New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

ramlitedb

Package Overview
Dependencies
Maintainers
1
Versions
32
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ramlitedb - npm Package Compare versions

Comparing version 1.0.7 to 1.1.0

2

package.json
{
"name": "ramlitedb",
"version": "1.0.7",
"version": "1.1.0",
"description": "NoSQL Database for node.js with all data loaded in ram and backup in json file",

@@ -5,0 +5,0 @@ "main": "src/index.js",

72

README.md

@@ -16,2 +16,33 @@ # ramliteDB

## Doc
### ramliteDB.set(key, value)
Set a value
- param {str} key Key Path to the data (dot separated)
- param {mixed} value The value to record
- return {bool} is that a success ?
### ramliteDB.get(key)
Get a value
- param {str} key Path to the data (dot separated)
- return {mixed} null/data
### ramliteDB.destroy()
Free all ressources (! this is asynchrone !)
### ramliteDB.inject(key, values)
Security function. Inject values in the "key path", checking no "dot" are injected by values.
This ensure users don't try to access/set forbiden data
- param {string} key A classic key, with ? in place of injection spots
- param {array} values List of values to inject
- return {object} Chaining object
### ramliteDB.on(event, callback)
Attach an action to a specific event (load, backup, unload)
- param {str} event Event Name
- param {Function} callback Action to attach
## Examples

@@ -95,3 +126,44 @@ Here is a list of way to set and get the data

## Advanced features
### Secured injection
Let's suppose the key you want to access/set depend of a value.
Here is our working database :
```json
{
"user": {
"Emma": {
password: "mySecretPassword"
},
"Marc": {
password: "1234"
}
},
}
```
Let's see what you should do :
```javascript
// Here come the request data
var nicePseudo = "Marc";
var evilPseudo = "Marc.password";
rlDB.inject("user.?.password", [nicePseudo])
.set("the new password");
rlDB.inject("user.?.password", [nicePseudo])
.get(); // "the new password"
rlDB.inject("user.?.password", [evilPseudo])
.set("the new password"); // throw an error because of the "."
rlDB.inject("user.?.password", [evilPseudo])
.get(); // "the new password" // throw an error because of the "."
})
```
## Have fun folks ;)
and give me feedback

28

src/index.js

@@ -92,2 +92,30 @@ /**

/**
* Security function. Inject values in the "key path", checking no "dot" are injected by values.
* This ensure users don't try to access/set forbiden data
*
* @param {string} key A classic key, with ? in place of injection spots
* @param {array} values List of values to inject
*
* @return {object} Chaining object
*/
this.inject = (key, values) => {
var parts = key.split('?');
if (parts.length !== inject.length + 1)
throw "Error: can't match '?' and injections";
var genKey = '';
key.split('?').forEach((part, i) => {
if (inject[i].find('.'))
throw "Error: Forbiden injection value";
genKey = key + (inject[i] || '');
});
return {
set: (value) => (this.set(genKey, value)),
get: () => (this.get(genKey))
};
}
/**
* Attach an action to a specific event

@@ -94,0 +122,0 @@ *

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc