https://github.com/herom/mongo-interceptor
MongoDB (String) intrusion detector
https://github.com/herom/mongo-interceptor
escape intrusion-detector mongo-interceptor mongodb
Last synced: about 2 months ago
JSON representation
MongoDB (String) intrusion detector
- Host: GitHub
- URL: https://github.com/herom/mongo-interceptor
- Owner: herom
- License: mit
- Created: 2017-03-06T20:30:01.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2017-03-24T20:07:19.000Z (over 8 years ago)
- Last Synced: 2024-12-04T09:23:43.901Z (10 months ago)
- Topics: escape, intrusion-detector, mongo-interceptor, mongodb
- Language: JavaScript
- Size: 22.5 KB
- Stars: 3
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# mongo-interceptor
MongoDB (String) intrusion detector
[](https://travis-ci.org/herom/mongo-interceptor)
## Installation
Install with `npm install --save mongo-interceptor`
## Usage
Require the package like you always do: `var mongoInterceptor = require('mongo-interceptor');`
## Methods
### `check()`
You can check any `Object`, `Array`, or `String` for "harmful" `mongoDB` operators by calling `mongoInterceptor.checkStr(possibleNOSQLInjectionString)` and you will get an `object` in return, which contains the following information:
- `escaped`: The escaped `String`
- `isIntrusion`: The `Boolean` to tell if any `mongoDB` operators where detected and escaped
- `injections`: The `[String]` if found `mongoDB` operators
See the [interceptor-tests](https://github.com/herom/mongo-interceptor/blob/master/test/interceptor.js#L5-L56) for further information.
### `setReplacer()`
By default, `mongo-interceptor` is using the underscore (`_`) to escape/replace found `mongoDB` operators, but you can set any other replacement `String` you like - excluding `$` itself.
## Properties
### `VERSION`
Returns the actual `VERSION` of the library in use.