Skip to content
/ mongo-sanitize Public

A simple, no-dependency defense against MongoDB query selector injection attacks.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Aldin-SXR/mongo-sanitize

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
tests/unit
tests/unit
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
phpunit.xml
phpunit.xml
 
 

Repository files navigation

mongo-sanitize

Build Status

A simple, no-dependency PHP library for defense against MongoDB query selector injection attacks. Inspired by the homonymous NPM package for NodeJS.

Installation and Usage

The library is available via Composer.

composer require aldin-sxr/mongo-sanitize

After installing, include vendor/autoload.php in your project.

<?php

require_once 'vendor/autoload.php';

$data = [
    'hello' => 'world',
    'foo' => [ '$eq' => 'bar' ]
];

$cleaned = mongo_sanitize($data);
// Cleaned array:
// [ 'hello' => 'world, 'foo' => [ ] ]

Call mongo_sanitize() on the arrays (user input) which you want to sanitize. The function will remove any array elements whose keys start with a $ (MongoDB operator identifier). The function also works recursively, on embedded array elements.

Testing

All library methods come with several unit tests in PHPUnit, which are available under tests/unit.

License

The library is licensed under the MIT license. See the LICENSE file for details.

About

A simple, no-dependency defense against MongoDB query selector injection attacks.

Topics

sanitization mongodb mongo-sanitize

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages