@opengis/fastify-table
Version:
core-plugins
20 lines (19 loc) • 869 B
JavaScript
import sqlInjection from "../sqlInjection.js";
export default function checkSQL({ body, schema = {} }) {
const data = typeof body === "string" ? body : JSON.stringify(body);
const stopWords = sqlInjection.filter((el) => data?.toLowerCase?.()?.includes?.(el));
if (!stopWords.length)
return { body };
const disabledCheckFields = Object.keys(schema || {})?.filter((el) => schema?.[el]?.sqlCheck === false); // exclude specific columns
const field = Object.keys(body)?.find((key) => body[key]?.toLowerCase &&
!disabledCheckFields.includes(key) &&
body[key].toLowerCase().includes(stopWords[0]));
if (field) {
console.error(stopWords[0], field, body[field]);
return {
error: `rule: ${stopWords[0]} | attr: ${field} | val: ${body[field]}`,
body,
};
}
return { body };
}