@blazedpath/commons 0.2.2 → 0.3.1

package/blz-security/sqlInjectionGuard.js

@@ -1,162 +0,0 @@
-const { z } = require('zod');
-module.exports = class SqlInjectionGuard {
-    constructor(logger = console) {
-        this.logger = logger;    
-        this._initialized = false;        
-    }
-
-    _initialize() {
-        if (this._initialized) return;
-        this._initialized = true;
-        const allowedPatternsEnv = process.env.blz_securityApiSanitizeAllowedSqlInputPatterns;            
-        const paramPatternsEnv = process.env.blz_securityApiSanitizeDangerousParamPatterns;
-        const sqlPatternsEnv = process.env.blz_securityApiSanitizeDangerousSqlPatterns;        
-        this.onlyLog = process.env.blz_securityApiSanitizeOnlyLog === 'true';        
-        const parseRegexArray = (input) => {
-            try {
-                if (input == undefined || input == null) return null
-                const rawList = JSON.parse(input); // must be an array of strings type ["--", "\\bselect\\b.+\\bfrom\\b"]
-                return rawList.map(pattern => new RegExp(pattern, 'i'));
-            } catch {
-                return null;
-            }
-        };
-        this.dangerousParamPatterns =
-            parseRegexArray(paramPatternsEnv) || [
-                /--/i,
-                /\/\*/i,
-                /\*\//i,
-                /\bor\b\s+\w+\s*=/i,
-                /\bor\b\s+.*?=.*?/i,
-                /\bor\b\s+'.*?'\s*=\s*'.*?'/i,                
-                /\bor\b\s+\w+\s*like/i,
-                /\band\b\s+\w+\s*=/i,
-                /\band\b\s+\w+\s*like/i,
-                /\bselect\b[\s\S]+?\bfrom\b/i,
-                /\bunion\s+select\b/i,
-                /\bdrop\s+table\b/i,
-                /\binsert\s+into\b/i,
-                /\bupdate\b\s+\w+\s+\bset\b[\s\S]*?=/i,
-                /\bdelete\s+from\b/i,
-                /\bpg_sleep\s*\(/i,
-                /\bdbms_lock\.sleep\s*\(/i,
-                /\bexec\s*\(/i,
-                /\bexecute\s*\(/i
-            ];
-
-        this.dangerousSqlPatterns =
-            parseRegexArray(sqlPatternsEnv) || [
-                /;\s*drop\b/i,
-                /;\s*truncate\b/i,
-                /\bpg_sleep\s*\(/i,
-                /\bdbms_lock\.sleep\s*\(/i,
-                /\bexec(ute)?\s*(\(|\s)/i,
-                /\binformation_schema\b/i,
-                /\bpg_catalog\b/i,
-            ];
-        
-        this.allowedInputPatterns =
-            parseRegexArray(allowedPatternsEnv) || [
-                new RegExp('^[^<>]*<$', 'i'),
-                new RegExp('^>[^<>]*$', 'i')
-            ]; 
-            
-        
-        // Define a schema for each param object
-        this.paramSchema = z.object({
-            name: z.string(),
-            value: z.any(), // value can be string, number, etc.
-        });
-
-        // Schema for the full list
-        this.paramsSchema = z.array(this.paramSchema);
-    }
-
-    isAllowedByWhitelist(value) {
-        return this.allowedInputPatterns.some(pattern => pattern.test(value));
-    }
-
-    validateParamValue(name, value) {
-        this. _initialize()
-        if (typeof value !== 'string') return;
-        const trimmed = value.trim();
-        if (this.isAllowedByWhitelist(trimmed)) return
-        // Always check for dangerous SQL injection patterns
-        for (const pattern of this.dangerousParamPatterns) {            
-            if (pattern.test(trimmed)) {
-                const message = `Potential SQL injection in parameter "${name}": ${value}`;
-                if (this.onlyLog) {
-                    this.logger?.warn?.(`[SQLInjectionGuard] ${message}`);
-                } else {
-                    const err = new Error('Potential SQL injection');
-                    err.code = 'SQLInjection';
-                    err.data = message;
-                    throw err;
-                }
-            }
-        }
-    }
-   
-    validateParamList(params) {
-        this. _initialize()
-        this.paramsSchema.parse(params); // Validate structure with Zod
-        for (const param of params) {
-            this.validateParamValue(param.name, param.value);
-        }
-        return params;
-    }
-
-    validateRawSql(sql) {
-        this. _initialize()
-        if (typeof sql !== 'string') return false;
-        for (const pattern of this.dangerousSqlPatterns) {
-            if (pattern.test(sql.toLowerCase())) {
-                const message = `Potential SQL injection in "${sql}" pattern:${pattern}`;
-                if (this.onlyLog) {
-                    this.logger.warn(`[SQLInjectionGuard] ${message}`);
-                } else {
-                    const err = new Error('Potential SQL injection');
-                    err.code = 'SQLInjection';
-                    err.data = message;
-                    throw err;
-                }
-            }
-        }
-        return sql
-    }
-
-    validateObject(obj) {
-        this. _initialize()
-        const checkValue = (value) => {
-            if (typeof value === 'string') {
-                const trimmed = value.trim();
-                if (!this.isAllowedByWhitelist(trimmed)) {
-                    for (const pattern of this.dangerousParamPatterns) {
-                        if (pattern.test(trimmed)) {
-                            const message = `Value "${value}" violates SQL injection policy.`;
-                            if (this.onlyLog) {
-                                this.logger.warn(`[SQLInjectionGuard] ${message}`);
-                            } else {
-                                const err = new Error('Potential SQL injection');
-                                err.code = 'BadRequest';
-                                err.data = message;
-                                throw err;
-                            }
-                        }
-                    }
-                }
-            } else if (Array.isArray(value)) {
-                for (const item of value) checkValue(item);
-            } else if (typeof value === 'object' && value !== null) {
-                for (const key in value) {
-                    if (Object.hasOwn(value, key)) {
-                        checkValue(value[key]);
-                    }
-                }
-            }
-        };
-
-        checkValue(obj);
-        return obj;
-    }
-}

package/blz-security/templates/session-iframe-azure-ad.html

@@ -1,7 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <body>
-    <div>sessionIframe</div>
-    <script src="/session-check-azuread.js"></script>
-  </body>
-</html>

package/blz-security/templates/session-iframe.html

@@ -1,73 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <body onload="javascript:startChecking()">
-    <iframe id="iframeOP" title="Session Iframe" src="{{sessionIframeUrl}}" style="display: none"></iframe>
-  </body>
-  <script>
-    let targetRP = new URL('{{sessionIframeUrl}}');
-    let previousState = '';
-
-    function startChecking() {
-      previousState = getCookieValue('{{sessionCookiesPrefix}}session_state');
-      setInterval(checkStatus, 15e3);
-      setInterval(checkSessionStatus, 15e3);
-    }
-    async function checkSessionStatus() {
-      try {
-        const response = await fetch('/check-session', {
-          method: 'GET',
-          credentials: 'include' // Include cookies in the request
-        });
-        const data = await response.json();
-        if (data.expired) {
-          if (data.redirectUrl) {
-            parent.location.href = data.redirectUrl; // redirect sentence
-          } else {
-            parent.location.reload(); // Reload the parent page instead of just the iframe
-          }
-        }
-      } catch (error) {
-        console.error('Error validating token:', error);
-        // Optionally handle the error
-      }
-    }
-    function getCookieValue(cookieName) {
-      let name = cookieName + '=';
-      let cookies = document.cookie.split(';');
-      if (!cookies) {
-        return null;
-      }
-      for (let i = 0; i < cookies.length; i++) {
-        let cookie = cookies[i].trim();
-        if (cookie.indexOf(name) == 0) {
-          return cookie.substring(name.length, cookie.length);
-        }
-      }
-      return null;
-    }
-
-    function checkStatus() {
-      let client = '{{clientId}}';
-      const prefix = '{{sessionCookiesPrefix}}'
-      let sessionState = getCookieValue(prefix + 'session_state');
-      let message = client + ' ' + sessionState;
-      const iframe = document.getElementById('iframeOP');
-      iframe.contentWindow.postMessage(message, '{{sessionIframeUrl}}');
-      //window.frames['iframeOP'].contentWindow.postMessage(message, '{{sessionIframeUrl}}');
-    }
-
-    window.addEventListener('message', receiveMessage, false);
-
-    function receiveMessage(event) {
-      if (event.origin !== targetRP.origin) return;
-      // To avoid endless reloads, only do a reload when the session state changed
-      let currentState = getCookieValue('{{sessionCookiesPrefix}}session_state');
-
-      if (event.data === 'changed' && previousState !== currentState) {
-        previousState = currentState;
-        document.cookie = 'session_state' + '=; Max-Age=0; SameSite=None; Secure';
-        parent.location.reload();
-      }
-    }
-  </script>
-</html>

package/blz-security/templates/unauthorized.html

@@ -1 +0,0 @@
-

package/blz-security/xssGuard.js

@@ -1,87 +0,0 @@
-const { JSDOM } = require('jsdom');
-const createDOMPurify = require('dompurify');
-
-module.exports = class XssGuard {
-    constructor(logger = console) {
-        this.logger = logger;
-        const window = new JSDOM('').window;
-        this.DOMPurify = createDOMPurify(window);
-        this.sanitizeOptions = {
-            ALLOWED_TAGS: [], // Does not allow any HTML tags
-            ALLOWED_ATTR: []  // No attributes
-        };
-    }
-
-    isZipString(str) {
-       return  str.startsWith('PK\x03\x04');
-    }
-
-    isAllowedBlocklyXml(str) {
-        const blocklyPatterns = [
-            /^<xml[\s\S]*<\/xml>$/i,
-            /^<block[\s\S]*<\/block>$/i,
-            /^<field name="[\w\-:]+">[\s\S]*<\/field>$/i,
-            /^<value name="[\w\-:]+">[\s\S]*<\/value>$/i
-        ];
-        return blocklyPatterns.some((re) => re.test(str));
-    }
-
-    sanitizeObject(obj) {
-        const sanitizeValue = (value, path = '') => {
-            if (value === null)
-			    return null;
-            if (value === undefined )
-                return undefined
-
-		    const valueType = toString.call(value);	
-            if (valueType === '[object String]') {
-
-                if(this.isZipString(value)){
-                    return value
-                }
-
-                let decoded;
-                try {
-                    decoded = decodeURIComponent(value);
-                } catch {
-                    decoded = value;
-                }
-                const trimmed = decoded.trim();
-                // ⚠️ Skip DOMPurify for valid Blockly XML
-                if (this.isAllowedBlocklyXml(trimmed)) {
-                    return trimmed;
-                }
-
-
-                const cleaned = this.DOMPurify.sanitize(trimmed, this.sanitizeOptions);
-
-                if (cleaned !== trimmed) {
-                    const message = `Sanitized input at path "${path}". Original: "${trimmed}", Cleaned: "${cleaned}".`;
-                    this.logger.warn(message);
-                }
-                return cleaned;
-            } else if (valueType === '[object Number]') {
-                return value
-            } else if (valueType === '[object Boolean]') {
-                return value
-            } else if (valueType === '[object Date]') {
-                return value
-            } else if (valueType === '[object Object]' && value.type === 'Buffer' && value.data) {
-                return value             
-            } else if (Array.isArray(value)) {
-                return value.map((item, index) => sanitizeValue(item, `${path}[${index}]`));
-            } else if (typeof value === 'object' && value !== null) {
-                const sanitizedObj = {};
-                for (const key in value) {
-                    if (Object.hasOwn(value, key)) {
-                        const childPath = path ? `${path}.${key}` : key;
-                        sanitizedObj[key] = sanitizeValue(value[key], childPath);
-                    }
-                }
-                return sanitizedObj;
-            }
-            return value;
-        };
-        return sanitizeValue(obj);
-    }
-};

package/blz-strings/index.js

@@ -1,167 +0,0 @@
-module.exports = {
-    _internal_: {
-        htmlUnescapes: {
-            '&': '&',
-            '&lt;': '<',
-            '&gt;': '>',
-            '&quot;': '"',
-            '&#39;': "'"
-        },
-        reEscapedHtml: /&(?:amp|lt|gt|quot|#(0+)?39);/g,
-        reHasEscapedHtml: RegExp('&(?:amp|lt|gt|quot|#(0+)?39);'),
-        htmlEscapes: {
-            '&': '&amp;',
-            '<': '&lt;',
-            '>': '&gt;',
-            '"': '&quot;',
-            "'": '&#39;'
-        },
-        reUnescapedHtml: /[&<>"']/g,
-        reHasUnescapedHtml: RegExp(`[&<>"']`),
-    },
-    concat: function () {
-        let result = '';
-        for (let i = 0; i < arguments.length; i++) {
-            let argument = arguments[i];
-            if (argument !== null)
-                result += argument;
-        }
-        return result;
-    },
-    contains: function (target, value) {
-        if (target === null || target === undefined)
-            return false;
-        if (value === null || value === undefined)
-            return false;
-        return target.indexOf(value) !== -1;
-    },
-    endsWith: function (target, value) {
-        if (target === null || target === undefined)
-            return false;
-        if (value === null || value === undefined)
-            return false;
-        return target.substring(target.length - value.length, target.length) === value;
-    },
-    escapeHtml: function (value) {
-        return (value && this._internal_.reHasUnescapedHtml.test(value))
-            ? value.replace(this._internal_.reUnescapedHtml, (chr) => this._internal_.htmlEscapes[chr])
-            : (value || '')
-    },
-    indexOf: function (target, value) {
-        if (target === null || target === undefined)
-            return -1;
-        if (value === null || value === undefined)
-            return -1;
-        return target.indexOf(value);
-    },
-    isNullOrEmpty: function (target) {
-        if (target === null || target === undefined)
-            return true;
-        return (target === '');
-    },
-    isNullOrWhiteSpace: function (target) {
-        if (target === null || target === undefined)
-            return true;
-        return (target === '' || target.replace(/\s/g, '').length < 1);
-    },
-    join: function (target, delimiter) {
-        if (target === null || target === undefined)
-            return null;
-        if (delimiter)
-            return target.join(delimiter);
-        else
-            return target.join('');
-    },
-    lastIndexOf: function (target, value) {
-        if (target === null || target === undefined)
-            return -1;
-        if (value === null || value === undefined)
-            return -1;
-        return target.lastIndexOf(value);
-    },
-    length: function (target) {
-        if (target === null || target === undefined)
-            return 0;
-        return target.length;
-    },
-    padLeft: function (target, totalWidth, padding) {
-        if (target === null || target === undefined)
-            return null;
-        if (totalWidth === null || totalWidth === undefined)
-            return target;
-        if (padding)
-            return target.padStart(totalWidth, padding);
-        else
-            return target.padStart(totalWidth);
-    },
-    padRight: function (target, totalWidth, padding) {
-        if (target === null || target === undefined)
-            return null;
-        if (totalWidth === null || totalWidth === undefined)
-            return target;
-        if (padding)
-            return target.padEnd(totalWidth, padding);
-        else
-            return target.padEnd(totalWidth);
-    },
-    replace: function (target, oldValue, newValue) {
-        if (target === null || target === undefined)
-            return null;
-        if (oldValue === null || oldValue === undefined)
-            return target;
-        if (newValue === null || newValue === undefined)
-            return target;
-        return target.replace(new RegExp(oldValue, 'g'), newValue);
-    },
-    split: function (target, delimiter) {
-        if (target === null || target === undefined)
-            return [];
-        return target.split(delimiter);
-    },
-    startsWith: function (target, value) {
-        if (target === null || target === undefined)
-            return false;
-        if (value === null || value === undefined)
-            return false;
-        return target.substring(0, value.length) === value;
-    },
-    substring: function (target, startIndex, length) {
-        if (target === null || target === undefined)
-            return null;
-        if (startIndex === null || startIndex === undefined)
-            return null;
-        if (length === null || length === undefined)
-            return null;
-        return target.substring(startIndex, startIndex + length);
-    },
-    toLower: function (target) {
-        if (target === null || target === undefined)
-            return null;
-        return target.toLowerCase();
-    },
-    toUpper: function (target) {
-        if (target === null || target === undefined)
-            return null;
-        return target.toUpperCase();
-    },
-    trim: function (target) {
-        if (target === null || target === undefined)
-            return null;
-        return target.trim();
-    },
-    trimEnd: function (target) {
-        if (target === null || target === undefined)
-            return null;
-        return target.trimEnd();
-    },
-    trimStart: function (target) {
-        if (target === null || target === undefined)
-            return null;
-        return target.trimStart();
-    },
-    unescapeHtml: function (value) {
-        return (value && this._internal_.reHasEscapedHtml.test(value))
-            ? value.replace(this._internal_.reEscapedHtml, (entity) => (this._internal_.htmlUnescapes[entity] || "'"))
-            : (value || '')
-    },
-};

package/blz-uuid/index.js

@@ -1,7 +0,0 @@
-const Uuid = require('uuid');
-
-module.exports = {
-    uuid: function () {
-        return Uuid.v4();
-    }
-};

package/blz-yaml/index.js

@@ -1,19 +0,0 @@
-const jsyaml = require('js-yaml')
-
-module.exports = {
-    yamlParse: function (value) {
-        if (value === undefined)
-            throw new Error('value undefined')
-        if (value === null)
-            return null
-        return jsyaml.load(value)
-    },
-    yamlStringify: function (value) {
-        if (value === undefined)
-            throw new Error('value undefined')
-        if (value === null)
-            return null
-        else
-            return jsyaml.dump(value)
-    },
-};

package/index.js

@@ -1,84 +0,0 @@
-const BlzBase = require('./blz-base');
-const BlzConfig = require('./blz-config');
-const BlzSecurity = require('./blz-security');
-const FileScanner = require('./blz-security/filescanner/index.js');
-const ProcessManagers = require('./process-managers');
-const { Exception } = require('./blz-security/helpers/utils');
-const BlzCache = require('./blz-cache');
-const BlzCore = require('./blz-core');
-const BlzCryptography = require('./blz-cryptography');
-const BlzDatetimes = require('./blz-datetimes');
-const BlzFile = require('./blz-file');
-const BlzHazelcast = require('./blz-hazelcast');
-const BlzIterable = require('./blz-iterable');
-const BlzJsonSchema = require('./blz-json-schema');
-const BlzJwt = require('./blz-jwt');
-const BlzKafka = require('./blz-kafka');
-const BlzMath = require('./blz-math');
-const BlzMongodb = require('./blz-mongodb');
-// const BlzProcesses = require('./blz-processes');
-const BlzRds = require('./blz-rds');
-const BlzRdsMysql = require('./blz-rds-mysql');
-const BlzRdsMysqlx = require('./blz-rds-mysqlx');
-const BlzRdsOracle = require('./blz-rds-oracle');
-const BlzRdsPostgres = require('./blz-rds-postgres');
-const BlzRedis = require('./blz-redis');
-const BlzRegex = require('./blz-regex');
-const BlzStrings = require('./blz-strings/index.js');
-const BlzUuid = require('./blz-uuid');
-const BlzYaml = require('./blz-yaml');
-const { getHealthStatus } = require('./blz-base/health/index.js');
-
-const rdsProvider = function(providerName){
-  return require('./blz-rds-' + providerName.toLowerCase() + '/index.js')
-}
-const getModulesNames = () => {
-  return [
-    'blz-base', 'blz-cache', 'blz-config', 'blz-core',
-    'blz-cryptography', 'blz-datetimes', 'blz-file',
-    'blz-hazelcast', 'blz-iterable', 'blz-json-schema',
-    'blz-jwt', 'blz-kafka', 'blz-math', 'blz-mongodb',
-    'blz-rds', 'blz-rds-mysql', 'blz-rds-mysqlx', 'blz-rds-oracle',
-    'blz-rds-postgres', 'blz-redis', 'blz-regex', 'blz-security',
-    'blz-strings', 'blz-uuid', 'blz-yaml'
-  ];
-}
-const getVersion = () => {
-  const pkg = require('./package.json');
-  return pkg.version || 'unknown';
-}
-module.exports = {
-  BlzBase,
-  BlzConfig,
-  BlzSecurity,
-  ProcessManagers,
-  Exception,
-  BlzCache,
-  BlzCore,
-  BlzCryptography,
-  BlzDatetimes,
-  BlzFile,
-  BlzHazelcast,
-  BlzIterable,
-  BlzJsonSchema,
-  BlzJwt,
-  BlzKafka,
-  BlzMath,
-  BlzMongodb,
-  // BlzProcesses,
-  BlzRds,
-  BlzRdsMysql,
-  BlzRdsMysqlx,
-  BlzRdsOracle,
-  BlzRdsPostgres,
-  BlzRedis,
-  BlzRegex,
-  BlzStrings,
-  BlzUuid,
-  BlzYaml,
-  getHealthStatus,
-  FileScanner,
-  rdsProvider,
-  getModulesNames,
-  getVersion
-};