spice-js 2.6.58 → 2.6.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/utility/RestHelper.js +6 -1
  3. package/src/utility/Security.js +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "spice-js",
3
- "version": "2.6.58",
3
+ "version": "2.6.60",
4
4
  "description": "spice",
5
5
  "main": "build/index.js",
6
6
  "repository": {
package/src/utility/RestHelper.js CHANGED
@@ -48,11 +48,16 @@ export default class RestHelper {
48
48
  }
49
49
  try {
50
50
  let download_type = ctx.request.query.format || "csv";
51
+ let include_id = ctx.request.query.include_id;
51
52
  let content;
52
53
  if (download_type == "csv") {
53
54
  const { flatten } = await import("flat");
55
+
54
56
  let items = _.map(ctx.data, (item) => {
55
- delete item._permissions_
57
+ if (!include_id || include_id == "false") {
58
+ delete item.id;
59
+ }
60
+ delete item._permissions_;
56
61
  return flatten(item);
57
62
  });
58
63
  let fields = _.union(
package/src/utility/Security.js CHANGED
@@ -19,7 +19,7 @@ export function hasSQLInjection(input) {
19
19
  "exec(", // Execution function in T-SQL
20
20
  "execute(", // Another execution function in T-SQL
21
21
  "xp_", // Extended stored procedures in T-SQL - often used in older SQL Server attacks
22
- "0x", // Hex encoding
22
+ "0x ", // Hex encoding
23
23
  "benchmark(", // MySQL benchmark function - can be used for time-based blind attacks
24
24
  "sleep(", // MySQL sleep function - can also be used for time-based blind attacks
25
25
  "pg_sleep(", // PostgreSQL sleep function - time-based blind attack