sanitize-json-parse
v1.1.2
Published
Simple module to aid debugging whether unsanitized `JSON.parse` output is used directly in database queries (or any sensitive method)
Downloads
10
Readme
Sanitize JSON Parse
Simple module to aid debugging whether unsanitized JSON.parse
output is
used directly in database queries (or any sensitive method)
WARNING: DO NOT USE IN PRODUCTION - USE FOR DEBUGGING ONLY
Methodology
This module monkey-patches JSON.parse
and traverses the output of the call.
Any Objects or Arrays are set to a global WeakMap
.
Any functions that are patched by the module will traverse the arguments to
check whether the raw arrays or objects produced by JSON.parse
are used in
the patched function.
Usage
The module exposes a single method - which can be called repeatedly to wrap any functions that you want to santize:
const sanitize = require("sanitize-json-parse")
const dbInstance = createDbInstance()
dbInstance.find = sanitize(dbInstance.find.bind(dbInstance))
In the above example dbInstance.find
will check whether any of the arguments
passed to it were created directly by JSON.parse. If a match is found the
function will throw an error.