From bd83cb9a26b2009b3a6c7960d2b065742ae03038 Mon Sep 17 00:00:00 2001 From: Zac Rosenbauer Date: Thu, 22 Sep 2022 14:51:56 -0500 Subject: [PATCH 1/5] Add `sanitizeFilter` to types --- types/index.d.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/types/index.d.ts b/types/index.d.ts index 60cac795520..477a064dc52 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -58,6 +58,12 @@ declare module 'mongoose' { */ export function deleteModel(name: string | RegExp): Mongoose; + /** + * Sanitizes query filters against query selector injection attacks by wrapping + * any nested objects that have a property whose name starts with `$` in a `$eq`. + */ + export function sanitizeFilter(filter: FilterQuery): FilterQuery; + /** Gets mongoose options */ export function get(key: K): MongooseOptions[K]; @@ -107,6 +113,8 @@ declare module 'mongoose' { /** The Mongoose version */ export const version: string; + + export type AnyKeys = { [P in keyof T]?: T[P] | any }; export interface AnyObject { [k: string]: any From f365ff93b62f6ae1d094e0803a1a6a787f8bef31 Mon Sep 17 00:00:00 2001 From: Zac Rosenbauer Date: Thu, 22 Sep 2022 14:55:24 -0500 Subject: [PATCH 2/5] rm spaces --- index.js | 2 +- types/index.d.ts | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/index.js b/index.js index 7320766f0e5..cd4d973b2fc 100644 --- a/index.js +++ b/index.js @@ -54,7 +54,7 @@ module.exports.mongo = mongoose.mongo; module.exports.mquery = mongoose.mquery; module.exports.sanitizeFilter = mongoose.sanitizeFilter; module.exports.trusted = mongoose.trusted; -module.exports.skipMiddlewareFunction = mongoose.skipMiddlewareFunction; +module.exports.skipMiddelwareFunction = mongoose.skipMiddlewareFunction; module.exports.overwriteMiddlewareResult = mongoose.overwriteMiddlewareResult; // The following properties are not exported using ESM because `setDriver()` can mutate these diff --git a/types/index.d.ts b/types/index.d.ts index 477a064dc52..9d37060467b 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -113,8 +113,6 @@ declare module 'mongoose' { /** The Mongoose version */ export const version: string; - - export type AnyKeys = { [P in keyof T]?: T[P] | any }; export interface AnyObject { [k: string]: any From 11226d589cc253eb0c86862ca5bc5b6f2c544472 Mon Sep 17 00:00:00 2001 From: Zac Rosenbauer Date: Thu, 22 Sep 2022 14:55:54 -0500 Subject: [PATCH 3/5] typo --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index cd4d973b2fc..7320766f0e5 100644 --- a/index.js +++ b/index.js @@ -54,7 +54,7 @@ module.exports.mongo = mongoose.mongo; module.exports.mquery = mongoose.mquery; module.exports.sanitizeFilter = mongoose.sanitizeFilter; module.exports.trusted = mongoose.trusted; -module.exports.skipMiddelwareFunction = mongoose.skipMiddlewareFunction; +module.exports.skipMiddlewareFunction = mongoose.skipMiddlewareFunction; module.exports.overwriteMiddlewareResult = mongoose.overwriteMiddlewareResult; // The following properties are not exported using ESM because `setDriver()` can mutate these From cd7e76b87935efd4f672b0bb6460edaa6a7a1fad Mon Sep 17 00:00:00 2001 From: Zac Rosenbauer Date: Fri, 23 Sep 2022 11:27:23 -0500 Subject: [PATCH 4/5] Update types/index.d.ts Co-authored-by: Hafez --- types/index.d.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/types/index.d.ts b/types/index.d.ts index 9d37060467b..cc329568e1c 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -62,7 +62,7 @@ declare module 'mongoose' { * Sanitizes query filters against query selector injection attacks by wrapping * any nested objects that have a property whose name starts with `$` in a `$eq`. */ - export function sanitizeFilter(filter: FilterQuery): FilterQuery; + export function sanitizeFilter(filter: FilterQuery): FilterQuery; /** Gets mongoose options */ export function get(key: K): MongooseOptions[K]; From 343784088db44affb1cf32bba969217fdd3a7715 Mon Sep 17 00:00:00 2001 From: Zac Rosenbauer Date: Fri, 23 Sep 2022 11:40:42 -0500 Subject: [PATCH 5/5] Add test --- test/types/sanitizeFilter.test.ts | 7 +++++++ types/index.d.ts | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 test/types/sanitizeFilter.test.ts diff --git a/test/types/sanitizeFilter.test.ts b/test/types/sanitizeFilter.test.ts new file mode 100644 index 00000000000..8028e5850a6 --- /dev/null +++ b/test/types/sanitizeFilter.test.ts @@ -0,0 +1,7 @@ +import { FilterQuery, sanitizeFilter } from 'mongoose'; +import { expectType } from 'tsd'; + +const data = { username: 'val', pwd: { $ne: null } }; +type Data = typeof data; + +expectType>(sanitizeFilter(data)); diff --git a/types/index.d.ts b/types/index.d.ts index cc329568e1c..73473b4afe3 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -62,7 +62,7 @@ declare module 'mongoose' { * Sanitizes query filters against query selector injection attacks by wrapping * any nested objects that have a property whose name starts with `$` in a `$eq`. */ - export function sanitizeFilter(filter: FilterQuery): FilterQuery; + export function sanitizeFilter(filter: FilterQuery): FilterQuery; /** Gets mongoose options */ export function get(key: K): MongooseOptions[K];