UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

50 lines (49 loc) 1.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.extractSQLFromObject = extractSQLFromObject; const SQLDialectPostgres_1 = require("../../vulnerabilities/sql-injection/dialects/SQLDialectPostgres"); function isTaggedTemplate(value) { if (!value || typeof value !== "object" || !("strings" in value) || !Array.isArray(value.strings) || value.strings.length === 0) { return false; } if (!value.strings.every((s) => typeof s === "string")) { return false; } if (!("values" in value) || !Array.isArray(value.values)) { return false; } return true; } function extractSQLFromObject(obj, dialect) { if (Array.isArray(obj) && obj.length > 0 && typeof obj[0] === "string" && obj[0].length > 0) { return obj[0]; } if (isTaggedTemplate(obj)) { return extractSQLFromTaggedTemplate(obj, dialect); } } function extractSQLFromTaggedTemplate(template, dialect) { const { strings } = template; let sql = ""; for (let i = 0; i < strings.length; i++) { sql += strings[i]; if (i < template.values.length) { sql += getPlaceholderForDialect(dialect, i); } } return sql; } function getPlaceholderForDialect(dialect, index) { if (dialect.getHumanReadableName() === SQLDialectPostgres_1.SQLDialectPostgres.prototype.getHumanReadableName()) { return `$${index + 1}`; } return "?"; }