Skip to content
/ mongo-sanitize Public

A simple, no-dependency defense against MongoDB query selector injection attacks.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Aldin-SXR/mongo-sanitize

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

src

src

 
 

tests/unit

tests/unit

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

composer.json

composer.json

 
 

phpunit.xml

phpunit.xml

 
 

Repository files navigation

mongo-sanitize

Build Status

A simple, no-dependency PHP library for defense against MongoDB query selector injection attacks. Inspired by the homonymous NPM package for NodeJS.

Installation and Usage

The library is available via Composer.

composer require aldin-sxr/mongo-sanitize

After installing, include vendor/autoload.php in your project.

<?php

require_once 'vendor/autoload.php';

$data = [
    'hello' => 'world',
    'foo' => [ '$eq' => 'bar' ]
];

$cleaned = mongo_sanitize($data);
// Cleaned array:
// [ 'hello' => 'world, 'foo' => [ ] ]

Call mongo_sanitize() on the arrays (user input) which you want to sanitize. The function will remove any array elements whose keys start with a $ (MongoDB operator identifier). The function also works recursively, on embedded array elements.

Testing

All library methods come with several unit tests in PHPUnit, which are available under tests/unit.

License

The library is licensed under the MIT license. See the LICENSE file for details.

About

A simple, no-dependency defense against MongoDB query selector injection attacks.

Topics

sanitization mongodb mongo-sanitize

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages