secure-express-setup
Version:
Military-grade one-command security setup for Express.js applications
35 lines (30 loc) • 799 B
JavaScript
const badPatterns = [
/\bUNION\b/i,
/\bSELECT\b.*\bFROM\b/i,
/--/g,
/;/g,
/\bDROP\b/i,
/\bINSERT\b/i,
/\bUPDATE\b/i,
/\bDELETE\b/i,
/\bOR\b\s+1=1\b/i
];
function isDangerous(value) {
if (typeof value !== "string") return false;
return badPatterns.some((pattern) => pattern.test(value));
}
module.exports = function setupSqlInjection() {
return (req, res, next) => {
const inputs = { ...req.body, ...req.query, ...req.params };
for (const [key, value] of Object.entries(inputs)) {
if (isDangerous(value)) {
console.warn(`🚨 SQL Injection attempt: ${key}=${value}`);
return res.status(400).json({
error: "Invalid input detected",
field: key
});
}
}
next();
};
};