Security News
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom Payments Within 24 Hours
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
HapiJS request sanitizer.
Weekly downloads
Readme
A Hapi v17+ plugin to sanitize a route query, payload and params. This was heavily inspired by Disinfect (https://github.com/genediazjr/disinfect). Motivation for this plugin came about as Disinfect was not v17+ compatible.
The plugin can be used:
await server.register({
plugin: require('avert'),
options: {
// boolean parameters
removeWhitespace: true,
removeNonExistent: true,
removeDollarSign: true,
escapeDollarSign: false,
removeCurlyBracket: false,
escapeCurlyBracket: true,
avertQuery: true,
avertParams: true,
avertPayload: true,
// function parameters
genericCustomSanitizer: function() {},
queryCustomSanitizer: function() {},
paramCustomSanitizer: function() {},
payloadCustomSanitizer: function() {}
}
});
Any of the options can be disregarded. Also, we can either '''removeDollarSign''' or '''escapeDollarSign'''. Not both. If both are set to true, then "remove" takes precedence. Same logic applies for Curly Brackets.
request object -> sanitize -> generic sanitizer function -> query, params and/or payload specific sanitizer function -> (if true) remove white space -> (if true) remove null -> (if true) remove dollar sign OR escape dollar sign -> (if true) remove curly or escape curly brackets -> sanitized object returned.
Custom sanitizer function(s) needs to return a sanitized object as final result.
server.route({
method: 'GET',
path: '/disabled',
handler: (request, h) => {
return request.query;
},
options: {
plugins: {
avert: false
}
}
});
To use the plugin on a specific route:
server.route({
method: 'GET',
path: '/queryTestPerRoute',
handler: (request, h) => {
return request.query;
},
options: {
plugins: {
avert: {
removeNonExistent: true
}
}
}
});
FAQs
HapiJS request sanitizer.
The npm package avert receives a total of 1,323 weekly downloads. As such, avert popularity was classified as popular.
We found that avert demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
Security News
Redis is no longer OSS, breaking its explicit commitment to remain under the BSD 3-Clause License forever. This has angered contributors who are now working to fork the software.
Product
Socket AI now enables 'AI detected potential malware' alerts by default, ensuring users benefit from AI-powered state-of-the-art malware detection without needing to opt-in.