sanitized the required inputs and updated cconfig to run test cases

src/config.ts

@@ -30,7 +30,7 @@ export const config = {
     // http://mongodb.github.io/node-mongodb-native/3.1/api/MongoClient.html
     options: {
       connectTimeoutMS: 15000,
-      keepAlive: true,
+      // keepAlive: true, // keepAlive is not supported in later versions of mongodb
       noDelay: true,
       useNewUrlParser: true,
     },

src/stack.ts

@@ -2017,6 +2017,9 @@ export class Stack {
 
   private async bindLeftoverAssets(queries: IQuery, locale: string, pointerList: IShelf[]) {
     // const contents = await readFile(getAssetsPath(locale) + '.json')
+    if (!this.sanitizeIQuery(queries)) {
+      throw new Error('Invalid queries provided');
+    }
     const filteredAssets = await this.db.collection(getCollectionName({
       content_type_uid: this.types.assets,
       locale,
@@ -2096,6 +2099,9 @@ export class Stack {
   }
 
   private async getReferencePath(query, locale, currentInclude) {
+    if (!this.sanityQueryAny(query)) {
+      throw new Error('Invalid query provided');
+    }
     const schemas = await this.db.collection(getCollectionName({
         content_type_uid: this.types.content_types,
         locale,
@@ -2184,6 +2190,9 @@ export class Stack {
 
   private async fetchEntries(query: IQuery, locale: string, paths: string[], include: string[], includeAll:
     boolean = false) {
+    if (!this.sanitizeIQuery(query)) {
+      throw new Error('Invalid queries provided');
+    }
     const result = await this.db.collection(getCollectionName({
         content_type_uid: 'entries',
         locale,
@@ -2376,5 +2385,30 @@ export class Stack {
       paths,
     }
   }
-  // tslint:disable-next-line: max-file-line-count
+
+  private sanitizeIQuery(query: IQuery): boolean {
+    if (!query || typeof query !== 'object' || Array.isArray(query)) {
+      return false;
+    }
+    if (!query || !Array.isArray(query.$or)) {
+      return false;
+    }
+    for (const item of query.$or) {
+      if (
+        typeof item._content_type_uid !== 'string' ||
+        typeof item.uid !== 'string' ||
+        (item._version && typeof item._version.$exists !== 'boolean') ||
+        (item.locale && typeof item.locale !== 'string')
+      ) {
+        return false;
+      }
+    }
+    return true;
+  }
+  private sanityQueryAny(query: any): boolean {
+    if (!query || typeof query !== 'object' || Array.isArray(query)) {
+      return false;
+    }
+    return true;
+  }
 }

test/expressions.ts

@@ -90,7 +90,7 @@ describe('# Expressional Operators', () => {
     test('.regex()', () => {
       return Stack.contentType('blog')
         .entries()
-        .regex('title', '/^Blog Two$/', 'g')
+        .regex('title', '/^Blog Two$/', 'i')
         .find()
         .then((result: any) => {
           checkEntries(result)

typings/config.d.ts

@@ -28,7 +28,6 @@ export declare const config: {
         locale: string;
         options: {
             connectTimeoutMS: number;
-            keepAlive: boolean;
             noDelay: boolean;
             useNewUrlParser: boolean;
         };

typings/stack.d.ts

@@ -1092,4 +1092,6 @@ export declare class Stack {
     private bindReferences;
     private includeAllReferencesIteration;
     private getAllReferencePaths;
+    private sanitizeIQuery;
+    private sanityQueryAny;
 }