Merge branch 'master' into SNOW-872482-peer-certificate

.eslintrc.js

@@ -12,9 +12,15 @@ module.exports = {
     'ecmaVersion': 'latest'
   },
   'rules': {
+    'array-bracket-spacing': ['warn'],
+    'arrow-spacing': ['warn'],
+    'block-spacing': ['warn'],
     'brace-style': ['warn', '1tbs'],
+    'comma-spacing': ['warn'],
     'curly': ['warn', 'all'],
     'indent': ['warn', 2],
+    'key-spacing': ['warn'],
+    'keyword-spacing': ['warn'],
     'linebreak-style': ['warn', 'unix'],
     'no-async-promise-executor': ['warn'],
     'no-console': ['warn', { 'allow': ['warn', 'error'] }],
@@ -31,8 +37,16 @@ module.exports = {
     'no-useless-catch': ['warn'],
     'no-useless-escape': ['warn'],
     'no-var': ['warn'],
+    'object-curly-spacing': ['warn', 'always'],
     'prefer-const': ['warn'],
     'quotes': ['warn', 'single'],
-    'semi': ['warn', 'always']
+    'semi': ['warn', 'always'],
+    'semi-spacing': ['warn'],
+    'space-before-function-paren': ['warn', {
+      'anonymous': 'always',
+      'named': 'never',
+      'asyncArrow': 'always',
+    }],
+    'space-infix-ops': ['warn'],
   }
 };

.github/workflows/build-test.yml

@@ -114,7 +114,7 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                image: [ 'nodejs-centos7-node14']
+                image: [ 'nodejs-centos7-node14', 'nodejs-centos7-fips']
                 cloud: [ 'AWS', 'AZURE', 'GCP' ]
         steps:
             - uses: actions/checkout@v1

.github/workflows/snyk-pr.yml

@@ -3,29 +3,36 @@ on:
   pull_request:
     branches:
       - master
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
 jobs:
-  whitesource:
+  snyk:
+    permissions: write-all
     runs-on: ubuntu-latest
     if: ${{ github.event.pull_request.user.login == 'sfc-gh-snyk-sca-sa' }}
     steps:
-    - name: checkout
-      uses: actions/checkout@v3
-      with:
-        ref: ${{ github.event.pull_request.head.ref }}
-        fetch-depth: 0
+      - name: checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          fetch-depth: 0
 
-    - name: checkout action
-      uses: actions/checkout@v3
-      with:
-        repository: snowflakedb/whitesource-actions
-        token: ${{ secrets.WHITESOURCE_ACTION_TOKEN }}
-        path: whitesource-actions
+      - name: checkout action
+        uses: actions/checkout@v3
+        with:
+          repository: snowflakedb/whitesource-actions
+          token: ${{ secrets.WHITESOURCE_ACTION_TOKEN }}
+          path: whitesource-actions
 
-    - name: PR
-      uses: ./whitesource-actions/snyk-pr
-      env:
-        PR_TITLE: ${{ github.event.pull_request.title }}
-      with:
-        jira_token: ${{ secrets.JIRA_TOKEN_PUBLIC_REPO }}
-        gh_token: ${{ secrets.GITHUB_TOKEN }}
-        amend: false # true if you want the commit to be amended with the JIRA number
+      - name: PR
+        uses: ./whitesource-actions/snyk-pr
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        with:
+          jira_token: ${{ secrets.JIRA_TOKEN_PUBLIC_REPO }}
+          gh_token: ${{ secrets.GITHUB_TOKEN }}
+          amend: false # true if you want the commit to be amended with the JIRA number

ci/image/Dockerfile.nodejs-centos7-fips-test

@@ -35,29 +35,49 @@ SHELL [ "/usr/bin/scl", "enable", "devtoolset-8"]
 
 # node-fips environment variables
 ENV NODE_HOME $HOME/node
-ENV NODEJS_VERSION 14.0.0
-ENV FIPSDIR $HOME/install-openssl-fips
-ENV OPENSSL_VERSION 2.0.16
+ENV NODEJS_VERSION 18.17.0
+ENV OPENSSL_VERSION 3.0.8
+ENV PKG_CONFIG_PATH "/usr/local/lib64/pkgconfig"
+ENV LD_LIBRARY_PATH "${LD_LIBRARY_PATH}:/usr/local/lib64"
+ENV OPENSSL_CONF /usr/local/ssl/openssl.cnf
+ENV FIPSCONF /usr/local/ssl/fipsmodule.cnf
+ENV OPENSSL_MODULES=/usr/local/lib64/ossl-modules
 
-# Install OpenSSL 
+# Install OpenSSL
 RUN cd $HOME
-RUN curl https://www.openssl.org/source/openssl-fips-$OPENSSL_VERSION.tar.gz -o $HOME/openssl-fips-$OPENSSL_VERSION.tar.gz
+RUN curl https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz -o $HOME/openssl-fips-$OPENSSL_VERSION.tar.gz
 RUN tar -xvf $HOME/openssl-fips-$OPENSSL_VERSION.tar.gz
-RUN mv openssl-fips-$OPENSSL_VERSION $HOME/openssl-fips
+RUN mv openssl-$OPENSSL_VERSION $HOME/openssl-fips
 RUN cd $HOME/openssl-fips
-
+
+# Install OpenSSL dependencies
+RUN yum -y install perl-IPC-Cmd
+RUN yum -y install perl-Digest-SHA
+RUN yum -y install openssl-devel
+
 # You must run ONLY these commands when building the FIPS version of OpenSSL
-RUN cd $HOME/openssl-fips && ./config && make && make install
-
+RUN cd $HOME/openssl-fips && ./config enable-fips && make && make install
+
+# Enable FIPS by editing the openssl.cnf file
+RUN sed -i "s/openssl_conf = openssl_init/nodejs_conf = openssl_init/g" $OPENSSL_CONF
+RUN sed -i "s/# .include fipsmodule.cnf/.include ${FIPSCONF//\//\\/}/g" $OPENSSL_CONF
+RUN sed -i 's/# fips = fips_sect/fips = fips_sect/g' $OPENSSL_CONF
+RUN sed -i 's/# activate = 1/activate = 1/g' $OPENSSL_CONF
+RUN sed -i '55ialg_section = algorithm_sect' $OPENSSL_CONF
+RUN sed -i '75idefault_properties = fips=yes' $OPENSSL_CONF
+RUN sed -i '75i[algorithm_sect]' $OPENSSL_CONF
+
 # Download and build NodeJS
 RUN git clone --branch v$NODEJS_VERSION https://github.com/nodejs/node.git $NODE_HOME
 RUN gcc --version
 RUN g++ --version
-RUN cd $NODE_HOME && ./configure --openssl-fips=$FIPSDIR && make -j2 &> /dev/null && make install
+RUN cd $NODE_HOME && ./configure --shared-openssl --shared-openssl-libpath=/usr/local/lib64 --shared-openssl-includes=/usr/local/include/openssl --openssl-is-fips && make -j2 &> /dev/null && make install
 # Should be $NODEJS_VERSION
 RUN node --version
 # Should be $OPENSSL_VERSION
 RUN node -p "process.versions.openssl"
+# Should be 1 (FIPS is enabled by default)
+RUN node -p 'crypto.getFips()'
 
 # workspace
 RUN mkdir -p /home/user

lib/connection/connection_config.js

@@ -48,7 +48,9 @@ const DEFAULT_PARAMS =
   'validateDefaultParameters',
   'arrayBindingThreshold',
   'gcsUseDownscopedCredential',
-  'forceStageBindError'
+  'forceStageBindError',
+  'includeRetryReason',
+  'disableQueryContextCache',
 ];
 
 function consolidateHostAndAccount(options)
@@ -468,6 +470,14 @@ function ConnectionConfig(options, validateCredentials, qaMode, clientInfo)
     forceStageBindError = options.forceStageBindError;
   }
 
+  let disableQueryContextCache = false;
+  if (Util.exists(options.disableQueryContextCache)) {
+    Errors.checkArgumentValid(Util.isBoolean(options.disableQueryContextCache),
+    ErrorCodes.ERR_CONN_CREATE_INVALID_DISABLED_QUERY_CONTEXT_CACHE);
+
+    disableQueryContextCache = options.disableQueryContextCache;
+  }
+
   if (validateDefaultParameters)
   {
     for (const [key] of Object.entries(options))
@@ -484,6 +494,14 @@ function ConnectionConfig(options, validateCredentials, qaMode, clientInfo)
     }
   }
 
+  let includeRetryReason = true;
+  if (Util.exists(options.includeRetryReason)) {
+    Errors.checkArgumentValid(Util.isBoolean(options.includeRetryReason),
+    ErrorCodes.ERR_CONN_CREATE_INVALID_INCLUDE_RETRY_REASON);
+
+    includeRetryReason = options.includeRetryReason;
+  }
+
   /**
    * Returns an object that contains information about the proxy hostname, port,
    * etc. for when http requests are made.
@@ -747,6 +765,24 @@ function ConnectionConfig(options, validateCredentials, qaMode, clientInfo)
     return forceStageBindError;
   };
 
+  /**
+   * Returns whether the Retry reason is included or not in the retry url
+   *    
+   * @returns {Boolean}
+   */
+  this.getIncludeRetryReason = function () {
+    return includeRetryReason;
+  }
+
+  /** 
+   * Returns whether the Query Context Cache is enabled or not by the configuration
+   *
+   * @returns {Boolean}
+   */
+  this.getDisableQueryContextCache = function () {
+    return disableQueryContextCache;
+  }
+
   // save config options
   this.username = options.username;
   this.password = options.password;

lib/connection/result/result.js

@@ -53,6 +53,7 @@ function Result(options) {
   this._returnedRows = data.returned;
   this._totalRows = data.total;
   this._statementTypeId = data.statementTypeId;
+  this._queryContext = data.queryContext;
 
   // if no chunk headers were specified, but a query-result-master-key (qrmk)
   // was specified, build the chunk headers from the qrmk
@@ -73,7 +74,7 @@ function Result(options) {
 
   // convert the parameters array to a map
   parametersMap = {};
-  parametersArray = data.parameters;
+  parametersArray = data.parameters || [];
   for (index = 0, length = parametersArray.length; index < length; index++) {
     parameter = parametersArray[index];
     parametersMap[parameter.name] = parameter.value;
@@ -125,6 +126,10 @@ function Result(options) {
     this._statement,
     this._services);
 
+  this.getQueryContext = function () {
+    return this._queryContext;
+  }
+
   /* Disable the ChunkCache until the implementation is complete.
    * 
    *   // create a chunk cache and save a reference to it in case we need to

lib/connection/statement.js

@@ -576,6 +576,15 @@ function BaseStatement(
     sendCancelStatement(context, statement, callback);
   };
 
+  //Integration Testing purpose.
+  this.getQueryContextCacheSize = function () {
+    return services.sf.getQueryContextCacheSize();
+  }
+
+  this.getQueryContextDTOSize = function () {
+    return services.sf.getQueryContextDTO().entries.length;
+  }
+
   /**
    * Issues a request to get the statement result again.
    *
@@ -806,8 +815,9 @@ function createOnStatementRequestSuccRow(statement, context)
             connectionConfig: context.connectionConfig,
             rowMode: context.rowMode
           });
-        // save the query id
+
         context.queryId = context.result.getQueryId();
+        this.services.sf.deserializeQueryContext(context.result.getQueryContext());
       }
     }
     else
@@ -1334,6 +1344,10 @@ function sendRequestPreExec(statementContext, onResultAvailable)
     json.isInternal = statementContext.internal;
   }
 
+  if(!statementContext.disableQueryContextCache){
+    json.queryContextDTO = statementContext.services.sf.getQueryContextDTO();
+  }
+
   // use the snowflake service to issue the request
   sendSfRequest(statementContext,
     {
@@ -1389,6 +1403,10 @@ this.sendRequest = function (statementContext, onResultAvailable)
     json.isInternal = statementContext.internal;
   }
 
+  if(!statementContext.disableQueryContextCache){
+    json.queryContextDTO = statementContext.services.sf.getQueryContextDTO();
+  }
+
   var options =
   {
     method: 'POST',
@@ -1562,6 +1580,7 @@ function sendSfRequest(statementContext, options, appendQueryParamOnRetry)
   var numRetries = 0;
   var maxNumRetries = connectionConfig.getRetrySfMaxNumRetries();
   var sleep = connectionConfig.getRetrySfStartingSleepTime();
+  let lastStatusCodeForRetry;
 
   // create a function to send the request
   var sendRequest = function ()
@@ -1570,7 +1589,14 @@ function sendSfRequest(statementContext, options, appendQueryParamOnRetry)
     // retry, update the url
     if ((numRetries > 0) && appendQueryParamOnRetry)
     {
-      options.url = Util.url.appendParam(urlOrig, 'retry', true);
+      const retryOption = {
+        url: urlOrig,
+        retryCount: numRetries,
+        retryReason: lastStatusCodeForRetry,
+        includeRetryReason: connectionConfig.getIncludeRetryReason(),
+      }
+
+      options.url = Util.url.appendRetryParam(retryOption);
     }
 
     sf.request(options);
@@ -1588,6 +1614,7 @@ function sendSfRequest(statementContext, options, appendQueryParamOnRetry)
     {
       // increment the retry count
       numRetries++;
+      lastStatusCodeForRetry = err.response ? err.response.statusCode : 0
 
       // use exponential backoff with decorrelated jitter to compute the
       // next sleep time.

lib/constants/error_messages.js

@@ -64,6 +64,8 @@ exports[404037] = 'Invalid arrayBindingThreshold. The specified value must be a
 exports[404038] = 'Invalid gcsUseDownscopedCredential. The specified value must be a boolean.';
 exports[404039] = 'Invalid forceStageBindError. The specified value must be a number.';
 exports[404040] = 'Invalid browser timeout value. The specified value must be a positive number.';
+exports[404041] = 'Invalid disablQueryContextCache. The specified value must be a boolean.';
+exports[404042] = 'Invalid includeRetryReason. The specified value must be a boolean.'
 
 // 405001
 exports[405001] = 'Invalid callback. The specified value must be a function.';

lib/errors.js

@@ -69,6 +69,8 @@ codes.ERR_CONN_CREATE_INVALID_ARRAY_BINDING_THRESHOLD = 404037;
 codes.ERR_CONN_CREATE_INVALID_GCS_USE_DOWNSCOPED_CREDENTIAL = 404038;
 codes.ERR_CONN_CREATE_INVALID_FORCE_STAGE_BIND_ERROR = 404039;
 codes.ERR_CONN_CREATE_INVALID_BROWSER_TIMEOUT = 404040;
+codes.ERR_CONN_CREATE_INVALID_DISABLED_QUERY_CONTEXT_CACHE = 404041
+codes.ERR_CONN_CREATE_INVALID_INCLUDE_RETRY_REASON =404042
 
 // 405001
 codes.ERR_CONN_CONNECT_INVALID_CALLBACK = 405001;

lib/parameters.js

@@ -60,6 +60,7 @@ names.CLIENT_SESSION_KEEP_ALIVE_HEARTBEAT_FREQUENCY = 'CLIENT_SESSION_KEEP_ALIVE
 names.JS_TREAT_INTEGER_AS_BIGINT = 'JS_TREAT_INTEGER_AS_BIGINT';
 names.CLIENT_STAGE_ARRAY_BINDING_THRESHOLD = 'CLIENT_STAGE_ARRAY_BINDING_THRESHOLD';
 names.MULTI_STATEMENT_COUNT = 'MULTI_STATEMENT_COUNT';
+names.QUERY_CONTEXT_CACHE_SIZE = 'QUERY_CONTEXT_CACHE_SIZE';
 
 var parameters =
   [
@@ -106,6 +107,12 @@ var parameters =
         value: 1,
         desc: 'When 1, multi statement is disable, when 0, multi statement is unlimited'
       }),
+    new Parameter(
+      {
+        name: names.QUERY_CONTEXT_CACHE_SIZE,
+        value: 5,
+        desc: 'Query Context Cache Size'
+      }),
   ];
 
 // put all the parameters in a map so they're easy to retrieve and update