mongo-sanitizer

Version:

An Express.js middleware to prevent NoSQL injection attacks by sanitizing req.body, req.query, and req.params. Supports custom replacement and dot notation handling

github.com/hkaya15/mongo-sanitizer

hkaya15/mongo-sanitizer

41 lines • 3.27 kB

TypeScript

View Raw

import { Request, Response, NextFunction } from 'express'; import { sanitize, has } from './sanitize-utils'; interface MiddlewareOptions { replaceWith?: string; onSanitize?: (data: { req: Request; key: 'body' | 'params' | 'query' | 'headers'; }) => void; dryRun?: boolean; allowDots?: boolean; fields?: ('body' | 'params' | 'query' | 'headers')[]; } /** * Express middleware'i, gelen isteğin (req.body, req.query, req.params, req.headers) NoSQL enjeksiyon saldırılarına karşı temizlenmesini sağlar. * Orijinal istek objesini değiştirmek yerine, bu özelliklerin temizlenmiş (sanitized) versiyonlarını req.sanitizedBody, req.sanitizedQuery vb. gibi yeni özelliklere atar. * Güvenli veri erişimi için geliştiricilerin KESİNLİKLE 'sanitized' önekli özellikleri kullanması gerekir. * ÖNEMLİ: `req.params`'ın güvenilir bir şekilde temizlenebilmesi için, `mongoSanitizer()` middleware'i, ilgili rota tanımında (örneğin: `app.get('/path/:id', mongoSanitizer(), (req, res) => { ... })` veya `router.get('/path/:id', mongoSanitizer(), (req, res) => { ... })`) parametreleri kullanan rota işleyicisinden hemen önce yerleştirilmelidir. * @param options - Middleware seçenekleri. * @returns Express middleware fonksiyonu. */ /** * Express middleware to prevent NoSQL injection attacks by sanitizing req.body, req.query, req.params, and req.headers of the incoming request. * Instead of modifying the original request object, it assigns the sanitized versions of these properties to new properties like req.sanitizedBody, req.sanitizedQuery, etc. * Developers MUST use the 'sanitized' prefixed properties for secure data access. * IMPORTANT: For `req.params` to be reliably sanitized, the `mongoSanitizer()` middleware should be placed directly before the route handler within its specific route definition (e.g., `app.get('/path/:id', mongoSanitizer(), (req, res) => { ... })` or `router.get('/path/:id', mongoSanitizer(), (req, res) => { ... })`). * @param options - Middleware options. * @returns Express middleware function. */ /** * Express-Middleware zur Verhinderung von NoSQL-Injection-Angriffen durch Bereinigung von req.body, req.query, req.params und req.headers der eingehenden Anfrage. * Anstatt das ursprüngliche Anfrageobjekt zu ändern, weist es die bereinigten Versionen dieser Eigenschaften neuen Eigenschaften wie req.sanitizedBody, req.sanitizedQuery usw. zu. * Entwickler MÜSSEN die mit 'sanitized' präfixierten Eigenschaften für einen sicheren Datenzugriff verwenden. * WICHTIG: Damit `req.params` zuverlässig bereinigt werden kann, sollte die `mongoSanitizer()`-Middleware direkt vor dem Routen-Handler innerhalb seiner spezifischen Routendefinition platziert werden (z. B. `app.get('/path/:id', mongoSanitizer(), (req, res) => { ... })` oder `router.get('/path/:id', mongoSanitizer(), (req, res) => { ... })`). * @param options - Middleware-Optionen. * @returns Express-Middleware-Funktion. */ declare function expressSanitize(options?: MiddlewareOptions): (req: Request, res: Response, next: NextFunction) => void; declare const sanitizer: typeof expressSanitize; export default sanitizer; export { sanitize, has }; //# sourceMappingURL=index.d.ts.map