maxStringLength || (1 << 16) }
+    /** @type {{disableInline?: Boolean, disableInterpretedOptimization?: Boolean, maxDepth?: number, maxArrayLength?: number, maxStringLength?: number}} */
+    this.options = { disableInline: options.disableInline, disableInterpretedOptimization: options.disableInterpretedOptimization, maxDepth: options.maxDepth || 0, maxArrayLength: options.maxArrayLength || (1 << 15), maxStringLength: options.maxStringLength || (1 << 16) }
     this.disableInline = options.disableInline
     this.disableInterpretedOptimization = options.disableInterpretedOptimization
     this.async = true
diff --git a/async_iterators.js b/async_iterators.js
@@ -1,7 +1,7 @@
 // @ts-check
 'use strict'
 
-import { assertNotType } from './utilities/downgrade.js'
+import { assertAllowedDepth } from './utilities/downgrade.js'
 
 // Note: Each of these iterators executes synchronously, and will not "run in parallel"
 // I am supporting filter, reduce, some, every, map
@@ -39,17 +39,17 @@ export async function map (arr, iter) {
   return result
 }
 
-export async function reduce (arr, iter, defaultValue, skipTypeCheck = false) {
+export async function reduce (arr, iter, defaultValue, maxDepth = 0) {
   if (arr.length === 0) {
     if (typeof defaultValue !== 'undefined') return defaultValue
     throw new Error('Array has no elements.')
   }
 
   const start = typeof defaultValue === 'undefined' ? 1 : 0
-  let data = assertNotType(start ? arr[0] : defaultValue, skipTypeCheck ? '' : 'object')
+  let data = assertAllowedDepth(start ? arr[0] : defaultValue, maxDepth)
 
   for (let i = start; i < arr.length; i++) {
-    data = assertNotType(await iter(data, arr[i]), skipTypeCheck ? '' : 'object')
+    data = assertAllowedDepth(await iter(data, arr[i]), maxDepth)
   }
 
   return data
diff --git a/compiler.js b/compiler.js
@@ -11,7 +11,7 @@ import {
 import asyncIterators from './async_iterators.js'
 import { coerceArray } from './utilities/coerceArray.js'
 import { countArguments } from './utilities/countArguments.js'
-import { precoerceNumber, assertSize, compareCheck, assertNotType } from './utilities/downgrade.js'
+import { precoerceNumber, assertSize, compareCheck, assertAllowedDepth } from './utilities/downgrade.js'
 
 /**
  * Provides a simple way to compile logic into a function that can be run.
@@ -99,7 +99,7 @@ export function isDeterministic (method, engine, buildState) {
     return typeof engine.methods[func].deterministic === 'function'
       ? engine.methods[func].deterministic(lower, buildState)
       : engine.methods[func].deterministic &&
-          isDeterministic(lower, engine, buildState)
+      isDeterministic(lower, engine, buildState)
   }
 
   return true
@@ -319,12 +319,12 @@ function processBuiltString (method, str, buildState) {
     str = str.replace(`__%%%${x}%%%__`, item)
   })
 
-  const final = `(values, methods, notTraversed, asyncIterators, engine, above, coerceArray, precoerceNumber, assertSize, compareCheck, assertNotType) => ${buildState.asyncDetected ? 'async' : ''} (context ${buildState.extraArguments ? ',' + buildState.extraArguments : ''}) => { ${str.includes('prev') ? 'let prev;' : ''} const result = ${str}; return result }`
+  const final = `(values, methods, notTraversed, asyncIterators, engine, above, coerceArray, precoerceNumber, assertSize, compareCheck, assertAllowedDepth) => ${buildState.asyncDetected ? 'async' : ''} (context ${buildState.extraArguments ? ',' + buildState.extraArguments : ''}) => { ${str.includes('prev') ? 'let prev;' : ''} const result = ${str}; return result }`
   // console.log(str)
   // console.log(final)
   // eslint-disable-next-line no-eval
   return Object.assign(
-    (typeof globalThis !== 'undefined' ? globalThis : global).eval(final)(values, methods, notTraversed, asyncIterators, engine, above, coerceArray, precoerceNumber, assertSize, compareCheck, assertNotType), {
+    (typeof globalThis !== 'undefined' ? globalThis : global).eval(final)(values, methods, notTraversed, asyncIterators, engine, above, coerceArray, precoerceNumber, assertSize, compareCheck, assertAllowedDepth), {
       [Sync]: !buildState.asyncDetected,
       deterministic: !str.includes('('),
       aboveDetected: typeof str === 'string' && str.includes(', above')
diff --git a/defaultMethods.js b/defaultMethods.js
@@ -7,7 +7,7 @@ import declareSync from './utilities/declareSync.js'
 import { build, buildString } from './compiler.js'
 import chainingSupported from './utilities/chainingSupported.js'
 import legacyMethods from './legacy.js'
-import { precoerceNumber, assertNotType } from './utilities/downgrade.js'
+import { precoerceNumber, assertAllowedDepth } from './utilities/downgrade.js'
 
 const INVALID_ARGUMENTS = { type: 'Invalid Arguments' }
 
@@ -402,7 +402,7 @@ const defaultMethods = {
       }
 
       res = buildState.compile`${res} } })(context, above)`
-      if (res[Compiled].includes('await')) res[Compiled] = res[Compiled].replace('((context', '(async (context')
+      if (res[Compiled].includes('await')) res[Compiled] = res[Compiled].replace('((context', 'await (async (context')
 
       return res
     }
@@ -653,16 +653,16 @@ const defaultMethods = {
       }
       mapper = build(mapper, mapState)
       const aboveArray = mapper.aboveDetected ? '[null, context, above]' : 'null'
-      const verifyAccumulator = buildState.engine.options.enableObjectAccumulators ? '' : 'assertNotType'
+      const verifyAccumulator = buildState.engine.options.maxDepth === Infinity ? '' : 'assertAllowedDepth'
       buildState.methods.push(mapper)
 
       if (async) {
         if (!isSync(mapper) || selector.includes('await')) {
           buildState.asyncDetected = true
           if (typeof defaultValue !== 'undefined') {
-            return `await asyncIterators.reduce(${selector} || [], (a,b) => methods[${buildState.methods.length - 1}]({ accumulator: a, current: b }, ${aboveArray}), ${defaultValue}, ${buildState.engine.options.enableObjectAccumulators})`
+            return `await asyncIterators.reduce(${selector} || [], (a,b) => methods[${buildState.methods.length - 1}]({ accumulator: a, current: b }, ${aboveArray}), ${defaultValue}, ${buildState.engine.options.maxDepth})`
           }
-          return `await asyncIterators.reduce(${selector} || [], (a,b) => methods[${buildState.methods.length - 1}]({ accumulator: a, current: b }, ${aboveArray}), undefined, ${buildState.engine.options.enableObjectAccumulators})`
+          return `await asyncIterators.reduce(${selector} || [], (a,b) => methods[${buildState.methods.length - 1}]({ accumulator: a, current: b }, ${aboveArray}), undefined, ${buildState.engine.options.maxDepth})`
         }
       }
 
@@ -675,15 +675,13 @@ const defaultMethods = {
       if (!Array.isArray(input)) throw INVALID_ARGUMENTS
       let [selector, mapper, defaultValue] = input
 
-      const verifyAccumulator = engine.options.enableObjectAccumulators ? a => a : assertNotType
-
-      defaultValue = verifyAccumulator(runOptimizedOrFallback(defaultValue, engine, context, above))
+      defaultValue = assertAllowedDepth(runOptimizedOrFallback(defaultValue, engine, context, above), engine.options.maxDepth)
       selector = runOptimizedOrFallback(selector, engine, context, above) || []
-      let func = (accumulator, current) => verifyAccumulator(engine.run(mapper, { accumulator, current }, { above: [selector, context, above] }), 'object')
+      let func = (accumulator, current) => assertAllowedDepth(engine.run(mapper, { accumulator, current }, { above: [selector, context, above] }), engine.options.maxDepth)
 
       if (engine.optimizedMap.has(mapper) && typeof engine.optimizedMap.get(mapper) === 'function') {
         const optimized = engine.optimizedMap.get(mapper)
-        func = (accumulator, current) => verifyAccumulator(optimized({ accumulator, current }, [selector, context, above]))
+        func = (accumulator, current) => assertAllowedDepth(optimized({ accumulator, current }, [selector, context, above]), engine.options.maxDepth)
       }
 
       if (typeof defaultValue === 'undefined') return selector.reduce(func)
@@ -694,9 +692,8 @@ const defaultMethods = {
     asyncMethod: async (input, context, above, engine) => {
       if (!Array.isArray(input)) throw INVALID_ARGUMENTS
       let [selector, mapper, defaultValue] = input
-      const verifyAccumulator = engine.options.enableObjectAccumulators ? a => a : assertNotType
 
-      defaultValue = verifyAccumulator(await engine.run(defaultValue, context, { above }))
+      defaultValue = assertAllowedDepth(await engine.run(defaultValue, context, { above }), engine.options.maxDepth)
       selector = (await engine.run(selector, context, { above })) || []
       return asyncIterators.reduce(
         selector,
@@ -713,7 +710,7 @@ const defaultMethods = {
           )
         },
         defaultValue,
-        engine.enableObjectAccumulators
+        engine.options.maxDepth
       )
     },
     lazy: true
@@ -823,7 +820,7 @@ const defaultMethods = {
           return accumulator
         },
         {},
-        true
+        Infinity
       )
       return result
     }
diff --git a/logic.js b/logic.js
@@ -18,11 +18,11 @@ class LogicEngine {
    * Creates a new instance of the Logic Engine.
   *
    * @param {Object} methods An object that stores key-value pairs between the names of the commands & the functions they execute.
-   * @param {{ disableInline?: Boolean, disableInterpretedOptimization?: Boolean, permissive?: boolean, enableObjectAccumulators?: boolean, maxArrayLength?: number, maxStringLength?: number }} options
+   * @param {{ disableInline?: Boolean, disableInterpretedOptimization?: Boolean, permissive?: boolean, maxDepth?: number, maxArrayLength?: number, maxStringLength?: number }} options
    */
   constructor (
     methods = defaultMethods,
-    options = { disableInline: false, disableInterpretedOptimization: false, permissive: false, enableObjectAccumulators: false, maxArrayLength: 1 << 15, maxStringLength: 1 << 16 }
+    options = { disableInline: false, disableInterpretedOptimization: false, permissive: false, maxDepth: 0, maxArrayLength: 1 << 15, maxStringLength: 1 << 16 }
   ) {
     this.disableInline = options.disableInline
     this.disableInterpretedOptimization = options.disableInterpretedOptimization
@@ -31,8 +31,8 @@ class LogicEngine {
     this.optimizedMap = new WeakMap()
     this.missesSinceSeen = 0
 
-    /** @type {{ disableInline?: Boolean, disableInterpretedOptimization?: Boolean, enableObjectAccumulators?: boolean, maxArrayLength?: number, maxStringLength?: number }} */
-    this.options = { disableInline: options.disableInline, disableInterpretedOptimization: options.disableInterpretedOptimization, enableObjectAccumulators: options.enableObjectAccumulators || false, maxArrayLength: options.maxArrayLength || (1 << 15), maxStringLength: options.maxStringLength || (1 << 16) }
+    /** @type {{ disableInline?: Boolean, disableInterpretedOptimization?: Boolean, maxDepth?: number, maxArrayLength?: number, maxStringLength?: number }} */
+    this.options = { disableInline: options.disableInline, disableInterpretedOptimization: options.disableInterpretedOptimization, maxDepth: options.maxDepth || 0, maxArrayLength: options.maxArrayLength || (1 << 15), maxStringLength: options.maxStringLength || (1 << 16) }
     if (!this.isData) {
       if (!options.permissive) this.isData = () => false
       else this.isData = (data, key) => !(key in this.methods)
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "json-logic-engine",
-  "version": "5.0.2",
+  "version": "5.0.3",
   "description": "Construct complex rules with JSON & process them.",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
diff --git a/suites/additional.json b/suites/additional.json
@@ -78,27 +78,27 @@
         "result": 1
     },
     {
-      "description": "Throws when you try to use reduce with an array as the accumulator (Default)",
-      "rule": { "reduce": [[1,2,3], 0, []] },
-      "error": { "type": "Invalid Return" },
+      "description": "Throws when you try to use reduce with an array as the accumulator beyond allowed depth (Default)",
+      "rule": { "reduce": [[1,2,3], 0, [[]]] },
+      "error": { "type": "Exceeded Allowed Depth" },
       "data": null
     },
     {
-      "description": "Throws when you try to use reduce with an array as the accumulator (Return)",
-      "rule": { "reduce": [[1,2,3], []] },
-      "error": { "type": "Invalid Return" },
+      "description": "Throws when you try to use reduce with an array as the accumulator beyond allowed depth (Return)",
+      "rule": { "reduce": [[1,2,3], [[]]] },
+      "error": { "type": "Exceeded Allowed Depth" },
       "data": null
     },
     {
-      "description": "Throws when you try to use reduce with an object as the accumulator (Default)",
-      "rule": { "reduce": [[1,2,3], 0, {}] },
-      "error": { "type": "Invalid Return" },
+      "description": "Throws when you try to use reduce with an array as the accumulator beyond allowed depth (Return 2)",
+      "rule": { "reduce": [[1,2,3], [{}]] },
+      "error": { "type": "Exceeded Allowed Depth" },
       "data": null
     },
     {
-      "description": "Throws when you try to use reduce with an object as the accumulator (Return)",
-      "rule": { "reduce": [[1,2,3], {}] },
-      "error": { "type": "Invalid Return" },
+      "description": "Throws when you try to use reduce with an array as the accumulator beyond allowed depth (Return 3)",
+      "rule": { "reduce": [[1,2,3], { "preserve": { "a": [] } }] },
+      "error": { "type": "Exceeded Allowed Depth" },
       "data": null
     }
 ]
diff --git a/utilities/downgrade.js b/utilities/downgrade.js
@@ -21,16 +21,34 @@ export function assertSize (arr, size) {
 }
 
 /**
- * Asserts that an item is not of a certain type.
- * Treats null as its own type, "null".
- * The main use-case for this is to prevent reduce from returning objects.
- * @param {*} item
- * @param {string} type
+ * Asserts that an object has a certain allowed depth.
  */
-export function assertNotType (item, type = 'object', error = 'Invalid Return') {
-  const typeOfItem = item === null ? 'null' : typeof item
-  // eslint-disable-next-line no-throw-literal
-  if (typeOfItem === type) throw { type: error }
+export function assertAllowedDepth (item, depthAllowed = 0) {
+  if (!item) return item
+  if (depthAllowed === Infinity) return item
+  if (typeof item !== 'object') return item
+
+  // checks for depthAllowed levels of depth being objects
+  if (Array.isArray(item)) {
+    for (let i = 0; i < item.length; i++) {
+      if (typeof item[i] === 'object' && item[i]) {
+        // eslint-disable-next-line no-throw-literal
+        if (depthAllowed === 0) throw { type: 'Exceeded Allowed Depth' }
+        assertAllowedDepth(item[i], depthAllowed - 1)
+      }
+    }
+  } else {
+    const keys = Object.keys(item)
+    for (let i = 0; i < keys.length; i++) {
+      const val = item[keys[i]]
+      if (typeof val === 'object' && val) {
+        // eslint-disable-next-line no-throw-literal
+        if (depthAllowed === 0) throw { type: 'Exceeded Allowed Depth' }
+        assertAllowedDepth(val, depthAllowed - 1)
+      }
+    }
+  }
+
   return item
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "json-logic-engine",`
`3`		`- "version": "5.0.2",`
	`3`	`+ "version": "5.0.3",`
`4`	`4`	`"description": "Construct complex rules with JSON & process them.",`
`5`	`5`	`"main": "./dist/cjs/index.js",`
`6`	`6`	`"module": "./dist/esm/index.js",`