@vulcan-sql/core/src/lib/template-engine/built-in-extensions/query-builder/sanitizerBuilder.js

Core package of VulcanSQL

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SanitizerBuilder = void 0;
const tslib_1 = require("tslib");
const models_1 = require("../../../../models/index");
const nunjucks = require("nunjucks");
const extension_utils_1 = require("../../extension-utils");
const constants_1 = require("./constants");
/**
 * Add a sanitizer filter after all "lookup" like nodes, e.g. LookupVal, FunctionCall ...etc. In order to do sql injection prevention.
 * {{ context.params.id }} -> {{ context.params.id | sanitizer }}
 */
let SanitizerBuilder = class SanitizerBuilder extends models_1.FilterBuilder {
    constructor() {
        super(...arguments);
        this.filterName = constants_1.SANITIZER_NAME;
    }
    onVisit(node) {
        if (node instanceof nunjucks.nodes.Root)
            this.addSanitizer(node);
    }
    addSanitizer(node, parentHasOutputNode = false) {
        (0, extension_utils_1.visitChildren)(node, (child, replace) => {
            // Visitor should be stopped by raw filter
            if (child instanceof nunjucks.nodes.Filter &&
                child.name instanceof nunjucks.nodes.Symbol &&
                child.name.value === constants_1.RAW_FILTER_NAME) {
                return;
            }
            if (this.isNodeNeedToBeSanitize(child)) {
                if (!parentHasOutputNode && !(node instanceof nunjucks.nodes.Output))
                    return;
                const filter = new nunjucks.nodes.Filter(node.lineno, node.colno);
                filter.name = new nunjucks.nodes.Symbol(node.lineno, node.colno, constants_1.SANITIZER_NAME);
                const args = new nunjucks.nodes.NodeList(node.lineno, node.colno);
                // The first argument is the target of the filter
                args.addChild(child);
                filter.args = args;
                replace(filter);
            }
            else {
                this.addSanitizer(child, parentHasOutputNode || node instanceof nunjucks.nodes.Output);
            }
        });
    }
    isNodeNeedToBeSanitize(node) {
        return (node instanceof nunjucks.nodes.LookupVal ||
            // includes FunCall, Filter
            node instanceof nunjucks.nodes.FunCall ||
            node instanceof nunjucks.nodes.Symbol);
    }
};
SanitizerBuilder = tslib_1.__decorate([
    (0, models_1.VulcanInternalExtension)()
], SanitizerBuilder);
exports.SanitizerBuilder = SanitizerBuilder;
//# sourceMappingURL=sanitizerBuilder.js.map