@ukhomeoffice/cop-react-form-renderer 5.19.2 → 5.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -17,6 +17,7 @@ var _mustBeLessThan = _interopRequireDefault(require("./mustBeLessThan"));
|
|
|
17
17
|
var _mustBeNumbersOnly = _interopRequireDefault(require("./mustBeNumbersOnly"));
|
|
18
18
|
var _mustEnterAtLeastOne = _interopRequireDefault(require("./mustEnterAtLeastOne"));
|
|
19
19
|
var _mustHaveLessThanDecimalPlaces = _interopRequireDefault(require("./mustHaveLessThanDecimalPlaces"));
|
|
20
|
+
var _mustNotContainSql = _interopRequireDefault(require("./mustNotContainSql"));
|
|
20
21
|
var _mustSelectOnlyOne = _interopRequireDefault(require("./mustSelectOnlyOne"));
|
|
21
22
|
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
22
23
|
// Local imports
|
|
@@ -26,15 +27,16 @@ var functions = {
|
|
|
26
27
|
mustBeAfter: _mustBeAfter.default,
|
|
27
28
|
mustBeBefore: _mustBeBefore.default,
|
|
28
29
|
mustBeEarlierDateTime: _mustBeEarlierDateTime.default,
|
|
29
|
-
|
|
30
|
+
mustBeGreaterThan: _mustBeGreaterThan.default,
|
|
30
31
|
mustBeInTheFuture: _mustBeInTheFuture.default,
|
|
32
|
+
mustBeInThePast: _mustBeInThePast.default,
|
|
33
|
+
mustBeLessThan: _mustBeLessThan.default,
|
|
31
34
|
mustBeLongerThan: _mustBeLongerThan.default,
|
|
35
|
+
mustBeNumbersOnly: _mustBeNumbersOnly.default,
|
|
32
36
|
mustBeShorterThan: _mustBeShorterThan.default,
|
|
33
37
|
mustEnterAtLeastOne: _mustEnterAtLeastOne.default,
|
|
34
|
-
mustBeNumbersOnly: _mustBeNumbersOnly.default,
|
|
35
|
-
mustBeLessThan: _mustBeLessThan.default,
|
|
36
|
-
mustBeGreaterThan: _mustBeGreaterThan.default,
|
|
37
38
|
mustHaveLessThanDecimalPlaces: _mustHaveLessThanDecimalPlaces.default,
|
|
39
|
+
mustNotContainSql: _mustNotContainSql.default,
|
|
38
40
|
mustSelectOnlyOne: _mustSelectOnlyOne.default
|
|
39
41
|
};
|
|
40
42
|
var additionalValidation = function additionalValidation(value, config, component) {
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.default = void 0;
|
|
7
|
+
function _typeof(obj) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) { return typeof obj; } : function (obj) { return obj && "function" == typeof Symbol && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; }, _typeof(obj); }
|
|
8
|
+
// NOTE: SQL RegEx reference:
|
|
9
|
+
// http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks
|
|
10
|
+
var SQL_COMBINED = /(%27)|(')|(--)|(%23)|(#)|((%3D)|(=))[^\n]*((%27)|(')|(--)|(%3B)|(;))|w*((%27)|('))((%6F)|o|(%4F))((%72)|r|(%52))|((%27)|('))union/i;
|
|
11
|
+
var mustNotContainSql = function mustNotContainSql(value) {
|
|
12
|
+
// eslint-disable-next-line no-extra-boolean-cast
|
|
13
|
+
if (!!value) {
|
|
14
|
+
var string = _typeof(value) === 'object' ? JSON.stringify(value) : String(value);
|
|
15
|
+
return !SQL_COMBINED.test(string);
|
|
16
|
+
}
|
|
17
|
+
return false;
|
|
18
|
+
};
|
|
19
|
+
var _default = mustNotContainSql;
|
|
20
|
+
exports.default = _default;
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
var _mustNotContainSql = _interopRequireDefault(require("./mustNotContainSql"));
|
|
4
|
+
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
5
|
+
describe('utils', function () {
|
|
6
|
+
describe('Validate', function () {
|
|
7
|
+
describe('additional', function () {
|
|
8
|
+
describe('mustNotContainSql', function () {
|
|
9
|
+
test('should return true given a string not containing sql characters', function () {
|
|
10
|
+
var result = (0, _mustNotContainSql.default)('test');
|
|
11
|
+
expect(result).toEqual(true);
|
|
12
|
+
});
|
|
13
|
+
test('should return true given non-string datatype is converted to string', function () {
|
|
14
|
+
var result = (0, _mustNotContainSql.default)(123);
|
|
15
|
+
expect(result).toEqual(true);
|
|
16
|
+
});
|
|
17
|
+
test('should return false given a string containing sql characters', function () {
|
|
18
|
+
var result = (0, _mustNotContainSql.default)("test' OR '1'='1'");
|
|
19
|
+
expect(result).toEqual(false);
|
|
20
|
+
});
|
|
21
|
+
test('should return false given string is null', function () {
|
|
22
|
+
var result = (0, _mustNotContainSql.default)(null);
|
|
23
|
+
expect(result).toEqual(false);
|
|
24
|
+
});
|
|
25
|
+
test('should return false given string is not defined', function () {
|
|
26
|
+
var result = (0, _mustNotContainSql.default)(undefined);
|
|
27
|
+
expect(result).toEqual(false);
|
|
28
|
+
});
|
|
29
|
+
});
|
|
30
|
+
});
|
|
31
|
+
});
|
|
32
|
+
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ukhomeoffice/cop-react-form-renderer",
|
|
3
|
-
"version": "5.
|
|
3
|
+
"version": "5.20.1",
|
|
4
4
|
"private": false,
|
|
5
5
|
"scripts": {
|
|
6
6
|
"clean": "rimraf dist",
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
"post-compile": "rimraf dist/*.test.* dist/**/*.test.* dist/**/*.stories.* dist/docs dist/assets"
|
|
17
17
|
},
|
|
18
18
|
"dependencies": {
|
|
19
|
-
"@ukhomeoffice/cop-react-components": "^3.
|
|
19
|
+
"@ukhomeoffice/cop-react-components": "^3.9.0",
|
|
20
20
|
"axios": "^0.23.0",
|
|
21
21
|
"dayjs": "^1.11.0",
|
|
22
22
|
"govuk-frontend": "^4.3.1",
|