albert/mrfrys-node-server
1
0
Fork 0
mirror of https://gitlab.com/MrFry/mrfrys-node-server synced 2025-04-01 20:24:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Sql injection fixes

Browse source
This commit is contained in:
mrfry 2022-03-20 08:01:10 +01:00
parent 799930b3e1
commit 3fe01eec9b
3 changed files with 12 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/utils/dbtools.ts
View file

@ -13,6 +13,7 @@ export default {
Insert: Insert,
CloseDB: CloseDB,
runStatement: runStatement,
sanitizeQuery: sanitizeQuery,
}
import Sqlite from 'better-sqlite3'
@ -21,14 +22,21 @@ import utils from '../utils/utils'
const debugLog = process.env.NS_SQL_DEBUG_LOG
function sanitizeQuery(val: string): string {
return val.replace(/'/g, '').replace(/;/g, '')
}
// { asd: 'asd', basd: 4 } => asd = 'asd', basd = 4
function GetSqlQuerry(conditions: any, type: string, joiner?: string) {
const res = Object.keys(conditions).reduce((acc, key) => {
const item = conditions[key]
const conditionKey = sanitizeQuery(key)
const condition = sanitizeQuery(conditions[key])
if (typeof item === 'string') {
acc.push(`${key} = '${conditions[key]}'`)
acc.push(`${conditionKey} = '${condition}'`)
} else {
acc.push(`${key} = ${conditions[key]}`)
acc.push(`${conditionKey} = ${condition}`)
}
return acc
}, [])