ac-sanitizer 4.0.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +20 -0
  2. package/index.js +3 -1
  3. package/package.json +3 -3
  4. package/test/tests/array.js +8 -1
  5. package/test/tests/object.js +20 -0
package/CHANGELOG.md CHANGED
@@ -1,3 +1,23 @@
1
+ <a name="4.0.1"></a>
2
+
3
+ ## [4.0.1](https://github.com/mmpro/ac-sanitizer/compare/v4.0.0..v4.0.1) (2023-04-18 18:38:15)
4
+
5
+
6
+ ### Bug Fix
7
+
8
+ * **App:** Sanitize array of objects | MP | [c00ea6869a250672b1af1f1c1520223686cc59b9](https://github.com/mmpro/ac-sanitizer/commit/c00ea6869a250672b1af1f1c1520223686cc59b9)
9
+ Make sure to sanitize (remove non-defined properties from) array of objects
10
+ Related issues: [undefined/undefined#master](undefined/browse/master)
11
+ ### Tests
12
+
13
+ * **App:** Added test for array of objects | MP | [7c3b698a09ef48398b95fdacc22542b14ef5cd30](https://github.com/mmpro/ac-sanitizer/commit/7c3b698a09ef48398b95fdacc22542b14ef5cd30)
14
+ Added test for array of objects
15
+ Related issues: [undefined/undefined#master](undefined/browse/master)
16
+ ### Chores
17
+
18
+ * **App:** Updated packages | MP | [40d542dced814eebb74d384d999532f3e1c718ed](https://github.com/mmpro/ac-sanitizer/commit/40d542dced814eebb74d384d999532f3e1c718ed)
19
+ Updated packages
20
+ Related issues: [undefined/undefined#master](undefined/browse/master)
1
21
  <a name="4.0.0"></a>
2
22
 
3
23
  ## [4.0.0](https://github.com/mmpro/ac-sanitizer/compare/v3.10.7..v4.0.0) (2023-03-30 16:00:08)
package/index.js CHANGED
@@ -265,7 +265,7 @@ const sanitizer = function() {
265
265
  else if (field.minSize && _.size(value) < field.minSize) error = { message: fieldName + '_minSizeBoundary', additionalInfo: { minSize: field.minSize } }
266
266
  else if (field.valueType) {
267
267
  // very value of the array must be of this type
268
- _.every(value, v => {
268
+ _.every(value, (v, index, value) => {
269
269
  const fieldsToCheck = {
270
270
  params: {},
271
271
  fields: [{ field: fieldName, type: _.get(field, 'valueType'), properties: _.get(field, 'properties'), wildcardAllowed: _.get(field, 'wildcardAllowed') }]
@@ -276,6 +276,8 @@ const sanitizer = function() {
276
276
  error = { message: fieldName + '_atLeastOneValueFailed', additionalInfo: { error: _.get(check, 'error'), value: v, type: _.get(field, 'valueType') } }
277
277
  return false
278
278
  }
279
+ // set the sanitized value
280
+ value[index] = _.get(check, `params.${fieldName}`)
279
281
  return true
280
282
  })
281
283
  }
package/package.json CHANGED
@@ -4,7 +4,7 @@
4
4
  "author": "Mark Poepping (https://www.admiralcloud.com)",
5
5
  "license": "MIT",
6
6
  "repository": "admiralcloud/ac-sanitizer",
7
- "version": "4.0.0",
7
+ "version": "4.0.1",
8
8
  "homepage": "https://www.admiralcloud.com",
9
9
  "dependencies": {
10
10
  "ac-countrylist": "^1.0.7",
@@ -17,8 +17,8 @@
17
17
  "validator": "^13.9.0"
18
18
  },
19
19
  "devDependencies": {
20
- "ac-semantic-release": "^0.3.5",
21
- "eslint": "^8.37.0",
20
+ "ac-semantic-release": "^0.4.0",
21
+ "eslint": "^8.38.0",
22
22
  "mocha": "^10.2.0",
23
23
  "nyc": "^15.1.0"
24
24
  },
package/test/tests/array.js CHANGED
@@ -30,6 +30,13 @@ module.exports = {
30
30
  { name: 'Array of fileExtensions - contains invalid', type: 'array', valueType: 'fileExtension', value: ['jpg', 'textimage'], error: 'array_atLeastOneValueFailed' },
31
31
  { name: 'Array of objects - valid', type: 'array', value: [{ 'createdAt': 'asc' }], enum: [{ 'createdAt': 'asc' }], expected: [{ 'createdAt': 'asc' }] },
32
32
  { name: 'Array of objects - invalid', type: 'array', value: [{ 'createdAt': 'desc' }], enum: [{ 'createdAt': 'asc' }], error: 'array_notAnAllowedValue' },
33
+ { name: 'Array of objects - check that object payload is sanitized',
34
+ type: 'array',
35
+ valueType: 'object',
36
+ properties: [{ field: 'p1', type: 'string' }],
37
+ value: [{ p1: 'isAString', p2: 'shouldBeRemoved' }, { p1: 'isAString2', p2: 'shouldBeRemoved2' }],
38
+ expected: [{ p1: 'isAString' }, { p1: 'isAString2' }]
39
+ }
33
40
  ]
34
41
 
35
42
 
@@ -40,7 +47,7 @@ module.exports = {
40
47
  array: _.get(test, 'value')
41
48
  },
42
49
  fields: [
43
- { field: 'array', type: _.get(test, 'type'), required: _.get(test, 'required'), valueType: _.get(test, 'valueType'), minSize: _.get(test, 'minSize'), maxSize: _.get(test, 'maxSize') }
50
+ { field: 'array', type: _.get(test, 'type'), required: _.get(test, 'required'), valueType: _.get(test, 'valueType'), minSize: _.get(test, 'minSize'), maxSize: _.get(test, 'maxSize'), properties: _.get(test, "properties")}
44
51
  ]
45
52
  }
46
53
  if (test.enum) {
package/test/tests/object.js CHANGED
@@ -33,6 +33,26 @@ module.exports = {
33
33
  enum: "blue",
34
34
  },
35
35
  },
36
+ {
37
+ name: "Object with non-allowed properties - should be removed from payload by sanitizer",
38
+ type: "object",
39
+ properties: [
40
+ { field: "settings", type: "object", properties:[
41
+ { field: 'allowed', type: 'boolean' }
42
+ ] },
43
+ ],
44
+ value: {
45
+ settings: {
46
+ allowed: true,
47
+ notAllowed: true
48
+ }
49
+ },
50
+ expected: {
51
+ settings: {
52
+ allowed: true
53
+ }
54
+ }
55
+ },
36
56
  {
37
57
  name: "Object with non-allowed properties - do not ignore in strict mode",
38
58
  type: "object",