You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to access the req object with dirty values, before it is sanitized, so I can log the malicious request.
Right now, we get access to req in onSanitize function, which is run after the request is already cleaned. Perhaps a beforeSanitization (beforeSanitize?) function could be added, which is executed before the sanitation process, and after it is determined the request needs to be cleaned.
Right now this can be accomplished by running the middleware twice: once with dryRun: true option, and then again without it to clean the request. However, this is not optimal & should not be the case. If the middleware determines that the request needs sanitization, just execute beforeSanitize beforehand.
Alternatively, the onSanitize function could just get access to the old dirty req (instead of the new clean one) OR additionally get a new target parameter, which includes the sanitized data and its location in the tree.
Sanitization of objects, due to its recursive nature is very expensive so running the same middleware twice over the same object is ludicrous.
Related to #79, but I do NOT want to log every request like in the proposed answer, but only those determined malicious.
The text was updated successfully, but these errors were encountered:
I want to access the
req
object with dirty values, before it is sanitized, so I can log the malicious request.Right now, we get access to
req
inonSanitize
function, which is run after the request is already cleaned. Perhaps abeforeSanitization
(beforeSanitize
?) function could be added, which is executed before the sanitation process, and after it is determined the request needs to be cleaned.Right now this can be accomplished by running the middleware twice: once with
dryRun: true
option, and then again without it to clean the request. However, this is not optimal & should not be the case. If the middleware determines that the request needs sanitization, just executebeforeSanitize
beforehand.Alternatively, the
onSanitize
function could just get access to the old dirty req (instead of the new clean one) OR additionally get a newtarget
parameter, which includes the sanitized data and its location in the tree.Sanitization of objects, due to its recursive nature is very expensive so running the same middleware twice over the same object is ludicrous.
Related to #79, but I do NOT want to log every request like in the proposed answer, but only those determined malicious.
The text was updated successfully, but these errors were encountered: