mongo-sanitizer
Version:
An Express.js middleware to prevent NoSQL injection attacks by sanitizing req.body, req.query, and req.params. Supports custom replacement and dot notation handling
40 lines • 1.64 kB
TypeScript
/**
* Checks if a value is a plain object (not an array, null, or other types).
* This is crucial for recursively traversing only plain objects.
* @param val The value to check.
* @returns True if the value is a plain object, false otherwise.
*/
export declare function isPlainObject(val: any): val is Record<string, any>;
/**
* Recursively sanitizes an object or array by replacing '$' and '.' in keys and values.
* It now also handles direct string sanitization for values, as seen in req.params.
* @param obj The object or value to sanitize.
* @param options Middleware options, including replaceWith and dryRun.
* @returns An object containing the sanitized target and a boolean indicating if any sanitization occurred.
*/
export declare function _sanitize(obj: any, options?: {
replaceWith?: string;
dryRun?: boolean;
allowDots?: boolean;
}): {
isSanitized: boolean;
target: any;
};
/**
* Helper function to sanitize a single string or an object/array.
* This is the primary function to be exposed for manual sanitization.
* @param value The value to sanitize.
* @param options Options for sanitization (replaceWith, dryRun).
* @returns The sanitized value.
*/
export declare function sanitize(value: any, options?: {
replaceWith?: string;
dryRun?: boolean;
}): any;
/**
* Helper function to check if a value contains NoSQL injection characters without sanitizing it.
* @param value The value to check.
* @returns True if the value contains NoSQL injection characters, false otherwise.
*/
export declare function has(value: any): boolean;
//# sourceMappingURL=sanitize-utils.d.ts.map