This commit is contained in:
Tben 2023-07-02 07:13:03 +01:00
parent eb3fe1aab0
commit 6307c4a980
2 changed files with 19 additions and 27 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "datasquirel", "name": "datasquirel",
"version": "1.1.56", "version": "1.1.57",
"description": "Cloud-based SQL data management tool", "description": "Cloud-based SQL data management tool",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {

View File

@ -8,42 +8,41 @@
/** /**
* Sanitize SQL function * Sanitize SQL function
* ============================================================================== * ==============================================================================
* @description this function takes in a text(or number) and returns a sanitized * @description this function takes in a text(or number) or object or array or
* text, usually without spaces * boolean and returns a sanitized version of the same input.
* *
* @param {string|number|object} text - Text or number or object * @param {string|number|object|boolean} input - Text or number or object or boolean
* @param {boolean?} spaces - Allow spaces * @param {boolean?} spaces - Allow spaces?
* @param {RegExp?} regex - Regular expression, removes any match
* *
* @returns {string|object} * @returns {string|number|object|boolean}
*/ */
function sanitizeSql(text, spaces, regex) { function sanitizeSql(input, spaces) {
/** /**
* Initial Checks * Initial Checks
* *
* @description Initial Checks * @description Initial Checks
*/ */
if (!text) return ""; if (!input) return "";
if (typeof text == "number" || typeof text == "boolean") return text; if (typeof input == "number" || typeof input == "boolean") return input;
if (typeof text == "string" && !text?.toString()?.match(/./)) return ""; if (typeof input == "string" && !input?.toString()?.match(/./)) return "";
if (typeof text == "object" && !Array.isArray(text)) { if (typeof input == "object" && !Array.isArray(input)) {
//////////////////////////////////////// ////////////////////////////////////////
//////////////////////////////////////// ////////////////////////////////////////
//////////////////////////////////////// ////////////////////////////////////////
const newObject = sanitizeObjects(text, spaces); const newObject = sanitizeObjects(input, spaces);
return newObject; return newObject;
//////////////////////////////////////// ////////////////////////////////////////
//////////////////////////////////////// ////////////////////////////////////////
//////////////////////////////////////// ////////////////////////////////////////
} else if (typeof text == "object" && Array.isArray(text)) { } else if (typeof input == "object" && Array.isArray(input)) {
//////////////////////////////////////// ////////////////////////////////////////
//////////////////////////////////////// ////////////////////////////////////////
//////////////////////////////////////// ////////////////////////////////////////
const newArray = sanitizeArrays(text, spaces); const newArray = sanitizeArrays(input, spaces);
return newArray; return newArray;
//////////////////////////////////////// ////////////////////////////////////////
@ -51,8 +50,8 @@ function sanitizeSql(text, spaces, regex) {
//////////////////////////////////////// ////////////////////////////////////////
} }
// if (text?.toString()?.match(/\'|\"/)) { // if (input?.toString()?.match(/\'|\"/)) {
// console.log("TEXT containing commas =>", text); // console.log("TEXT containing commas =>", input);
// return ""; // return "";
// } // }
@ -65,15 +64,15 @@ function sanitizeSql(text, spaces, regex) {
* *
* @description Declare "results" variable * @description Declare "results" variable
*/ */
let finalText = text; let finalText = input;
if (regex) { if (regex) {
finalText = text.toString().replace(regex, ""); finalText = input.toString().replace(regex, "");
} }
if (spaces) { if (spaces) {
} else { } else {
finalText = text finalText = input
.toString() .toString()
.replace(/\n|\r|\n\r|\r\n/g, "") .replace(/\n|\r|\n\r|\r\n/g, "")
.replace(/ /g, ""); .replace(/ /g, "");
@ -92,13 +91,6 @@ function sanitizeSql(text, spaces, regex) {
.replace(/\/\*\*\//g, "") .replace(/\/\*\*\//g, "")
.replace(escapeRegex, "\\$&"); .replace(escapeRegex, "\\$&");
// const injectionRegexp = /select .* from|\*|delete from|drop database|drop table|update .* set/i;
// if (text?.toString()?.match(injectionRegexp)) {
// console.log("ATTEMPTED INJECTION =>", text);
// return "";
// }
//////////////////////////////////////// ////////////////////////////////////////
//////////////////////////////////////// ////////////////////////////////////////
//////////////////////////////////////// ////////////////////////////////////////