I have 2 types of error in snyk report https://snyk.io/ I don’t know if it can be solved with Deepcode AI as well but appreciate the answers.
- SQL injection: unsanitize input from an HTTP parameter flow into query.
- PATH traversal: unsanitize input from the http request body flow into rimraf, where it is used as a path, this may result in traversal
vulnerability and allow attacker to delete arbitrary files.
What I have tried but not worked to get rid of Snyk error.
const validator = require('validator');
function sanitizeValue(value) {
if (typeof value === 'string') {
return validator.escape(value);
} else if (Array.isArray(value)) {
return value.map(item => sanitizeValue(item)); // Sanitize each item in the array
} else if (typeof value === 'object' && value !== null) {
return sanitizeObject(value); // Recursively sanitize nested objects
} else {
return value; // Return values that are neither strings, arrays, nor objects
}
}
function sanitizeObject(obj) {
const sanitizedObject = {};
for (const key in obj) {
if (obj.hasOwnProperty(key)) {
sanitizedObject[key] = sanitizeValue(obj[key]);
}
}
return sanitizedObject;
}
// Sample user input with nested objects and arrays
const userInput = {
username: 'John <script>alert("XSS")</script> Doe',
comments: [
'This is a <b>bold</b> statement!',
'Another <i>italic</i> comment',
],
profile: {
bio: 'This is a <b>bold</b> statement!',
website: 'http://example.com/?search=<script>alert("XSS")</script>',
social: [
{ platform: 'Twitter', handle: '<b>@john_doe</b>' },
{ platform: 'Facebook', handle: '<script>alert("XSS")</script>' },
],
},
};
const sanitizedUserInput = sanitizeObject(userInput);
console.log('Sanitized Nested Object with Arrays:', sanitizedUserInput);