How to use the schema-inspector.sanitize function in schema-inspector
To help you get started, we’ve selected a few schema-inspector examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
microsoft / BotBuilder-Samples / Node / blog-LUISActionBinding / core / index.js View on Github 
entity = _.merge({}, entity, { type: actionModel.currentParameter });
entities = entities.concat([entity]);
}
// resolve complete parameters from entities
entities = crossMatchEntities(entities);
// merge entities into parameters obj
var parameters = _.reduce(entities, function (merged, entity) {
merged[entity.type] = entity.entity;
return merged;
}, {});
// validate and remove those parameters marked as invalid
var schemaObject = wrap(schema);
inspector.sanitize(schemaObject, parameters);
var result = inspector.validate(schemaObject, parameters);
if (!result.valid) {
var invalidParameterNames = result.error.map(getParameterName);
parameters = _.omit(parameters, invalidParameterNames);
}
return parameters;
}*
* I'm not sure why it is happening, so for now, I'm just going to use lodash to copy the key/values to a new
* object with a proper prototype and then assign the sanitized object back to the req.body & req.params.
*
* note: {} is equivalent to: Object.create(Object.prototype)
*
* I guess do it for req.params as well.
*
* Maybe related: https://github.com/expressjs/express/issues/2613
*/
var reqBody = _.assign({}, req.body)
var reqParams = _.assign({}, req.params)
inspector.sanitize(schemas.reqParamsSanitization, reqParams)
inspector.sanitize(schemas.reqBodySanitization, reqBody)
req.body = reqBody
req.params = reqParams
var validReqParams = inspector.validate(schemas.reqParamsValidation, reqParams)
if(!validReqParams.valid){
let errMessage = `Error(s) with the reqParams data in requestDataValidation : ${ validReqParams.format() }`
let err = new Error(errMessage)
global.devMode && console.error(errMessage)
appLogger.log.error({err, req, res})
return res.status(500).json({errMessage})
}
var validReqBody = inspector.validate(schemas.reqBodyValidation, reqBody)
if(!validReqBody.valid){
let errMessage = `Error(s) with the reqBody data in requestDataValidation : ${ validReqBody.format() }`pagesdb.updateColumns = (columnsDataObj) => {
inspector.sanitize(schemas.updateColumnSanitization, columnsDataObj)
/*****
* Check requestDataValidation.js for why we're making a copy (_.assign) of columnsDataObj/req.body data
* for inspector.validate().
*/
var validatedColumnsDataObj = inspector.validate(schemas.updateColumnValidation, _.assign({}, columnsDataObj))
if(!validatedColumnsDataObj.valid){
var errMessage = `Error, passed in column data did not pass validation.
Error(s): ${ validatedColumnsDataObj.format() }`
global.devMode && console.error(errMessage)
appLogger.log.error({err: errMessage})
let errorToReturn = new Error(errMessage)
/****
* Note: we need to return a blubird promise here, because we use bluebird's
* bind method in addPage.js and returning a native promise would cause an
* uncaughtException error as native promise bind is a bit different.
* Also, throwing an error here would also cause an uncaughtException errorfunction sanitizeEnvs(config, schema) {
return inspector.sanitize(schema, config).data;
}function validate(schema, parameters, onValidationErrors, onValidationPass) {
var schemaObject = wrap(schema);
inspector.sanitize(schemaObject, parameters);
var result = inspector.validate(schemaObject, parameters);
if (result.valid) {
onValidationPass(parameters);
} else {
var errors = result.error.map(function (fieldError) {
var parameterName = getParameterName(fieldError);
var errorMessage = schema[parameterName].message;
return {
parameterName: parameterName,
message: errorMessage
};
});
onValidationErrors(parameters, errors);
}
}scope.updateValues = function(skipRerender) {
destroyModelChangeWatches();
if (!skipRerender) {
element.html(template);
}
var readonly = (scope.readonly && scope.readonly === true) ? true : false;
var schema = scope.schema ? angular.copy(scope.schema) : {
type: 'object'
};
schema.strict = true;
var form = scope.form ? angular.copy(scope.form) : [ "*" ];
var groupInfoes = scope.groupInfoes ? angular.copy(scope.groupInfoes) : [];
var model = scope.model || {};
scope.model = inspector.sanitize(schema, model).data;
scope.formProps.option.formDefaults.readonly = readonly;
scope.formProps.schema = schema;
scope.formProps.form = form;
scope.formProps.groupInfoes = groupInfoes;
scope.formProps.model = angular.copy(scope.model);
if (!skipRerender) {
recompile();
}
initModelChangeWatches();
}.then(row => {
if(!row){
throw new Error('unable to get appSettings from sqlite db')
}
/****
* Gonna cache the settings to make them slightly easier to access
* (as a js object) and slightly faster (e.g. for settings router.get('/')
* uses et.al.)
*
* We sanitize on the way out too for converting the SQLite boolean values
* from 1/0 to true/false for easier use.
*/
inspector.sanitize(schemas.appSettingsSanitization, row)
appSettings.settings = row
return row.pagesDBFilePath
})
}schema-inspector
Schema-Inspector is a powerful tool to sanitize and validate JS objects.
