diff --git a/src/config.ts b/src/config.ts index 7cff619..bb417bc 100644 --- a/src/config.ts +++ b/src/config.ts @@ -30,7 +30,7 @@ export const config = { // http://mongodb.github.io/node-mongodb-native/3.1/api/MongoClient.html options: { connectTimeoutMS: 15000, - keepAlive: true, + // keepAlive: true, // keepAlive is not supported in later versions of mongodb noDelay: true, useNewUrlParser: true, }, diff --git a/src/stack.ts b/src/stack.ts index 0c274e6..9d0b80b 100644 --- a/src/stack.ts +++ b/src/stack.ts @@ -2017,6 +2017,9 @@ export class Stack { private async bindLeftoverAssets(queries: IQuery, locale: string, pointerList: IShelf[]) { // const contents = await readFile(getAssetsPath(locale) + '.json') + if (!this.sanitizeIQuery(queries)) { + throw new Error('Invalid queries provided'); + } const filteredAssets = await this.db.collection(getCollectionName({ content_type_uid: this.types.assets, locale, @@ -2096,6 +2099,9 @@ export class Stack { } private async getReferencePath(query, locale, currentInclude) { + if (!this.sanityQueryAny(query)) { + throw new Error('Invalid query provided'); + } const schemas = await this.db.collection(getCollectionName({ content_type_uid: this.types.content_types, locale, @@ -2184,6 +2190,9 @@ export class Stack { private async fetchEntries(query: IQuery, locale: string, paths: string[], include: string[], includeAll: boolean = false) { + if (!this.sanitizeIQuery(query)) { + throw new Error('Invalid queries provided'); + } const result = await this.db.collection(getCollectionName({ content_type_uid: 'entries', locale, @@ -2376,5 +2385,30 @@ export class Stack { paths, } } - // tslint:disable-next-line: max-file-line-count + + private sanitizeIQuery(query: IQuery): boolean { + if (!query || typeof query !== 'object' || Array.isArray(query)) { + return false; + } + if (!query || !Array.isArray(query.$or)) { + return false; + } + for (const item of query.$or) { + if ( + typeof item._content_type_uid !== 'string' || + typeof item.uid !== 'string' || + (item._version && typeof item._version.$exists !== 'boolean') || + (item.locale && typeof item.locale !== 'string') + ) { + return false; + } + } + return true; + } + private sanityQueryAny(query: any): boolean { + if (!query || typeof query !== 'object' || Array.isArray(query)) { + return false; + } + return true; + } } diff --git a/test/expressions.ts b/test/expressions.ts index 5fb5193..9e4e02f 100644 --- a/test/expressions.ts +++ b/test/expressions.ts @@ -90,7 +90,7 @@ describe('# Expressional Operators', () => { test('.regex()', () => { return Stack.contentType('blog') .entries() - .regex('title', '/^Blog Two$/', 'g') + .regex('title', '/^Blog Two$/', 'i') .find() .then((result: any) => { checkEntries(result) diff --git a/typings/config.d.ts b/typings/config.d.ts index 7150361..29600fa 100644 --- a/typings/config.d.ts +++ b/typings/config.d.ts @@ -28,7 +28,6 @@ export declare const config: { locale: string; options: { connectTimeoutMS: number; - keepAlive: boolean; noDelay: boolean; useNewUrlParser: boolean; }; diff --git a/typings/stack.d.ts b/typings/stack.d.ts index 686c76e..534a533 100644 --- a/typings/stack.d.ts +++ b/typings/stack.d.ts @@ -1092,4 +1092,6 @@ export declare class Stack { private bindReferences; private includeAllReferencesIteration; private getAllReferencePaths; + private sanitizeIQuery; + private sanityQueryAny; }