🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more

express-mongo-sanitize

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-mongo-sanitize

Sanitize your express payload to prevent MongoDB operator injection.

2.2.0
latest
Version published
Weekly downloads
190K
-5.06%
Maintainers
1
Weekly downloads
 
Created

What is express-mongo-sanitize?

The express-mongo-sanitize npm package is designed to prevent MongoDB Operator Injection attacks by sanitizing user-supplied data. It removes any keys that start with '$' or contain a '.' from objects, which are common vectors for injection attacks.

What are express-mongo-sanitize's main functionalities?

Sanitize Request Body

This feature sanitizes the request body to remove any keys that start with '$' or contain a '.', preventing MongoDB Operator Injection attacks.

const express = require('express');
const mongoSanitize = require('express-mongo-sanitize');

const app = express();

// Middleware to sanitize request body
app.use(express.json());
app.use(mongoSanitize());

app.post('/data', (req, res) => {
  res.send('Data received safely');
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

Sanitize Request Query

This feature sanitizes the request query parameters to remove any keys that start with '$' or contain a '.', replacing them with an underscore ('_').

const express = require('express');
const mongoSanitize = require('express-mongo-sanitize');

const app = express();

// Middleware to sanitize request query
app.use(mongoSanitize.sanitize({
  replaceWith: '_'
}));

app.get('/search', (req, res) => {
  res.send('Query sanitized');
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

Sanitize Request Params

This feature sanitizes the request parameters to remove any keys that start with '$' or contain a '.', and logs a warning when a key is sanitized.

const express = require('express');
const mongoSanitize = require('express-mongo-sanitize');

const app = express();

// Middleware to sanitize request params
app.use(mongoSanitize.sanitize({
  onSanitize: ({ req, key }) => {
    console.warn(`This request[${key}] is sanitized`, req);
  }
}));

app.get('/user/:id', (req, res) => {
  res.send('Params sanitized');
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});

Other packages similar to express-mongo-sanitize

FAQs

Package last updated on 14 Jan 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts