New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

express-validator

Package Overview
Dependencies
Maintainers
1
Versions
125
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-validator - npm Package Compare versions

Comparing version
0.3.2
 to
0.4.0
.npmignore

Sorry, the diff of this file is not supported yet

+62
test/bodyOnly.js
var assert = require('assert');
var async = require('async');
var App = require('./helpers/app');
var req = require('./helpers/req');
var port = process.env.NODE_HTTP_PORT || 8888;
var url = 'http://localhost:' + port;
// There are three ways to pass parameters to express:
// - as part of the URL
// - as GET parameter in the querystring
// - as POST parameter in the body
// These test show that req.checkBody are only interested in req.body values, all other
// parameters will be ignore.
var errorMessage = 'Parameter is not an integer';
var validation = function(req, res) {
req.checkBody('testparam', errorMessage).notEmpty().isInt();
var errors = req.validationErrors();
if (errors) {
res.json(errors);
return;
}
res.json({testparam: req.body.testparam});
};
var app = new App(port, validation);
app.start();
function fail(count) {
return function(body) {
assert.equal(body.length, count);
assert.deepEqual(body[0].msg, errorMessage);
}
}
function pass(body) {
assert.deepEqual(body, {testparam: 123});
}
var tests = [
// Test URL param this should always fail because it ONLY looks at the body and it fails both notEmpty() and isInt()
async.apply(req, 'get', url + '/test', fail(2)),
async.apply(req, 'get', url + '/123', fail(2)),
async.apply(req, 'post', url + '/test', fail(2)),
async.apply(req, 'post', url + '/123', fail(2)),
// Test POST param
async.apply(req, 'post', url + '/test?testparam=gettest', fail(2)),
async.apply(req, 'post', url + '/123?testparam=123', fail(2)),
async.apply(req, 'post', url + '/123?testparam=123', {json: {testparam: 'posttest'}}, fail(1)),
async.apply(req, 'post', url + '/?testparam=test', {json: {testparam: 123}}, pass),
async.apply(req, 'post', url + '/?testparam=123', {json: {testparam: 'posttest'}}, fail(1)),
async.apply(req, 'post', url + '/', {json: {testparam: 'test'}}, fail(1)),
async.apply(req, 'post', url + '/', {json: {testparam: 123}}, pass)
]
async.parallel(tests, function(err) {
assert.ifError(err);
app.stop();
console.log('All %d tests passed.', tests.length);
});
+34
-26
lib/express_validator.js

@@ -6,6 +6,4 @@ /*

*
* 1. Be sure to include `req.mixinParams()` as middleware to merge
* query string, body and named parameters into `req.params`
*
* 2. To validate parameters, use `req.check(param_name, [err_message])`
* 1. To validate parameters, use `req.check(param_name, [err_message])`
* e.g. req.check('param1').len(1, 6).isInt();

@@ -18,7 +16,7 @@ * e.g. req.checkHeader('referer').contains('mydomain.com');

*
* 3. To sanitize parameters, use `req.sanitize(param_name)`
* 2. To sanitize parameters, use `req.sanitize(param_name)`
* e.g. req.sanitize('large_text').xss();
* e.g. req.sanitize('param2').toInt();
*
* 4. Done! Access your validated and sanitized paramaters through the
* 3. Done! Access your validated and sanitized paramaters through the
* `req.params` object

@@ -32,23 +30,5 @@ */

var expressValidator = function(req, res, next) {
function checkParam(req, getter) {
return function(param, fail_msg) {
req.updateParam = function(name, value) {
// route params like /user/:id
if (this.params && this.params.hasOwnProperty(name) &&
undefined !== this.params[name]) {
return this.params[name] = value;
}
// query string params
if (undefined !== this.query[name]) {
return this.query[name] = value;
}
// request body params via connect.bodyParser
if (this.body && undefined !== this.body[name]) {
return this.body[name] = value;
}
return false;
};
req.check = function(param, fail_msg) {
var value;

@@ -73,3 +53,3 @@

if (value === undefined) {
value = req.param(item);
value = getter(item)
} else {

@@ -98,4 +78,32 @@ value = value[item];

return validator.check(value, fail_msg);
}
}
var expressValidator = function(req, res, next) {
req.updateParam = function(name, value) {
// route params like /user/:id
if (this.params && this.params.hasOwnProperty(name) &&
undefined !== this.params[name]) {
return this.params[name] = value;
}
// query string params
if (undefined !== this.query[name]) {
return this.query[name] = value;
}
// request body params via connect.bodyParser
if (this.body && undefined !== this.body[name]) {
return this.body[name] = value;
}
return false;
};
req.check = checkParam(req, function(item) {
return req.param(item);
});
req.checkBody = checkParam(req, function(item) {
return req.body[item];
});
req.checkHeader = function(header, fail_msg) {

@@ -102,0 +110,0 @@ var to_check;

+4
-3
package.json

@@ -7,5 +7,6 @@ {

"Chris O'Hara <cohara87@gmail.com>",
"@orfaust"
"@orfaust",
"@zero21xxx"
],
"version": "0.3.2",
"version": "0.4.0",
"homepage": "https://github.com/ctavan/express-validator",

@@ -24,3 +25,3 @@ "repository": {

"dependencies": {
"validator": "0.4.25"
"validator": "1.1.3"
},

@@ -27,0 +28,0 @@ "devDependencies": {

+33
-12
README.md

@@ -30,3 +30,4 @@ # express-validator

req.assert('postparam', 'Invalid postparam').notEmpty().isInt();
// checkBody only checks req.body; none of the other req parameters
req.checkBody('postparam', 'Invalid postparam').notEmpty().isInt();
req.assert('getparam', 'Invalid getparam').isInt();

@@ -66,14 +67,6 @@ req.assert('urlparam', 'Invalid urlparam').isAlpha();

{ param: 'urlparam', msg: 'Invalid urlparam', value: 't1est' } ]
```
You can extend the `Validator` and `Filter` objects to add custom validation
and sanitization methods:
```javascript
var expressValidator = require('express-validator');
expressValidator.Filter.prototype.toLowerCase = function(){
this.modify(this.str.toLowerCase());
return this.str;
};
$ curl http://localhost:8888/test?getparam=1&postparam=1
There have been validation errors: [
{ param: 'postparam', msg: 'Invalid postparam', value: undefined} ]
```

@@ -169,3 +162,30 @@

### Extending
You can extend the `Validator` and `Filter` objects to add custom validation
and sanitization method.
Custom validation which always fails. Useful for debugging or for
adding messages manually when doing complex validation:
```javascript
var expressValidator = require('express-validator');
expressValidator.Validator.prototype.fail = function() {
//You could validate against this.str, instead of just erroring out.
this.error(this.msg);
return this;
};
```
Custom sanitization which lower-cases the string:
```javascript
expressValidator.Filter.prototype.toLowerCase = function(){
this.modify(this.str.toLowerCase());
return this.str;
};
```
## Changelog

@@ -212,2 +232,3 @@

- @orfaust - Add `validationErrors()` and nested field support
- @zero21xxx - Added `checkBody` function

@@ -214,0 +235,0 @@ ## License

+2
-2
test/regex.js

@@ -14,3 +14,3 @@ var assert = require('assert');

var validation = function(req, res) {
req.assert(0, errorMessage).len(3,3).isInt();
req.assert(0, errorMessage).len(3, 3).isInt();

@@ -28,3 +28,3 @@ var errors = req.validationErrors();

function fail(body) {
assert.equal(body.length, 1);
assert.equal(body.length, 2);
assert.deepEqual(body[0].msg, errorMessage);

@@ -31,0 +31,0 @@ }