juice-shop
23 строки · 972.0 Байт
1const injectionChars = /"|'|;|and|or|;|#/i;2
3module.exports = function searchProducts () {4return (req: Request, res: Response, next: NextFunction) => {5let criteria: any = req.query.q === 'undefined' ? '' : req.query.q ?? ''6criteria = (criteria.length <= 200) ? criteria : criteria.substring(0, 200)7if (criteria.match(injectionChars)) {8res.status(400).send()9return10}11models.sequelize.query(`SELECT * FROM Products WHERE ((name LIKE '%${criteria}%' OR description LIKE '%${criteria}%') AND deletedAt IS NULL) ORDER BY name`)12.then(([products]: any) => {13const dataString = JSON.stringify(products)14for (let i = 0; i < products.length; i++) {15products[i].name = req.__(products[i].name)16products[i].description = req.__(products[i].description)17}18res.json(utils.queryResultToJson(products))19}).catch((error: ErrorWithParent) => {20next(error.parent)21})22}23}