fix(cache): improve cache key serialization (#2424)

* fix(cache): improve cache key formation. Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab

Author: wellwelwel

lib/parsers/parser_cache.js

@@ -3,26 +3,38 @@
 const LRU = require('lru-cache').default;
 
 const parserCache = new LRU({
-  max: 15000
+  max: 15000,
 });
 
 function keyFromFields(type, fields, options, config) {
-  let res =
-    `${type}` +
-    `/${typeof options.nestTables}` +
-    `/${options.nestTables}` +
-    `/${options.rowsAsArray}` +
-    `/${options.supportBigNumbers || config.supportBigNumbers}` +
-    `/${options.bigNumberStrings || config.bigNumberStrings}` +
-    `/${typeof options.typeCast}` +
-    `/${options.timezone || config.timezone}` +
-    `/${options.decimalNumbers}` +
-    `/${options.dateStrings}`;
+  const res = [
+    type,
+    typeof options.nestTables,
+    options.nestTables,
+    Boolean(options.rowsAsArray),
+    Boolean(options.supportBigNumbers || config.supportBigNumbers),
+    Boolean(options.bigNumberStrings || config.bigNumberStrings),
+    typeof options.typeCast,
+    options.timezone || config.timezone,
+    Boolean(options.decimalNumbers),
+    options.dateStrings,
+  ];
+
   for (let i = 0; i < fields.length; ++i) {
     const field = fields[i];
-    res += `/${field.name}:${field.columnType}:${field.length}:${field.schema}:${field.table}:${field.flags}:${field.characterSet}`;
+
+    res.push([
+      field.name,
+      field.columnType,
+      field.length,
+      field.schema,
+      field.table,
+      field.flags,
+      field.characterSet,
+    ]);
   }
-  return res;
+
+  return JSON.stringify(res, null, 0);
 }
 
 function getParser(type, fields, options, config, compiler) {
@@ -49,5 +61,6 @@ function clearCache() {
 module.exports = {
   getParser: getParser,
   setMaxCache: setMaxCache,
-  clearCache: clearCache
+  clearCache: clearCache,
+  _keyFromFields: keyFromFields,
 };