Description
The mysql.createconnection function is re-assigning the config.ssl parameter.
ESLint does a good job of explaining why to avoid this:
Assignment to variables declared as function parameters can be misleading and lead to confusing behavior, as modifying function parameters will also mutate the arguments object. Often, assignment to function parameters is unintended and indicative of a mistake or programmer error.
Since the mysql eslint rules do not disable no-param-reassign, I am assuming this was unintended. Also, the documentation only states that:
When connecting to other servers, you will need to provide an object of options, in the same format as tls.createSecureContext.
It does not state that the default will be rejectUnauthorized: true.
My particular scenario was trying to combine createconnection({ ssl: {} }) and using NODE_TLS_REJECT_UNAUTHORIZED to control the allow/reject.
Environment:
Windows 10
Node 13.5.0
mysql 2.18.1
Source Code
const mysql = require('mysql');
const config = {
ssl: {},
};
console.log('config before', config);
mysql.createConnection(config);
console.log('config after', config);
Expected Output:
config before { ssl: {} }
config after{ ssl: {} }
Actual Output:
config before { ssl: {} }
config after { ssl: { rejectUnauthorized: true } }