express-mongo-sanitize - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

index.js

@@ -9,3 +9,3 @@ 'use strict';
     Object.keys(val).forEach(function(key) {
-      if (/^\$/.test(key)) {
+      if (/^\$|\./.test(key)) {
         delete val[key];
@@ -21,3 +21,5 @@ } else {
 
-var middleware = function() {
+var middleware = function(options) {
+  options = options || {};
+
   return function(req, res, next) {
@@ -24,0 +26,0 @@ ['body', 'params', 'query'].forEach(function(k) {

package.json

 {
   "name": "express-mongo-sanitize",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Sanitize your express payload to prevent MongoDB operator injection.",
@@ -5,0 +5,0 @@ "main": "index.js",

test.js

@@ -29,3 +29,3 @@ 'use strict';
       request(app)
-        .get('/query?q=search&$where=malicious')
+        .get('/query?q=search&$where=malicious&dotted.data=some_data')
         .set('Accept', 'application/json')
@@ -48,3 +48,4 @@ .expect(200, {
           stop: undefined,
-          $where: 'malicious'
+          $where: 'malicious',
+          'dotted.data': 'some_data'
         })
@@ -66,3 +67,3 @@ .set('Content-Type', 'application/json')
         .post('/body')
-        .send('q=search&$where=malicious')
+        .send('q=search&$where=malicious&dotted.data=some_data')
         .set('Content-Type', 'application/x-www-form-urlencoded')
@@ -81,3 +82,3 @@ .set('Accept', 'application/json')
       request(app)
-        .get('/query?username[$gt]=')
+        .get('/query?username[$gt]=foo&username[dotted.data]=some_data')
         .set('Accept', 'application/json')
@@ -95,3 +96,6 @@ .expect(200, {
         .send({
-          username: { $gt: '' }
+          username: {
+            $gt: 'foo',
+            'dotted.data': 'some_data'
+          }
         })
@@ -110,3 +114,3 @@ .set('Content-Type', 'application/json')
         .post('/body')
-        .send('username[$gt]=')
+        .send('username[$gt]=foo&username[dotted.data]=some_data')
         .set('Content-Type', 'application/x-www-form-urlencoded')
@@ -125,3 +129,3 @@ .set('Accept', 'application/json')
       request(app)
-        .get('/query?username[0][$gt]=')
+        .get('/query?username[0][$gt]=foo&username[0][dotted.data]=some_data')
         .set('Accept', 'application/json')
@@ -139,3 +143,6 @@ .expect(200, {
         .send({
-          username: [{ $gt: '' }]
+          username: [{
+            $gt: 'foo',
+            'dotted.data': 'some_data'
+          }]
         })
@@ -154,3 +161,3 @@ .set('Content-Type', 'application/json')
         .post('/body')
-        .send('username[0][$gt]=')
+        .send('username[0][$gt]=foo&username[0][dotted.data]=some_data')
         .set('Content-Type', 'application/x-www-form-urlencoded')
@@ -157,0 +164,0 @@ .set('Accept', 'application/json')

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9630

increased by9.15%

Number of package files

9

increased by12.5%

Lines of code

178

increased by4.71%

No dependency changes