perfect-express-sanitizer - npm Package Compare versions

Comparing version 2.0.0 to 2.0.1

index.js

		@@ -6,7 +6,24 @@ const sanitize = require("./modules/");
		whiteList = [],
		only = ["body", "params", "headers", "query"]
		only = ["body", "params", "headers", "query"],
		dynamicRoutes = false
		) {
		return (req, res, next) => {
		only.forEach((k) => {
		if (req[k] && !whiteList.some((v) => req.url.trim().startsWith(v))) {
		if (req[k] && !whiteList.some((v) => {
		if (dynamicRoutes && v.includes(':')) {
		let check = false;
		const vArr = v.replace(/^\/+/, '').replace(/\/$/, '').split('/');
		const urlArr = req.url.replace(/^\/+/, '').replace(/\/$/, '').split('/');

		if (vArr.length <= urlArr.length)
		for (let i = 0; i < vArr.length; i++) {
		if (vArr[i].includes(':'))
		check = true;
		else if (vArr[i] == urlArr[i]) check = true;
		else { check = false; break; }
		};
		return check
		}
		else return req.url.trim().startsWith(v)
		})) {
		req[k] = sanitize.prepareSanitize(req[k], options);
		@@ -13,0 +30,0 @@ }

modules/nosql_injection.js

		@@ -69,17 +69,19 @@ const mongoLimit = require('../data/mongo.js');
		if (typeof data === "object" && data !== null) {
		let sanitizedData = {};
		Object.keys(data).forEach((key) => {
		const item = data[key];
		let item = data[key];
		if(options?.allowedKeys && containsAllowedKey(item, options.allowedKeys)){
		return data;
		sanitizedData[key] = item;
		}
		if (typeof item === "string") {
		data[key] = noSQLSanitizer(item, level);
		sanitizedData[options.sanitizeKeys ? noSQLSanitizer(key, level) : key] = noSQLSanitizer(item, level);
		} else if (Array.isArray(item) \|\| typeof item === "object") {
		try {
		data[key] = sanitize(item, level);
		sanitizedData[options.sanitizeKeys ? noSQLSanitizer(key, level) : key] = sanitize(item, options);
		} catch (error) {
		data[key] = item;
		sanitizedData[key] = item;
		}
		}
		});
		return sanitizedData;
		}
		@@ -86,0 +88,0 @@ return data;

package.json

		{
		"name": "perfect-express-sanitizer",
		"version": "2.0.0",
		"version": "2.0.1",
		"description": "a complete package to control user input data to prevent Cross Site Scripting (XSS) ,Sql injection and no Sql injection attack",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -122,3 +122,3 @@ # Perfect Express Sanitizer

		##### Whitelisting Routes
		#### Whitelisting Routes

		@@ -142,3 +142,3 @@ If you want to skip sanitization for certain routes, you can specify a whitelist of routes when setting up the middleware:

		##### Limit Sanitization
		#### Limit Sanitization

		@@ -161,4 +161,21 @@ By default, `perfect-express-sanitizer` sanitizes all parts of the request (body, query, and header). If you only want to sanitize specific parts of the request, you can specify them when setting up the middleware:

		##### Setting Sanitization Levels
		For an option that sanitizes keys, you could consider the following option `sanitizeKeys: true` example:

		```javascript
		app.use(
		sanitizer.clean(
		{
		xss: true,
		noSql: true,
		sanitizeKeys: true,
		},
		whiteList = [],
		only = ["body", "query"]
		)
		);
		```


		#### Setting Sanitization Levels

		You can set different levels of sanitization for SQL and NoSQL injections by specifying the sqlLevel and noSqlLevel options when setting up the middleware. The levels range from 1 to 5, with higher levels providing more comprehensive sanitization.
		@@ -165,0 +182,0 @@

New alerts