added sanitizeKeys to sanitize keys

pariazar · pariazar · commit 9245f0f38371 · 2024-04-10T13:30:04.000-07:00
diff --git a/README.md b/README.md
@@ -119,7 +119,7 @@ sanitizer.clean({
 ```
 
 
-##### Whitelisting Routes
+#### Whitelisting Routes
 
 If you want to skip sanitization for certain routes, you can specify a whitelist of routes when setting up the middleware:
 
@@ -138,7 +138,7 @@ app.use(
 );
 ```
 
-##### Limit Sanitization
+#### Limit Sanitization
 
 By default, `perfect-express-sanitizer` sanitizes all parts of the request (body, query, and header). If you only want to sanitize specific parts of the request, you can specify them when setting up the middleware:
 
@@ -156,7 +156,24 @@ app.use(
 );
 ```
 
-##### Setting Sanitization Levels
+ For an option that sanitizes keys, you could consider the following option `sanitizeKeys: true` example:
+ 
+ ```javascript
+app.use(
+  sanitizer.clean(
+    {
+      xss: true,
+      noSql: true,
+      sanitizeKeys: true,
+    },
+    whiteList = [],
+    only = ["body", "query"]
+  )
+);
+```
+
+
+#### Setting Sanitization Levels
 
 You can set different levels of sanitization for SQL and NoSQL injections by specifying the sqlLevel and noSqlLevel options when setting up the middleware. The levels range from 1 to 5, with higher levels providing more comprehensive sanitization.
 
diff --git a/modules/nosql_injection.js b/modules/nosql_injection.js
@@ -66,21 +66,23 @@ const sanitize = (data, options) => {
     });
   }
   if (typeof data === "object" && data !== null) {
+    let sanitizedData = {};
     Object.keys(data).forEach((key) => {
-      const item = data[key];
+      let item = data[key];
       if(options?.allowedKeys  && containsAllowedKey(item, options.allowedKeys)){
-        return data;
+        sanitizedData[key] = item;
       }
       if (typeof item === "string") {
-        data[key] = noSQLSanitizer(item, level);
+        sanitizedData[options.sanitizeKeys ? noSQLSanitizer(key, level) : key] = noSQLSanitizer(item, level);
       } else if (Array.isArray(item) || typeof item === "object") {
         try {
-          data[key] = sanitize(item, level);
+          sanitizedData[options.sanitizeKeys ? noSQLSanitizer(key, level) : key] = sanitize(item, options);
         } catch (error) {
-          data[key] = item;
+          sanitizedData[key] = item;
         }
       }
     });
+    return sanitizedData;
   }
   return data;
 };

Original file line number	Diff line number	Diff line change
`@@ -66,21 +66,23 @@ const sanitize = (data, options) => {`
`66`	`66`	`});`
`67`	`67`	`}`
`68`	`68`	`if (typeof data === "object" && data !== null) {`
	`69`	`+ let sanitizedData = {};`
`69`	`70`	`Object.keys(data).forEach((key) => {`
`70`		`- const item = data[key];`
	`71`	`+ let item = data[key];`
`71`	`72`	`if(options?.allowedKeys && containsAllowedKey(item, options.allowedKeys)){`
`72`		`- return data;`
	`73`	`+ sanitizedData[key] = item;`
`73`	`74`	`}`
`74`	`75`	`if (typeof item === "string") {`
`75`		`- data[key] = noSQLSanitizer(item, level);`
	`76`	`+ sanitizedData[options.sanitizeKeys ? noSQLSanitizer(key, level) : key] = noSQLSanitizer(item, level);`
`76`	`77`	`} else if (Array.isArray(item) \|\| typeof item === "object") {`
`77`	`78`	`try {`
`78`		`- data[key] = sanitize(item, level);`
	`79`	`+ sanitizedData[options.sanitizeKeys ? noSQLSanitizer(key, level) : key] = sanitize(item, options);`
`79`	`80`	`} catch (error) {`
`80`		`- data[key] = item;`
	`81`	`+ sanitizedData[key] = item;`
`81`	`82`	`}`
`82`	`83`	`}`
`83`	`84`	`});`
	`85`	`+ return sanitizedData;`
`84`	`86`	`}`
`85`	`87`	`return data;`
`86`	`88`	`};`