express-mongo-sanitize - npm Package Compare versions

express-mongo-sanitize

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.3.0 to 1.3.1

CHANGELOG.md

		@@ -5,2 +5,7 @@ # Change Log

		## [1.3.1] - 2017-01-12
		### Fixed
		- Fixed an issue with objects containing prohibited keys nested inside other objects with prohibited keys. #2
		- Added a more robust check for plain objects.

		## [1.3.0] - 2016-01-15
		@@ -22,4 +27,5 @@ ### Added

		[1.3.1]: https://github.com/fiznool/express-mongo-sanitize/compare/v1.3.0...v1.3.1
		[1.3.0]: https://github.com/fiznool/express-mongo-sanitize/compare/v1.2.0...v1.3.0
		[1.2.0]: https://github.com/fiznool/express-mongo-sanitize/compare/v1.1.0...v1.2.0
		[1.1.0]: https://github.com/fiznool/express-mongo-sanitize/compare/v1.0.0...v1.1.0

index.js

		@@ -6,3 +6,11 @@ 'use strict';

		var withEach = function(target, cb) {
		function isPlainObject(obj) {
		if(obj === null \|\| typeof obj !== 'object') {
		return false;
		}
		var proto = Object.getPrototypeOf(obj);
		return proto === Object.prototype \|\| proto === null;
		}

		function withEach(target, cb) {
		var act = function(obj) {
		@@ -12,8 +20,8 @@ if(Array.isArray(obj)) {

		} else if(obj instanceof Object) {
		} else if(isPlainObject(obj)) {
		Object.keys(obj).forEach(function(key) {
		var val = obj[key];
		var shouldRecurse = cb(obj, val, key);
		if(shouldRecurse) {
		act(obj[key]);
		var resp = cb(obj, val, key);
		if(resp.shouldRecurse) {
		act(obj[resp.key \|\| key]);
		}
		@@ -25,5 +33,5 @@ });
		act(target);
		};
		}

		var has = function(target) {
		function has(target) {
		var hasProhibited = false;
		@@ -33,5 +41,5 @@ withEach(target, function(obj, val, key) {
		hasProhibited = true;
		return false;
		return { shouldRecurse: false };
		} else {
		return true;
		return { shouldRecurse: true };
		}
		@@ -41,5 +49,5 @@ });
		return hasProhibited;
		};
		}

		var sanitize = function(target, options) {
		function sanitize(target, options) {
		options = options \|\| {};
		@@ -58,3 +66,4 @@
		if(replaceWith) {
		obj[key.replace(REPLACE_REGEX, replaceWith)] = val;
		key = key.replace(REPLACE_REGEX, replaceWith);
		obj[key] = val;
		} else {
		@@ -65,9 +74,12 @@ shouldRecurse = false;

		return shouldRecurse;
		return {
		shouldRecurse: shouldRecurse,
		key: key
		};
		});

		return target;
		};
		}

		var middleware = function(options) {
		function middleware(options) {
		return function(req, res, next) {
		@@ -81,3 +93,3 @@ ['body', 'params', 'query'].forEach(function(k) {
		};
		};
		}

		@@ -84,0 +96,0 @@ module.exports = middleware;

package.json

		{
		"name": "express-mongo-sanitize",
		"version": "1.3.0",
		"version": "1.3.1",
		"description": "Sanitize your express payload to prevent MongoDB operator injection.",
		@@ -31,10 +31,8 @@ "main": "index.js",
		"devDependencies": {
		"body-parser": "^1.14.1",
		"express": "^4.13.3",
		"mocha": "^2.3.3",
		"supertest": "^1.1.0"
		},
		"dependencies": {
		"chai": "^3.4.1"
		"body-parser": "^1.15.2",
		"chai": "^3.5.0",
		"express": "^4.14.0",
		"mocha": "^3.2.0",
		"supertest": "^2.0.1"
		}
		}

test.js

		@@ -348,2 +348,29 @@ 'use strict';
		});

		describe('Nested Object inside one with prohibited chars', function() {
		it('should sanitize a nested object inside one with prohibited chars in a JSON body', function(done) {
		request(app)
		.post('/body')
		.send({
		username: {
		$gt: 'foo',
		'dotted.data': {
		'more.dotted.data': 'some_data'
		}
		}
		})
		.set('Content-Type', 'application/json')
		.set('Accept', 'application/json')
		.expect(200, {
		body: {
		username: {
		_gt: 'foo',
		dotted_data: {
		'more_dotted_data': 'some_data'
		}
		}
		}
		}, done);
		});
		});
		});
		@@ -350,0 +377,0 @@

.travis.yml

Sorry, the diff of this file is not supported yet

Improved metrics

Worsened metrics

Dependency changes