UNPKG

express-shield-securekit

Version:

A modular security middleware toolkit for Express.js with built-in rate limiting, SQL injection protection, and XSS sanitization.

github.com/Syed-Bakhtawar-Fahim/secure-express-kit

Syed-Bakhtawar-Fahim/secure-express-kit

51 lines (42 loc) 1.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import express from 'express'; import request from 'supertest'; import { sanitizeMiddleware } from '../middleware/sanitizeMiddleware'; const app = express(); app.use(express.json()); app.use(sanitizeMiddleware); app.post('/test', (req, res) => { res.status(200).json({ message: 'Passed' }); }); describe('Sanitize Middleware - Extended Tests', () => { const generateXssPayload = (i: number) => ({ name: `<script>alert("xss${i}")</script>` }); const generateSqlPayload = (i: number) => ({ query: `' OR ${i}=${i} --` }); const generateValidPayload = (i: number) => ({ name: `User${i}`, email: `user${i}@example.com` }); for (let i = 1; i <= 70; i++) { it(`XSS attack payload #${i} should be rejected`, async () => { const res = await request(app).post('/test').send(generateXssPayload(i)); expect(res.status).toBe(400); expect(res.body.details[0].type).toBe('XSS'); }); } for (let i = 1; i <= 70; i++) { it(`SQL injection payload #${i} should be rejected`, async () => { const res = await request(app).post('/test').send(generateSqlPayload(i)); expect(res.status).toBe(400); expect(res.body.details[0].type).toBe('SQL Injection'); }); } for (let i = 1; i <= 60; i++) { it(`Valid payload #${i} should pass`, async () => { const res = await request(app).post('/test').send(generateValidPayload(i)); expect(res.status).toBe(200); expect(res.body.message).toBe('Passed'); }); } });