MCPcopy Index your code
hub / github.com/simstudioai/sim / validateFilter

Function validateFilter

apps/sim/app/api/tools/mongodb/utils.ts:64–91  ·  view source on GitHub ↗
(filter: string)

Source from the content-addressed store, hash-verified

62}
63
64export function validateFilter(filter: string): { isValid: boolean; error?: string } {
65 try {
66 const parsed = JSON.parse(filter)
67
68 const dangerousOperators = [
69 '$where', // Executes arbitrary JavaScript
70 '$regex', // Can cause ReDoS attacks
71 '$expr', // Expression evaluation
72 '$function', // Custom JavaScript functions
73 '$accumulator', // Custom JavaScript accumulators
74 '$let', // Variable definitions that could be exploited
75 ]
76
77 if (containsDangerousOperator(parsed, dangerousOperators)) {
78 return {
79 isValid: false,
80 error: 'Filter contains potentially dangerous operators',
81 }
82 }
83
84 return { isValid: true }
85 } catch (error) {
86 return {
87 isValid: false,
88 error: 'Invalid JSON format in filter',
89 }
90 }
91}
92
93export function validatePipeline(pipeline: string): { isValid: boolean; error?: string } {
94 try {

Callers 3

route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90

Calls 2

parseMethod · 0.80

Tested by

no test coverage detected