hppx 0.1.10 → 0.2.3

package/dist/index.cjs

@@ -23,6 +23,7 @@ __export(index_exports, {
   DANGEROUS_KEYS: () => DANGEROUS_KEYS,
   DEFAULT_SOURCES: () => DEFAULT_SOURCES,
   DEFAULT_STRATEGY: () => DEFAULT_STRATEGY,
+  __resetPathSegmentCache: () => __resetPathSegmentCache,
   default: () => hppx,
   sanitize: () => sanitize
 });
@@ -30,6 +31,7 @@ module.exports = __toCommonJS(index_exports);
 var DEFAULT_SOURCES = ["query", "body", "params"];
 var DEFAULT_STRATEGY = "keepLast";
 var DANGEROUS_KEYS = /* @__PURE__ */ new Set(["__proto__", "prototype", "constructor"]);
+var FORBIDDEN_KEY_CHARS = /[\u0000-\u001F\u007F-\u009F\u200E\u200F\u202A-\u202E\u2066-\u2069\uFEFF]/;
 function isPlainObject(value) {
   if (value === null || typeof value !== "object") return false;
   const proto = Object.getPrototypeOf(value);
@@ -38,23 +40,28 @@ function isPlainObject(value) {
 function sanitizeKey(key, maxKeyLength) {
   if (typeof key !== "string") return null;
   if (DANGEROUS_KEYS.has(key)) return null;
-  if (key.includes("\0")) return null;
+  if (FORBIDDEN_KEY_CHARS.test(key)) return null;
   const maxLen = maxKeyLength ?? 200;
   if (key.length > maxLen) return null;
   if (key.length > 1 && /^[.\[\]]+$/.test(key)) return null;
   return key;
 }
+var PATH_SEGMENT_CACHE_LIMIT = 500;
 var pathSegmentCache = /* @__PURE__ */ new Map();
 function parsePathSegments(key) {
   const cached = pathSegmentCache.get(key);
   if (cached) return cached;
   const dotted = key.replace(/\]/g, "").replace(/\[/g, ".");
   const result = dotted.split(".").filter((s) => s.length > 0);
-  if (pathSegmentCache.size < 500) {
-    pathSegmentCache.set(key, result);
+  if (pathSegmentCache.size >= PATH_SEGMENT_CACHE_LIMIT) {
+    pathSegmentCache.clear();
   }
+  pathSegmentCache.set(key, result);
   return result;
 }
+function __resetPathSegmentCache() {
+  pathSegmentCache.clear();
+}
 function expandObjectPaths(obj, maxKeyLength, maxDepth = 20, currentDepth = 0, seen) {
   if (currentDepth > maxDepth) {
     throw new Error(`Maximum object depth (${maxDepth}) exceeded`);
@@ -62,35 +69,36 @@ function expandObjectPaths(obj, maxKeyLength, maxDepth = 20, currentDepth = 0, s
   const seenSet = seen ?? /* @__PURE__ */ new WeakSet();
   if (seenSet.has(obj)) return {};
   seenSet.add(obj);
-  const result = {};
-  for (const rawKey of Object.keys(obj)) {
-    const safeKey = sanitizeKey(rawKey, maxKeyLength);
-    if (!safeKey) continue;
-    const value = obj[rawKey];
-    const expandedValue = isPlainObject(value) ? expandObjectPaths(
-      value,
-      maxKeyLength,
-      maxDepth,
-      currentDepth + 1,
-      seenSet
-    ) : value;
-    if (safeKey.includes(".") || safeKey.includes("[")) {
-      const segments = parsePathSegments(safeKey);
-      if (segments.length > 0) {
-        setIn(result, segments, expandedValue);
-        continue;
+  try {
+    const result = {};
+    for (const rawKey of Object.keys(obj)) {
+      const safeKey = sanitizeKey(rawKey, maxKeyLength);
+      if (!safeKey) continue;
+      const value = obj[rawKey];
+      const expandedValue = isPlainObject(value) ? expandObjectPaths(
+        value,
+        maxKeyLength,
+        maxDepth,
+        currentDepth + 1,
+        seenSet
+      ) : value;
+      if (safeKey.includes(".") || safeKey.includes("[")) {
+        const segments = parsePathSegments(safeKey);
+        if (segments.length > 0) {
+          setIn(result, segments, expandedValue);
+          continue;
+        }
       }
+      result[safeKey] = expandedValue;
     }
-    result[safeKey] = expandedValue;
+    return result;
+  } finally {
+    seenSet.delete(obj);
   }
-  return result;
 }
-function setReqPropertySafe(target, key, value) {
+function setReqPropertySafe(target, key, value, onFailure) {
   try {
     const desc = Object.getOwnPropertyDescriptor(target, key);
-    if (desc && desc.configurable === false && desc.writable === false) {
-      return;
-    }
     if (!desc || desc.configurable !== false) {
       Object.defineProperty(target, key, {
         value,
@@ -98,13 +106,35 @@ function setReqPropertySafe(target, key, value) {
         configurable: true,
         enumerable: true
       });
-      return;
+      return true;
+    }
+    if (desc.writable) {
+      target[key] = value;
+      return true;
+    }
+    try {
+      target[key] = value;
+      if (target[key] === value) return true;
+    } catch (_assignErr) {
+    }
+    if (onFailure) {
+      onFailure(
+        `[hppx] Could not write sanitized value to req.${key}: property is non-configurable and non-writable. The original (potentially polluted) value remains on req.${key}.`
+      );
+    }
+    return false;
+  } catch (_definePropErr) {
+    try {
+      target[key] = value;
+      if (target[key] === value) return true;
+    } catch (_assignErr) {
+    }
+    {
+      if (onFailure) {
+        onFailure(`[hppx] Could not write sanitized value to req.${key}: defineProperty failed.`);
+      }
+      return false;
     }
-  } catch (_) {
-  }
-  try {
-    target[key] = value;
-  } catch (_) {
   }
 }
 function safeDeepClone(input, maxKeyLength, maxArrayLength, maxDepth = 20, currentDepth = 0, seen) {
@@ -115,11 +145,15 @@ function safeDeepClone(input, maxKeyLength, maxArrayLength, maxDepth = 20, curre
     const seenSet = seen ?? /* @__PURE__ */ new WeakSet();
     if (seenSet.has(input)) return [];
     seenSet.add(input);
-    const limit = maxArrayLength ?? 1e3;
-    const limited = input.slice(0, limit);
-    return limited.map(
-      (v) => safeDeepClone(v, maxKeyLength, maxArrayLength, maxDepth, currentDepth + 1, seenSet)
-    );
+    try {
+      const limit = maxArrayLength ?? 1e3;
+      const limited = input.slice(0, limit);
+      return limited.map(
+        (v) => safeDeepClone(v, maxKeyLength, maxArrayLength, maxDepth, currentDepth + 1, seenSet)
+      );
+    } finally {
+      seenSet.delete(input);
+    }
   }
   if (isPlainObject(input)) {
     if (currentDepth > maxDepth) {
@@ -128,19 +162,23 @@ function safeDeepClone(input, maxKeyLength, maxArrayLength, maxDepth = 20, curre
     const seenSet = seen ?? /* @__PURE__ */ new WeakSet();
     if (seenSet.has(input)) return {};
     seenSet.add(input);
-    const out = {};
-    for (const k of Object.keys(input)) {
-      if (!sanitizeKey(k, maxKeyLength)) continue;
-      out[k] = safeDeepClone(
-        input[k],
-        maxKeyLength,
-        maxArrayLength,
-        maxDepth,
-        currentDepth + 1,
-        seenSet
-      );
+    try {
+      const out = {};
+      for (const k of Object.keys(input)) {
+        if (!sanitizeKey(k, maxKeyLength)) continue;
+        out[k] = safeDeepClone(
+          input[k],
+          maxKeyLength,
+          maxArrayLength,
+          maxDepth,
+          currentDepth + 1,
+          seenSet
+        );
+      }
+      return out;
+    } finally {
+      seenSet.delete(input);
     }
-    return out;
   }
   return input;
 }
@@ -156,9 +194,15 @@ function mergeValues(values, strategy) {
         else acc.push(v);
         return acc;
       }, []);
-    /* istanbul ignore next -- unreachable: strategy is validated before reaching mergeValues */
-    default:
-      return values[values.length - 1];
+    /* istanbul ignore next -- exhaustiveness check unreachable from outside:
+       validateSanitizeOptions rejects every non-listed strategy at construction
+       time, so the only way to reach this branch is a programmer error (a new
+       MergeStrategy union member added without updating this switch). Failing
+       loudly here is preferable to a silent fallback. */
+    default: {
+      const _exhaustive = strategy;
+      throw new Error(`Unknown mergeStrategy: ${_exhaustive}`);
+    }
   }
 }
 function isUrlEncodedContentType(req) {
@@ -182,6 +226,7 @@ function normalizeWhitelist(whitelist) {
   if (typeof whitelist === "string") return [whitelist];
   return whitelist.filter((w) => typeof w === "string");
 }
+var WHITELIST_PATH_CACHE_LIMIT = 1e3;
 function buildWhitelistHelpers(whitelist) {
   const exact = new Set(whitelist);
   const prefixes = whitelist.filter((w) => w.length > 0);
@@ -207,9 +252,10 @@ function buildWhitelistHelpers(whitelist) {
           }
         }
       }
-      if (pathCache.size < 1e3) {
-        pathCache.set(full, result);
+      if (pathCache.size >= WHITELIST_PATH_CACHE_LIMIT) {
+        pathCache.clear();
       }
+      pathCache.set(full, result);
       return result;
     }
   };
@@ -257,25 +303,18 @@ function moveWhitelistedFromPolluted(reqPart, polluted, isWhitelisted) {
 function detectAndReduce(input, opts) {
   let keyCount = 0;
   const polluted = {};
-  const pollutedKeys = [];
-  function processNode(node, path = [], depth = 0) {
+  const pollutedKeysSet = /* @__PURE__ */ new Set();
+  const cloned = safeDeepClone(input, opts.maxKeyLength, opts.maxArrayLength, opts.maxDepth);
+  function processNode(node, path = [], depth = 0, inArray = false) {
     if (node === null) return opts.preserveNull ? null : void 0;
     if (node === void 0) return node;
     if (Array.isArray(node)) {
-      const limit = opts.maxArrayLength ?? 1e3;
-      const limitedNode = node.slice(0, limit);
-      const mapped = limitedNode.map((v) => processNode(v, path, depth));
-      if (opts.mergeStrategy === "combine") {
-        return mergeValues(mapped, "combine");
+      const mapped = node.map((v) => processNode(v, path, depth, true));
+      if (!inArray) {
+        setIn(polluted, path, node);
+        pollutedKeysSet.add(path.join("."));
       }
-      setIn(
-        polluted,
-        path,
-        safeDeepClone(limitedNode, opts.maxKeyLength, opts.maxArrayLength, opts.maxDepth)
-      );
-      pollutedKeys.push(path.join("."));
-      const reduced = mergeValues(mapped, opts.mergeStrategy);
-      return reduced;
+      return mergeValues(mapped, opts.mergeStrategy);
     }
     if (isPlainObject(node)) {
       if (depth > opts.maxDepth)
@@ -290,7 +329,7 @@ function detectAndReduce(input, opts) {
         if (!safeKey) continue;
         const child = node[rawKey];
         const childPath = path.concat([safeKey]);
-        let value = processNode(child, childPath, depth + 1);
+        let value = processNode(child, childPath, depth + 1, false);
         if (typeof value === "string" && opts.trimValues) value = value.trim();
         out[safeKey] = value;
       }
@@ -298,9 +337,8 @@ function detectAndReduce(input, opts) {
     }
     return node;
   }
-  const cloned = safeDeepClone(input, opts.maxKeyLength, opts.maxArrayLength, opts.maxDepth);
-  const cleaned = processNode(cloned, [], 0);
-  return { cleaned, pollutedTree: polluted, pollutedKeys };
+  const cleaned = processNode(cloned, [], 0, false);
+  return { cleaned, pollutedTree: polluted, pollutedKeys: Array.from(pollutedKeysSet) };
 }
 function sanitize(input, options = {}) {
   validateSanitizeOptions(options);
@@ -345,6 +383,24 @@ function validateSanitizeOptions(options) {
   if (options.mergeStrategy !== void 0 && !["keepFirst", "keepLast", "combine"].includes(options.mergeStrategy)) {
     throw new TypeError("mergeStrategy must be 'keepFirst', 'keepLast', or 'combine'");
   }
+  if (options.trimValues !== void 0 && typeof options.trimValues !== "boolean") {
+    throw new TypeError("trimValues must be a boolean");
+  }
+  if (options.preserveNull !== void 0 && typeof options.preserveNull !== "boolean") {
+    throw new TypeError("preserveNull must be a boolean");
+  }
+  if (options.whitelist !== void 0) {
+    if (typeof options.whitelist !== "string" && !Array.isArray(options.whitelist)) {
+      throw new TypeError("whitelist must be a string or an array of strings");
+    }
+    if (Array.isArray(options.whitelist)) {
+      for (const entry of options.whitelist) {
+        if (typeof entry !== "string") {
+          throw new TypeError("whitelist must be a string or an array of strings");
+        }
+      }
+    }
+  }
 }
 function validateOptions(options) {
   validateSanitizeOptions(options);
@@ -352,6 +408,9 @@ function validateOptions(options) {
     throw new TypeError("sources must be an array");
   }
   if (options.sources !== void 0) {
+    if (options.sources.length === 0) {
+      throw new TypeError("sources must contain at least one of 'query', 'body', 'params'");
+    }
     for (const source of options.sources) {
       if (!["query", "body", "params"].includes(source)) {
         throw new TypeError("sources must only contain 'query', 'body', or 'params'");
@@ -361,8 +420,15 @@ function validateOptions(options) {
   if (options.checkBodyContentType !== void 0 && !["urlencoded", "any", "none"].includes(options.checkBodyContentType)) {
     throw new TypeError("checkBodyContentType must be 'urlencoded', 'any', or 'none'");
   }
-  if (options.excludePaths !== void 0 && !Array.isArray(options.excludePaths)) {
-    throw new TypeError("excludePaths must be an array");
+  if (options.excludePaths !== void 0) {
+    if (!Array.isArray(options.excludePaths)) {
+      throw new TypeError("excludePaths must be an array");
+    }
+    for (const entry of options.excludePaths) {
+      if (typeof entry !== "string") {
+        throw new TypeError("excludePaths must contain only strings");
+      }
+    }
   }
   if (options.logger !== void 0 && typeof options.logger !== "function") {
     throw new TypeError("logger must be a function");
@@ -370,6 +436,12 @@ function validateOptions(options) {
   if (options.onPollutionDetected !== void 0 && typeof options.onPollutionDetected !== "function") {
     throw new TypeError("onPollutionDetected must be a function");
   }
+  if (options.strict !== void 0 && typeof options.strict !== "boolean") {
+    throw new TypeError("strict must be a boolean");
+  }
+  if (options.logPollution !== void 0 && typeof options.logPollution !== "boolean") {
+    throw new TypeError("logPollution must be a boolean");
+  }
 }
 function hppx(options = {}) {
   validateOptions(options);
@@ -394,9 +466,39 @@ function hppx(options = {}) {
   const { isWhitelistedPath } = buildWhitelistHelpers(whitelistArr);
   return function hppxMiddleware(req, res, next) {
     try {
-      if (shouldExcludePath(req?.path, excludePaths)) return next();
+      let pathForExclusion;
+      try {
+        pathForExclusion = req?.path;
+      } catch (pathErr) {
+        const message = `[hppx] Failed to read req.path during exclusion check; proceeding without path-based exclusion. Underlying error: ${pathErr instanceof Error ? pathErr.message : String(pathErr)}`;
+        if (logger) {
+          try {
+            logger(message);
+          } catch (_) {
+            console.warn(message);
+          }
+        } else {
+          console.warn(message);
+        }
+        pathForExclusion = void 0;
+      }
+      if (shouldExcludePath(pathForExclusion, excludePaths)) return next();
       let anyPollutionDetected = false;
       const allPollutedKeys = [];
+      const warned = /* @__PURE__ */ new Set();
+      const warn = (message) => {
+        if (warned.has(message)) return;
+        warned.add(message);
+        if (logger) {
+          try {
+            logger(message);
+          } catch (_) {
+            console.warn(message);
+          }
+        } else {
+          console.warn(message);
+        }
+      };
       for (const source of sources) {
         if (!req || typeof req !== "object") break;
         if (req[source] === void 0) continue;
@@ -409,7 +511,7 @@ function hppx(options = {}) {
         const expandedPart = expandObjectPaths(part, maxKeyLength, maxDepth);
         const pollutedKey = `${source}Polluted`;
         const processedKey = `__hppxProcessed_${source}`;
-        const hasProcessedBefore = Boolean(req[processedKey]);
+        const hasProcessedBefore = Object.prototype.hasOwnProperty.call(req, processedKey);
         if (!hasProcessedBefore) {
           const { cleaned, pollutedTree, pollutedKeys } = detectAndReduce(expandedPart, {
             mergeStrategy,
@@ -420,9 +522,21 @@ function hppx(options = {}) {
             trimValues,
             preserveNull
           });
-          setReqPropertySafe(req, source, cleaned);
-          setReqPropertySafe(req, pollutedKey, pollutedTree);
-          req[processedKey] = true;
+          setReqPropertySafe(req, source, cleaned, warn);
+          setReqPropertySafe(req, pollutedKey, pollutedTree, warn);
+          try {
+            Object.defineProperty(req, processedKey, {
+              value: true,
+              writable: false,
+              configurable: false,
+              enumerable: false
+            });
+          } catch (_) {
+            try {
+              req[processedKey] = true;
+            } catch (_assignErr) {
+            }
+          }
           const sourceData = req[source];
           const pollutedData = req[pollutedKey];
           if (isPlainObject(sourceData) && isPlainObject(pollutedData)) {
@@ -489,10 +603,8 @@ function hppx(options = {}) {
         try {
           logger(error);
         } catch (logErr) {
-          if (process.env.NODE_ENV !== "production") {
-            console.error("[hppx] Logger failed:", logErr);
-            console.error("[hppx] Original error:", error);
-          }
+          console.error("[hppx] Logger failed:", logErr);
+          console.error("[hppx] Original error:", error);
         }
       }
       return next(error);
@@ -504,6 +616,7 @@ function hppx(options = {}) {
   DANGEROUS_KEYS,
   DEFAULT_SOURCES,
   DEFAULT_STRATEGY,
+  __resetPathSegmentCache,
   sanitize
 });
 if (module.exports.default) { module.exports = Object.assign(module.exports.default, module.exports); }