| 4 | |
| 5 | @Middleware() |
| 6 | export class SecurityHelper implements IMiddleware<any, any> { |
| 7 | resolve(app) { |
| 8 | if ('express' === app.getNamespace()) { |
| 9 | return async (req: any, res, next) => { |
| 10 | return this.compatibleMiddleware(req, req, res, next); |
| 11 | }; |
| 12 | } else { |
| 13 | return async (ctx, next) => { |
| 14 | return this.compatibleMiddleware(ctx, ctx.request, ctx, next); |
| 15 | }; |
| 16 | } |
| 17 | } |
| 18 | |
| 19 | async compatibleMiddleware(context, req, res, next) { |
| 20 | context.security = { |
| 21 | escape, |
| 22 | html: (htmlCode: string) => filterXSS(htmlCode), |
| 23 | js: safeJS, |
| 24 | json: safeJSON, |
| 25 | }; |
| 26 | |
| 27 | return next(); |
| 28 | } |
| 29 | } |
| 30 | |
| 31 | const MATCH_VULNERABLE_REGEXP = /[\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]/; |
| 32 | const BASIC_ALPHABETS = new Set( |
nothing calls this directly
no outgoing calls
no test coverage detected