MCPcopy Index your code
hub / github.com/simstudioai/sim / validatePipeline

Function validatePipeline

apps/sim/app/api/tools/mongodb/utils.ts:93–132  ·  view source on GitHub ↗
(pipeline: string)

Source from the content-addressed store, hash-verified

91}
92
93export function validatePipeline(pipeline: string): { isValid: boolean; error?: string } {
94 try {
95 const parsed = JSON.parse(pipeline)
96
97 if (!Array.isArray(parsed)) {
98 return {
99 isValid: false,
100 error: 'Pipeline must be an array',
101 }
102 }
103
104 const dangerousOperators = [
105 '$where', // Executes arbitrary JavaScript
106 '$function', // Custom JavaScript functions
107 '$accumulator', // Custom JavaScript accumulators
108 '$let', // Variable definitions that could be exploited
109 '$merge', // Writes to external collections
110 '$out', // Writes to external collections
111 '$currentOp', // Exposes system operation info
112 '$listSessions', // Exposes session info
113 '$listLocalSessions', // Exposes local session info
114 ]
115
116 for (const stage of parsed) {
117 if (containsDangerousOperator(stage, dangerousOperators)) {
118 return {
119 isValid: false,
120 error: 'Pipeline contains potentially dangerous operators',
121 }
122 }
123 }
124
125 return { isValid: true }
126 } catch (error) {
127 return {
128 isValid: false,
129 error: 'Invalid JSON format in pipeline',
130 }
131 }
132}
133
134export function sanitizeCollectionName(name: string): string {
135 if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {

Callers 1

route.tsFile · 0.90

Calls 2

parseMethod · 0.80

Tested by

no test coverage detected