pelias
/
api
mirror of https://github.com/pelias/api.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

added sanitizer that verifies that all parameters are single scalar values

pull/289/head
Stephen Hess 9 years ago
parent
3809ae55cd
commit
e90f70ce3d
11 changed files with 100 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      sanitiser/_single_scalar_parameters.js
  2. 1
      sanitiser/autocomplete.js
  3. 1
      sanitiser/place.js
  4. 1
      sanitiser/reverse.js
  5. 1
      sanitiser/search.js
  6. 1
      test/unit/run.js
  7. 60
      test/unit/sanitiser/_single_scalar_parameters.js
  8. 2
      test/unit/sanitiser/autocomplete.js
  9. 8
      test/unit/sanitiser/place.js
  10. 2
      test/unit/sanitiser/reverse.js
  11. 4
      test/unit/sanitiser/search.js

23
sanitiser/_single_scalar_parameters.js
Unescape View File

@ -0,0 +1,23 @@
var _ = require('lodash'),
check = require('check-types');
// validate inputs
function sanitize( raw, clean ){
// error & warning messages
var messages = { errors: [], warnings: [] };
Object.keys(raw).forEach(function(key) {
if (_.isArray(raw[key])) {
messages.errors.push('\'' + key + '\' parameter can only have one value');
} else if (_.isObject(raw[key])) {
messages.errors.push('\'' + key + '\' parameter must be a scalar');
}
});
return messages;
}
// export function
module.exports = sanitize;

1
sanitiser/autocomplete.js
Unescape View File

@ -1,5 +1,6 @@
var sanitizeAll = require('../sanitiser/sanitizeAll'),
sanitizers = {
singleScalarParameters: require('../sanitiser/_single_scalar_parameters'),
text: require('../sanitiser/_text'),
size: require('../sanitiser/_size'),
private: require('../sanitiser/_flag_bool')('private', false),

1
sanitiser/place.js
Unescape View File

@ -1,6 +1,7 @@
var sanitizeAll = require('../sanitiser/sanitizeAll'),
sanitizers = {
singleScalarParameters: require('../sanitiser/_single_scalar_parameters'),
ids: require('../sanitiser/_ids'),
private: require('../sanitiser/_flag_bool')('private', false)
};

1
sanitiser/reverse.js
Unescape View File

@ -1,6 +1,7 @@
var sanitizeAll = require('../sanitiser/sanitizeAll'),
sanitizers = {
singleScalarParameters: require('../sanitiser/_single_scalar_parameters'),
layers: require('../sanitiser/_targets')('layers', require('../query/layers')),
sources: require('../sanitiser/_targets')('sources', require('../query/sources')),
size: require('../sanitiser/_size'),

1
sanitiser/search.js
Unescape View File

@ -1,6 +1,7 @@
var sanitizeAll = require('../sanitiser/sanitizeAll'),
sanitizers = {
singleScalarParameters: require('../sanitiser/_single_scalar_parameters'),
text: require('../sanitiser/_text'),
size: require('../sanitiser/_size'),
layers: require('../sanitiser/_targets')('layers', require( '../query/layers' )),

1
test/unit/run.js
Unescape View File

@ -30,6 +30,7 @@ var tests = [
require('./middleware/distance'),
require('./middleware/confidenceScoreReverse'),
require('./sanitiser/_size'),
require('./sanitiser/_single_scalar_parameters'),
];
tests.map(function(t) {

60
test/unit/sanitiser/_single_scalar_parameters.js
Unescape View File

@ -0,0 +1,60 @@
var sanitize = require('../../../sanitiser/_single_scalar_parameters');
module.exports.tests = {};
module.exports.tests.single_scalar_parameters = function(test, common) {
test('all duplicate parameters should have error messages returned', function(t) {
var raw = {
arrayParameter1: ['value1', 'value2'],
scalarParameter: 'value',
arrayParameter2: ['value3']
};
var clean = {};
var errorsAndWarnings = sanitize(raw, clean);
t.deepEquals(errorsAndWarnings, {
errors: [
'\'arrayParameter1\' parameter can only have one value',
'\'arrayParameter2\' parameter can only have one value',
],
warnings: []
});
t.end();
});
test('object parameters should have error messages returned', function(t) {
var raw = {
objectParameter1: { key1: 'value1', key2: 'value2'},
scalarParameter: 'value',
objectParameter2: { }
};
var clean = {};
var errorsAndWarnings = sanitize(raw, clean);
t.deepEquals(errorsAndWarnings, {
errors: [
'\'objectParameter1\' parameter must be a scalar',
'\'objectParameter2\' parameter must be a scalar'
],
warnings: []
});
t.end();
});
test('request with all scalar parameters should return empty errors', function(t) {
var raw = { scalarParameter1: 'value1', scalarParameter2: 2, scalarParameter3: true };
var clean = {};
var errorsAndWarnings = sanitize(raw, clean);
t.deepEquals(errorsAndWarnings, { errors: [], warnings: [] });
t.end();
});
};
module.exports.all = function (tape, common) {
function test(name, testFunction) {
return tape('SANTIZE _single_scalar_parameters ' + name, testFunction);
}
for( var testCase in module.exports.tests ){
module.exports.tests[testCase](test, common);
}
};

2
test/unit/sanitiser/autocomplete.js
Unescape View File

@ -4,7 +4,7 @@ module.exports.tests = {};
module.exports.tests.sanitisers = function(test, common) {
test('check sanitiser list', function (t) {
var expected = ['text', 'size', 'private', 'geo_autocomplete' ];
var expected = ['singleScalarParameters', 'text', 'size', 'private', 'geo_autocomplete' ];
t.deepEqual(Object.keys(autocomplete.sanitiser_list), expected);
t.end();
});

8
test/unit/sanitiser/place.js
Unescape View File

@ -19,6 +19,14 @@ module.exports.tests.interface = function(test, common) {
});
};
module.exports.tests.sanitisers = function(test, common) {
test('check sanitiser list', function (t) {
var expected = ['singleScalarParameters', 'ids', 'private' ];
t.deepEqual(Object.keys(place.sanitiser_list), expected);
t.end();
});
};
module.exports.tests.sanitize_private = function(test, common) {
var invalid_values = [null, -1, 123, NaN, 'abc'];
invalid_values.forEach(function(value) {

2
test/unit/sanitiser/reverse.js
Unescape View File

@ -36,7 +36,7 @@ module.exports.tests.interface = function(test, common) {
module.exports.tests.sanitisers = function(test, common) {
test('check sanitiser list', function (t) {
var expected = ['layers', 'sources', 'size', 'private', 'geo_reverse', 'boundary_country'];
var expected = ['singleScalarParameters', 'layers', 'sources', 'size', 'private', 'geo_reverse', 'boundary_country'];
t.deepEqual(Object.keys(reverse.sanitiser_list), expected);
t.end();
});

4
test/unit/sanitiser/search.js
Unescape View File

@ -25,7 +25,7 @@ module.exports.tests.interface = function(test, common) {
module.exports.tests.sanitisers = function(test, common) {
test('check sanitiser list', function (t) {
var expected = ['text', 'size', 'layers', 'sources', 'private', 'geo_search', 'boundary_country' ];
var expected = ['singleScalarParameters', 'text', 'size', 'layers', 'sources', 'private', 'geo_search', 'boundary_country' ];
t.deepEqual(Object.keys(search.sanitiser_list), expected);
t.end();
});
@ -33,7 +33,7 @@ module.exports.tests.sanitisers = function(test, common) {
module.exports.tests.sanitize_invalid_text = function(test, common) {
test('invalid text', function(t) {
var invalid = [ '', 100, null, undefined, new Date() ];
var invalid = [ '', 100, null, undefined ];
invalid.forEach( function( text ){
var req = { query: { text: text } };
sanitize(req, function(){

Write Preview
Loading…
Cancel
Save