Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access req before sanitization #198

Open
Zirafnik opened this issue Jul 17, 2024 · 0 comments
Open

Access req before sanitization #198

Zirafnik opened this issue Jul 17, 2024 · 0 comments

Comments

@Zirafnik
Copy link

Zirafnik commented Jul 17, 2024

I want to access the req object with dirty values, before it is sanitized, so I can log the malicious request.

Right now, we get access to req in onSanitize function, which is run after the request is already cleaned. Perhaps a beforeSanitization (beforeSanitize?) function could be added, which is executed before the sanitation process, and after it is determined the request needs to be cleaned.

Right now this can be accomplished by running the middleware twice: once with dryRun: true option, and then again without it to clean the request. However, this is not optimal & should not be the case. If the middleware determines that the request needs sanitization, just execute beforeSanitize beforehand.

Alternatively, the onSanitize function could just get access to the old dirty req (instead of the new clean one) OR additionally get a new target parameter, which includes the sanitized data and its location in the tree.

Sanitization of objects, due to its recursive nature is very expensive so running the same middleware twice over the same object is ludicrous.

Related to #79, but I do NOT want to log every request like in the proposed answer, but only those determined malicious.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant