UNPKG

mongodb-sanitize

Version:

Helper or middleware to sanitize json object to prevent query selector injections for MongoDB

github.com/divyeshpujari/mongodb-sanitize

divyeshpujari/mongodb-sanitize

133 lines (89 loc) 4.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# mongodb-sanitize [![NPM](https://nodei.co/npm/mongodb-sanitize.png)](https://www.npmjs.com/package/mongodb-sanitize) ![npm](https://img.shields.io/npm/v/mongodb-sanitize) ![node-current](https://img.shields.io/node/v/mongodb-sanitize) ![GitHub branch checks state](https://img.shields.io/github/checks-status/divyeshpujari/mongodb-sanitize/master?label=build) ![npm](https://img.shields.io/npm/dw/mongodb-sanitize) ![GitHub issues](https://img.shields.io/github/issues/divyeshpujari/mongodb-sanitize) ![NPM](https://img.shields.io/npm/l/mongodb-sanitize) [![dependencies Status](https://status.david-dm.org/gh/divyeshpujari/mongodb-sanitize.svg)](https://david-dm.org/divyeshpujari/mongodb-sanitize) [![devDependencies Status](https://status.david-dm.org/gh/divyeshpujari/mongodb-sanitize.svg?type=dev)](https://david-dm.org/divyeshpujari/mongodb-sanitize?type=dev) ![npm bundle size](https://img.shields.io/bundlephobia/min/mongodb-sanitize) ![GitHub contributors](https://img.shields.io/github/contributors/divyeshpujari/mongodb-sanitize) This repository provides a functionality to sanitize the data that going to use for mongoDb operation. This will make sure that, incoming request not includes the bad/wrong formatted data which break or security breach for mongoDb. In short, it's provide some amount of security at code level to avoid any injection over mongoDb. # How to install ```javascript npm i --save mongodb-sanitize ``` or ```javascript yarn add mongodb-sanitize ``` Or CDN Reference - [unpkg mongodb-sanitize](https://unpkg.com/browse/mongodb-sanitize/) - [jsdelivr mongodb-sanitize](https://cdn.jsdelivr.net/npm/mongodb-sanitize/index.min.js) # How to use as middleware Set as the middleware like below example: By default this package will sanitize the data for `req.body`, `req.params`, `req.query` ```javascript const express = require('express'); const mongodbSanitize = require('mongodb-sanitize'); const app = express(); app.use(mongodbSanitize()); ``` With typescript ```typescript import express from 'express'; import {sanitizeMiddleWare} from 'mongodb-sanitize'; const app = express(); app.use(sanitizeMiddleWare()); ``` If you want to sanitize on custom fields and options then you can configure the middleware as below: ```javascript const express = require('express'); const mongodbSanitize = require('mongodb-sanitize'); const app = express(); app.use(mongodbSanitize(['body', 'query'], {replaceBy: '#'})); ``` With typescript ```typescript import express from 'express'; import {sanitizeMiddleWare} from 'mongodb-sanitize'; const app = express() app.use(sanitizeMiddleWare(['body'], {replaceBy: '#'})) ``` Note:- Here, sanitize operation should be performed on only two fields(`body`, `query`) of request. # How to use as separate method Here, you can see the example that how to use sanitize method separately without options ```javascript const { sanitize } = require('mongodb-sanitize'); const sanitizedObject = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>); ``` With typescript ```typescript import {sanitize} from 'mongodb-sanitize'; const sanitizedObject:any = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>); ``` With options ```javascript const { sanitize } = require('mongodb-sanitize'); const sanitizedObject = sanitize(<SOME_OBJECT_OR_ARRAY>, {replaceBy: <string>}); ``` With typescript ```typescript import {sanitize} from 'mongodb-sanitize'; const sanitizedObject:any = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>, {replaceBy: <string>}); ``` # How to use `isSanitized` method `isSanitized` method used to check that is the pass object/array in argument is sanitize or not for mongodb operations. ```javascript const { isSanitized } = require('mongodb-sanitize'); const isSanitize = isSanitized(<OBJECT_OR_ARRAY_TO_SANITIZE>); ``` With typescript ```typescript import {isSanitized} from 'mongodb-sanitize'; const isSanitize: boolean = isSanitized(<OBJECT_OR_ARRAY_TO_SANITIZE>); ```