momosecurity/mosec-node-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1. upgrade vulnerable package

Browse Source 
2. fix test unit
This commit is contained in:
retanoj
2022-03-22 18:10:50 +08:00
parent feee2d72ec
commit c5b6b804e0
4618 changed files with 1691378 additions and 1119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/vuln-project/node_modules/sift/.babelrc generated vendored Normal file
View File

@@ -0,0 +1,3 @@
{
"presets": ["es2015"]
}

1
test/vuln-project/node_modules/sift/.coveralls.yml generated vendored Normal file
View File

@@ -0,0 +1 @@
repo_token: dYtQuNe9CVSGoA5LVadgT3lomowKzEgav

13
test/vuln-project/node_modules/sift/.travis.yml generated vendored Executable file
View File

@@ -0,0 +1,13 @@
language: node_js
node_js:
- 0.10
script: npm run test-coveralls
notifications:
email:
- craig.j.condon@gmail.com
branches:
only:
- master

20
test/vuln-project/node_modules/sift/MIT-LICENSE.txt generated vendored Normal file
View File

@@ -0,0 +1,20 @@
Copyright (c) 2015 Craig Condon
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

417
test/vuln-project/node_modules/sift/README.md generated vendored Executable file
View File

@@ -0,0 +1,417 @@
## validate objects & filter arrays with mongodb queries
[![Build Status](https://secure.travis-ci.org/crcn/sift.js.png)](https://secure.travis-ci.org/crcn/sift.js)
<!-- [![Coverage Status](https://coveralls.io/repos/crcn/sift.js/badge.svg)](https://coveralls.io/r/crcn/sift.js) -->
<!-- [![Join the chat at https://gitter.im/crcn/sift.js](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/crcn/sift.js?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) -->
**For extended documentation, checkout http://docs.mongodb.org/manual/reference/operator/query/**
## Features:
- Supported operators: [$in](#in), [$nin](#nin), [$exists](#exists), [$gte](#gte), [$gt](#gt), [$lte](#lte), [$lt](#lt), [$eq](#eq), [$ne](#ne), [$mod](#mod), [$all](#all), [$and](#and), [$or](#or), [$nor](#nor), [$not](#not), [$size](#size), [$type](#type), [$regex](#regex), [$where](#where), [$elemMatch](#elemmatch)
- Regexp searches
- Function filtering
- sub object searching
- dot notation searching
- Supports node.js, and web
- Small (2 kb minified) library
- Custom Expressions
- filtering of immutable datastructures
## Node.js Examples
```javascript
import sift from 'sift';
//intersecting arrays
var sifted = sift({ $in: ['hello','world'] }, ['hello','sifted','array!']); //['hello']
//regexp filter
var sifted = sift(/^j/, ['craig','john','jake']); //['john','jake']
//A *sifter* is returned if the second parameter is omitted
var testQuery = sift({
//you can also filter against functions
name: function(value) {
return value.length == 5;
}
});
//filtered: [{ name: 'craig' }]
[{
name: 'craig',
},
{
name: 'john'
},
{
name: 'jake'
}].filter(testQuery);
//you can test *single values* against your custom sifter
testQuery({ name: 'sarah' }); //true
testQuery({ name: 'tim' }); //false\
```
## Browser Examples
```html
<html>
<head>
<script src="https://raw.github.com/crcn/sift.js/master/sift.min.js" type="text/javascript"></script>
<script type="text/javascript">
//regexp filter
var sifted = sift(/^j/, ['craig','john','jake']); //['john','jake']
</script>
</head>
<body>
</body>
</html>
```
## API
### .sift(filter[, array][, selectorFn])
- `filter` - the filter to use against the target array
- `array` - sifts against target array. Without this, a function is returned
- `selectorFn` - selector for the values within the array.
With an array:
```javascript
sift({$exists:true}, ['craig',null]); //['craig']
```
Without an array, a sifter is returned:
```javascript
var siftExists = sift({$exists:true});
siftExists('craig'); //true
siftExists(null); //false
['craig',null].filter(siftExists); //['craig']
```
With a selector:
```javascript
var sifter = sift({$exists:true}, function(user) {
return !!user.name;
});
sifter([
{
name: "Craig"
},
{
name: null
}
])
```
With your sifter, you can also **test** values:
```javascript
siftExists(null); //false
siftExists('craig'); //true
```
## Supported Operators:
See MongoDB's [advanced queries](http://www.mongodb.org/display/DOCS/Advanced+Queries) for more info.
### $in
array value must be *$in* the given query:
Intersecting two arrays:
```javascript
//filtered: ['Brazil']
sift({ $in: ['Costa Rica','Brazil'] }, ['Brazil','Haiti','Peru','Chile']);
```
Here's another example. This acts more like the $or operator:
```javascript
sift({ location: { $in: ['Costa Rica','Brazil'] } }, [ { name: 'Craig', location: 'Brazil' } ]);
```
### $nin
Opposite of $in:
```javascript
//filtered: ['Haiti','Peru','Chile']
sift({ $nin: ['Costa Rica','Brazil'] }, ['Brazil','Haiti','Peru','Chile']);
```
### $exists
Checks if whether a value exists:
```javascript
//filtered: ['Craig','Tim']
sift({ $exists: true }, ['Craig',null,'Tim']);
```
You can also filter out values that don't exist
```javascript
//filtered: [{ name: 'Craig', city: 'Minneapolis' }]
sift({ city: { $exists: false } }, [ { name: 'Craig', city: 'Minneapolis' }, { name: 'Tim' }]);
```
### $gte
Checks if a number is >= value:
```javascript
//filtered: [2, 3]
sift({ $gte: 2 }, [0, 1, 2, 3]);
```
### $gt
Checks if a number is > value:
```javascript
//filtered: [3]
sift({ $gt: 2 }, [0, 1, 2, 3]);
```
### $lte
Checks if a number is <= value.
```javascript
//filtered: [0, 1, 2]
sift({ $lte: 2 }, [0, 1, 2, 3]);
```
### $lt
Checks if number is < value.
```javascript
//filtered: [0, 1]
sift({ $lt: 2 }, [0, 1, 2, 3]);
```
### $eq
Checks if `query === value`. Note that **$eq can be omitted**. For **$eq**, and **$ne**
```javascript
//filtered: [{ state: 'MN' }]
sift({ state: {$eq: 'MN' }}, [{ state: 'MN' }, { state: 'CA' }, { state: 'WI' }]);
```
Or:
```javascript
//filtered: [{ state: 'MN' }]
sift({ state: 'MN' }, [{ state: 'MN' }, { state: 'CA' }, { state: 'WI' }]);
```
### $ne
Checks if `query !== value`.
```javascript
//filtered: [{ state: 'CA' }, { state: 'WI'}]
sift({ state: {$ne: 'MN' }}, [{ state: 'MN' }, { state: 'CA' }, { state: 'WI' }]);
```
### $mod
Modulus:
```javascript
//filtered: [300, 600]
sift({ $mod: [3, 0] }, [100, 200, 300, 400, 500, 600]);
```
### $all
values must match **everything** in array:
```javascript
//filtered: [ { tags: ['books','programming','travel' ]} ]
sift({ tags: {$all: ['books','programming'] }}, [
{ tags: ['books','programming','travel' ] },
{ tags: ['travel','cooking'] } ]);
```
### $and
ability to use an array of expressions. All expressions must test true.
```javascript
//filtered: [ { name: 'Craig', state: 'MN' }]
sift({ $and: [ { name: 'Craig' }, { state: 'MN' } ] }, [
{ name: 'Craig', state: 'MN' },
{ name: 'Tim', state: 'MN' },
{ name: 'Joe', state: 'CA' } ]);
```
### $or
OR array of expressions.
```javascript
//filtered: [ { name: 'Craig', state: 'MN' }, { name: 'Tim', state: 'MN' }]
sift({ $or: [ { name: 'Craig' }, { state: 'MN' } ] }, [
{ name: 'Craig', state: 'MN' },
{ name: 'Tim', state: 'MN' },
{ name: 'Joe', state: 'CA' } ]);
```
### $nor
opposite of or:
```javascript
//filtered: [ { name: 'Tim', state: 'MN' }, { name: 'Joe', state: 'CA' }]
sift({ $nor: [ { name: 'Craig' }, { state: 'MN' } ] }, [
{ name: 'Craig', state: 'MN' },
{ name: 'Tim', state: 'MN' },
{ name: 'Joe', state: 'CA' } ]);
```
### $size
Matches an array - must match given size:
```javascript
//filtered: ['food','cooking']
sift({ tags: { $size: 2 } }, [ { tags: ['food','cooking'] }, { tags: ['traveling'] }]);
```
### $type
Matches a values based on the type
```javascript
sift({ $type: Date }, [new Date(), 4342, 'hello world']); //returns single date
sift({ $type: String }, [new Date(), 4342, 'hello world']); //returns ['hello world']
```
### $regex
Matches values based on the given regular expression
```javascript
sift({ $regex: /^f/i, $nin: ["frank"] }, ["frank", "fred", "sam", "frost"]); // ["fred", "frost"]
sift({ $regex: "^f", $options: "i", $nin: ["frank"] }, ["frank", "fred", "sam", "frost"]); // ["fred", "frost"]
```
### $where
Matches based on some javascript comparison
```javascript
sift({ $where: "this.name === 'frank'" }, [{name:'frank'},{name:'joe'}]); // ["frank"]
sift({
$where: function() {
return this.name === "frank"
}
}, [{name:'frank'},{name:'joe'}]); // ["frank"]
```
### $elemMatch
Matches elements of array
```javascript
var bills = [{
month: 'july',
casts: [{
id: 1,
value: 200
},{
id: 2,
value: 1000
}]
},
{
month: 'august',
casts: [{
id: 3,
value: 1000,
}, {
id: 4,
value: 4000
}]
}];
var result = sift({
casts: {$elemMatch:{
value: {$gt: 1000}
}}
}, bills); // {month:'august', casts:[{id:3, value: 1000},{id: 4, value: 4000}]}
```
### $not
Not expression:
```javascript
sift({$not:{$in:['craig','tim']}}, ['craig','tim','jake']); //['jake']
sift({$not:{$size:5}}, ['craig','tim','jake']); //['tim','jake']
```
## sub object Searching
```javascript
var people = [{
name: 'craig',
address: {
city: 'Minneapolis'
}
},
{
name: 'tim',
address: {
city: 'St. Paul'
}
}];
var sifted = sift({ address: { city: 'Minneapolis' }}, people); // count = 1
//or
var sifted = sift({'address.city': 'minneapolis'}, people);//count = 1
```
## Get index of first matching element
Get the index (0-based) of first matching element in target array. Returns `-1` if no match is found.
```javascript
import {indexOf as siftIndexOf} from 'sift';
var people = [{
name: 'craig',
address: {
city: 'Minneapolis'
}
},
{
name: 'tim',
address: {
city: 'St. Paul'
}
}];
var index = siftIndexOf({ address: { city: 'Minneapolis' }}, people); // index = 0
```

21
test/vuln-project/node_modules/sift/bower.json generated vendored Normal file
View File

@@ -0,0 +1,21 @@
{
"name": "sift",
"version": "3.2.0",
"authors": [
"Craig Condon <craig.j.condon@gmail.com>"
],
"description": "mongodb query style array filtering",
"main": "sift.min.js",
"moduleType": [],
"license": "MIT",
"homepage": "https://github.com/crcn/sift.js",
"ignore": [
"**/.*",
"node_modules",
"bower_components",
"test",
"benchmark",
"webpack.js",
"package.json"
]
}

25
test/vuln-project/node_modules/sift/changelog.md generated vendored Normal file
View File

@@ -0,0 +1,25 @@
### 7.0.0
- Remove global `*.use()` function.
- converted to ES6
### 3.3.x
- `$in` now uses `toString()` when evaluating objects. Fixes #116.
#### 2.x
- `use()` now uses a different format:
```javascript
sift.use({
$operator: function(a) {
return function(b) {
// compare here
};
}
})
```
- all operators are traversable now
- fix #58.

154
test/vuln-project/node_modules/sift/gulpfile.js generated vendored Normal file
View File

@@ -0,0 +1,154 @@
var gulp = require("gulp");
var istanbul = require("gulp-istanbul");
var mocha = require("gulp-mocha");
var plumber = require("gulp-plumber");
var jshint = require("gulp-jshint");
var uglify = require("gulp-uglify");
var jscs = require("gulp-jscs");
var coveralls = require("gulp-coveralls");
var rename = require("gulp-rename");
var options = require("yargs").argv;
var pkg = require("./package");
/**
*/
var paths = {
testFiles : ["test/**/*-test.js"],
appFiles : ["sift.js"],
allFiles : ["test/**/*-test.js", "sift.js"]
};
/**
*/
var mochaOptions = {
bail : options.bail !== 'false',
reporter : options.reporter || 'dot',
grep : options.grep || options.only,
timeout : 500
}
/**
*/
gulp.task("test-coverage", function (complete) {
gulp.
src(paths.appFiles).
pipe(istanbul()).
pipe(istanbul.hookRequire()).
on("finish", function () {
gulp.
src(paths.testFiles).
pipe(plumber()).
pipe(mocha(mochaOptions)).
pipe(istanbul.writeReports({
reporters: ["text","text-summary", "lcov"]
})).
on("end", complete);
});
});
/**
*/
gulp.task("test-coveralls", ["test-coverage"], function () {
return gulp.
src("coverage/**/lcov.info").
pipe(coveralls());
});
/**
*/
gulp.task("minify", function() {
return gulp.
src("./" + pkg.name + ".js").
pipe(uglify()).
pipe(rename(function(path) {
path.basename += ".min";
})).
pipe(gulp.dest("./"));
});
/**
*/
gulp.task("lint", function() {
return gulp.run(["jshint", "jscs"]);
});
/**
*/
gulp.task("jscs", function() {
return gulp.
src(paths.allFiles).
pipe(jscs({
"preset": "google",
"requireParenthesesAroundIIFE": true,
"maximumLineLength": 200,
"validateLineBreaks": "LF",
"validateIndentation": 2,
"validateQuoteMarks": "\"",
"disallowKeywords": ["with"],
"disallowSpacesInsideObjectBrackets": null,
"disallowImplicitTypeConversion": ["string"],
"requireCurlyBraces": [],
"safeContextKeyword": "self"
}));
});
/**
*/
gulp.task("jshint", function() {
return gulp.
src(paths.allFiles).
pipe(jshint({
es3: true,
evil: true
})).
pipe(jshint.reporter('default'));
});
/**
*/
gulp.task("test", function (complete) {
gulp.
src(paths.testFiles, { read: false }).
pipe(plumber()).
pipe(mocha(mochaOptions)).
on("error", complete).
on("end", complete);
});
var iofwatch = process.argv.indexOf("watch");
/**
* runs previous tasks (1 or more)
*/
gulp.task("watch", function () {
gulp.watch(paths.allFiles, process.argv.slice(2, iofwatch));
});
/**
*/
gulp.task("default", function () {
return gulp.run("test-coverage");
});
/**
*/
gulp.doneCallback = function (err) {
// a bit hacky, but fixes issue with testing where process
// doesn't exist process. Also fixes case where timeout / interval are set (CC)
if (!~iofwatch) process.exit(err ? 1 : 0);
};

62
test/vuln-project/node_modules/sift/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,62 @@
export type SupportedTypes = Array<string | { [index: string]: any } | number | null | any>;
export type KeyOrValue<T extends SupportedTypes> = T & T[0];
export type ElemMatch<T extends { [index: string]: any[] }> = {
[P in keyof T]?: SiftQuery<T[P]>;
}
export type Query<T extends SupportedTypes> = {
$eq?: T[0];
$ne?: T[0];
$or?: Array<Partial<T[0]>>;
$gt?: T[0];
$gte?: T[0];
$lt?: T[0];
$lte?: T[0];
$mod?: number[];
$in?: Array<Partial<T[0]>>;
$nin?: Array<Partial<T[0]>>;
$not?: SiftQuery<T>;
$type?: any;
$all?: Array<Partial<T[0]>>;
$size?: number;
$nor?: Array<Partial<T[0]>>;
$and?: Array<Partial<T[0]>>;
$regex?: RegExp | string;
$elemMatch?: ExternalQuery<T>;
$exists?: boolean;
$where?: string | WhereFn<T>;
$options?: "i" | "g" | "m" | "u";
}
export interface InternalQuery<T extends SupportedTypes> extends Query<T> {
}
export type ExternalQuery<T extends SupportedTypes> = ElemMatch<T[0]>;
export type WhereFn<T extends SupportedTypes> = (this: T[0], value: T[0], index: number, array: T) => boolean;
export type FilterFn = <T>(value: T, index?: number, array?: T[]) => boolean;
export type SiftQuery<T extends SupportedTypes> = ExternalQuery<T> & InternalQuery<T>;
export type PluginDefinition<T> = {
[index: string]: (a: T, b: T) => boolean | number;
}
export type PluginFunction<T> = (sift: Sift) => PluginDefinition<T>;
export type Exec = <T extends SupportedTypes>(array: T) => T;
export interface Sift {
<T extends SupportedTypes>(query: RegExp, target: T, rawSelector?: any): T;
<T>(query: SiftQuery<any>, rawSelector: (item: T) => boolean): Exec;
<T extends SupportedTypes[]>(query: SiftQuery<T>): FilterFn;
<T extends SupportedTypes>(query: SiftQuery<T>, target: T, rawSelector?: any): T;
indexOf<T extends SupportedTypes>(query: SiftQuery<T>, target: T, rawSelector?: any): number;
compare<T, K>(a: T, b: K): 0 | -1 | 1;
}
declare const Sift: Sift
export default Sift

568
test/vuln-project/node_modules/sift/lib/index.js generated vendored Normal file
View File

@@ -0,0 +1,568 @@
'use strict';
Object.defineProperty(exports, "__esModule", {
value: true
});
var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; };
exports.default = sift;
exports.indexOf = indexOf;
exports.compare = compare;
/*
*
* Copryright 2018, Craig Condon
* Licensed under MIT
*
* Filter JavaScript objects with mongodb queries
*/
/**
*/
function isFunction(value) {
return typeof value === 'function';
}
/**
*/
function isArray(value) {
return Object.prototype.toString.call(value) === '[object Array]';
}
/**
*/
function comparable(value) {
if (value instanceof Date) {
return value.getTime();
} else if (isArray(value)) {
return value.map(comparable);
} else if (value && typeof value.toJSON === 'function') {
return value.toJSON();
} else {
return value;
}
}
function get(obj, key) {
return isFunction(obj.get) ? obj.get(key) : obj[key];
}
/**
*/
function or(validator) {
return function (a, b) {
if (!isArray(b) || !b.length) {
return validator(a, b);
}
for (var i = 0, n = b.length; i < n; i++) {
if (validator(a, get(b, i))) return true;
}
return false;
};
}
/**
*/
function and(validator) {
return function (a, b) {
if (!isArray(b) || !b.length) {
return validator(a, b);
}
for (var i = 0, n = b.length; i < n; i++) {
if (!validator(a, get(b, i))) return false;
}
return true;
};
}
function validate(validator, b, k, o) {
return validator.v(validator.a, b, k, o);
}
var OPERATORS = {
/**
*/
$eq: or(function (a, b) {
return a(b);
}),
/**
*/
$ne: and(function (a, b) {
return !a(b);
}),
/**
*/
$gt: or(function (a, b) {
return compare(comparable(b), a) > 0;
}),
/**
*/
$gte: or(function (a, b) {
return compare(comparable(b), a) >= 0;
}),
/**
*/
$lt: or(function (a, b) {
return compare(comparable(b), a) < 0;
}),
/**
*/
$lte: or(function (a, b) {
return compare(comparable(b), a) <= 0;
}),
/**
*/
$mod: or(function (a, b) {
return b % a[0] == a[1];
}),
/**
*/
$in: function $in(a, b) {
if (b instanceof Array) {
for (var i = b.length; i--;) {
if (~a.indexOf(comparable(get(b, i)))) {
return true;
}
}
} else {
var comparableB = comparable(b);
if (comparableB === b && (typeof b === 'undefined' ? 'undefined' : _typeof(b)) === 'object') {
for (var i = a.length; i--;) {
if (String(a[i]) === String(b) && String(b) !== '[object Object]') {
return true;
}
}
}
/*
Handles documents that are undefined, whilst also
having a 'null' element in the parameters to $in.
*/
if (typeof comparableB == 'undefined') {
for (var i = a.length; i--;) {
if (a[i] == null) {
return true;
}
}
}
/*
Handles the case of {'field': {$in: [/regexp1/, /regexp2/, ...]}}
*/
for (var i = a.length; i--;) {
var validator = createRootValidator(get(a, i), undefined);
var result = validate(validator, b, i, a);
if (result && String(result) !== '[object Object]' && String(b) !== '[object Object]') {
return true;
}
}
return !!~a.indexOf(comparableB);
}
return false;
},
/**
*/
$nin: function $nin(a, b, k, o) {
return !OPERATORS.$in(a, b, k, o);
},
/**
*/
$not: function $not(a, b, k, o) {
return !validate(a, b, k, o);
},
/**
*/
$type: function $type(a, b) {
return b != void 0 ? b instanceof a || b.constructor == a : false;
},
/**
*/
$all: function $all(a, b, k, o) {
return OPERATORS.$and(a, b, k, o);
},
/**
*/
$size: function $size(a, b) {
return b ? a === b.length : false;
},
/**
*/
$or: function $or(a, b, k, o) {
for (var i = 0, n = a.length; i < n; i++) {
if (validate(get(a, i), b, k, o)) return true;
}return false;
},
/**
*/
$nor: function $nor(a, b, k, o) {
return !OPERATORS.$or(a, b, k, o);
},
/**
*/
$and: function $and(a, b, k, o) {
for (var i = 0, n = a.length; i < n; i++) {
if (!validate(get(a, i), b, k, o)) {
return false;
}
}
return true;
},
/**
*/
$regex: or(function (a, b) {
return typeof b === 'string' && a.test(b);
}),
/**
*/
$where: function $where(a, b, k, o) {
return a.call(b, b, k, o);
},
/**
*/
$elemMatch: function $elemMatch(a, b, k, o) {
if (isArray(b)) {
return !!~search(b, a);
}
return validate(a, b, k, o);
},
/**
*/
$exists: function $exists(a, b, k, o) {
return o.hasOwnProperty(k) === a;
}
};
/**
*/
var prepare = {
/**
*/
$eq: function $eq(a) {
if (a instanceof RegExp) {
return function (b) {
return typeof b === 'string' && a.test(b);
};
} else if (a instanceof Function) {
return a;
} else if (isArray(a) && !a.length) {
// Special case of a == []
return function (b) {
return isArray(b) && !b.length;
};
} else if (a === null) {
return function (b) {
//will match both null and undefined
return b == null;
};
}
return function (b) {
return compare(comparable(b), comparable(a)) === 0;
};
},
/**
*/
$ne: function $ne(a) {
return prepare.$eq(a);
},
/**
*/
$and: function $and(a) {
return a.map(parse);
},
/**
*/
$all: function $all(a) {
return prepare.$and(a);
},
/**
*/
$or: function $or(a) {
return a.map(parse);
},
/**
*/
$nor: function $nor(a) {
return a.map(parse);
},
/**
*/
$not: function $not(a) {
return parse(a);
},
/**
*/
$regex: function $regex(a, query) {
return new RegExp(a, query.$options);
},
/**
*/
$where: function $where(a) {
return typeof a === 'string' ? new Function('obj', 'return ' + a) : a;
},
/**
*/
$elemMatch: function $elemMatch(a) {
return parse(a);
},
/**
*/
$exists: function $exists(a) {
return !!a;
}
};
/**
*/
function search(array, validator) {
for (var i = 0; i < array.length; i++) {
var result = get(array, i);
if (validate(validator, get(array, i))) {
return i;
}
}
return -1;
}
/**
*/
function createValidator(a, validate) {
return { a: a, v: validate };
}
/**
*/
function nestedValidator(a, b) {
var values = [];
findValues(b, a.k, 0, b, values);
if (values.length === 1) {
var first = values[0];
return validate(a.nv, first[0], first[1], first[2]);
}
// If the query contains $ne, need to test all elements ANDed together
var inclusive = a && a.q && typeof a.q.$ne !== 'undefined';
var allValid = inclusive;
for (var i = 0; i < values.length; i++) {
var result = values[i];
var isValid = validate(a.nv, result[0], result[1], result[2]);
if (inclusive) {
allValid &= isValid;
} else {
allValid |= isValid;
}
}
return allValid;
}
/**
*/
function findValues(current, keypath, index, object, values) {
if (index === keypath.length || current == void 0) {
values.push([current, keypath[index - 1], object]);
return;
}
var k = get(keypath, index);
// ensure that if current is an array, that the current key
// is NOT an array index. This sort of thing needs to work:
// sift({'foo.0':42}, [{foo: [42]}]);
if (isArray(current) && isNaN(Number(k))) {
for (var i = 0, n = current.length; i < n; i++) {
findValues(get(current, i), keypath, index, current, values);
}
} else {
findValues(get(current, k), keypath, index + 1, current, values);
}
}
/**
*/
function createNestedValidator(keypath, a, q) {
return { a: { k: keypath, nv: a, q: q }, v: nestedValidator };
}
/**
* flatten the query
*/
function isVanillaObject(value) {
return value && value.constructor === Object;
}
function parse(query) {
query = comparable(query);
if (!query || !isVanillaObject(query)) {
// cross browser support
query = { $eq: query };
}
var validators = [];
for (var key in query) {
var a = query[key];
if (key === '$options') {
continue;
}
if (OPERATORS[key]) {
if (prepare[key]) a = prepare[key](a, query);
validators.push(createValidator(comparable(a), OPERATORS[key]));
} else {
if (key.charCodeAt(0) === 36) {
throw new Error('Unknown operation ' + key);
}
validators.push(createNestedValidator(key.split('.'), parse(a), a));
}
}
return validators.length === 1 ? validators[0] : createValidator(validators, OPERATORS.$and);
}
/**
*/
function createRootValidator(query, getter) {
var validator = parse(query);
if (getter) {
validator = {
a: validator,
v: function v(a, b, k, o) {
return validate(a, getter(b), k, o);
}
};
}
return validator;
}
/**
*/
function sift(query, array, getter) {
if (isFunction(array)) {
getter = array;
array = void 0;
}
var validator = createRootValidator(query, getter);
function filter(b, k, o) {
return validate(validator, b, k, o);
}
if (array) {
return array.filter(filter);
}
return filter;
}
/**
*/
function indexOf(query, array, getter) {
return search(array, createRootValidator(query, getter));
};
/**
*/
function compare(a, b) {
if (a === b) return 0;
if ((typeof a === 'undefined' ? 'undefined' : _typeof(a)) === (typeof b === 'undefined' ? 'undefined' : _typeof(b))) {
if (a > b) {
return 1;
}
if (a < b) {
return -1;
}
}
};

66
test/vuln-project/node_modules/sift/package.json generated vendored Normal file
View File

@@ -0,0 +1,66 @@
{
"_from": "sift@7.0.1",
"_id": "sift@7.0.1",
"_inBundle": false,
"_integrity": "sha1-R9YsULFZ0xbxNy+LU/nBDNIaSwg=",
"_location": "/sift",
"_phantomChildren": {},
"_requested": {
"type": "version",
"registry": true,
"raw": "sift@7.0.1",
"name": "sift",
"escapedName": "sift",
"rawSpec": "7.0.1",
"saveSpec": null,
"fetchSpec": "7.0.1"
},
"_requiredBy": [
"/mongoose"
],
"_resolved": "http://npm.wemomo.com/sift/-/sift-7.0.1.tgz",
"_shasum": "47d62c50b159d316f1372f8b53f9c10cd21a4b08",
"_spec": "sift@7.0.1",
"_where": "/Users/momo/Documents/momo/security/opensource/mosec-node-plugin/test/vuln-project/node_modules/mongoose",
"author": {
"name": "Craig Condon",
"email": "craig.j.condon@gmail.com",
"url": "http://crcn.io"
},
"bugs": {
"url": "https://github.com/crcn/sift.js/issues"
},
"bundleDependencies": false,
"dependencies": {},
"deprecated": false,
"description": "mongodb query style array filtering",
"devDependencies": {
"babel-cli": "^6.26.0",
"babel-core": "^6.26.3",
"babel-preset-es2015": "^6.24.1",
"babel-preset-es2015-loose": "^8.0.0",
"bson": "^3.0.2",
"immutable": "^3.7.6",
"mocha": "^5.2.0",
"webpack": "^4.20.2",
"webpack-cli": "^3.1.2",
"yargs": "^3.15.0"
},
"engines": {},
"es2015": "./src/index.js",
"homepage": "https://github.com/crcn/sift.js#readme",
"license": "MIT",
"main": "./lib/index.js",
"module": "./src/index.js",
"name": "sift",
"repository": {
"type": "git",
"url": "git+https://github.com/crcn/sift.js.git"
},
"scripts": {
"build": "mkdir -p lib; babel src/index.js > lib/index.js; webpack",
"test": "mocha ./test -R spec --compilers js:babel-core/register"
},
"typings": "./index.d.ts",
"version": "7.0.1"
}

1
test/vuln-project/node_modules/sift/sift.min.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

554
test/vuln-project/node_modules/sift/src/index.js generated vendored Normal file
View File

@@ -0,0 +1,554 @@
/*
*
* Copryright 2018, Craig Condon
* Licensed under MIT
*
* Filter JavaScript objects with mongodb queries
*/
/**
*/
function isFunction(value) {
return typeof value === 'function';
}
/**
*/
function isArray(value) {
return Object.prototype.toString.call(value) === '[object Array]';
}
/**
*/
function comparable(value) {
if (value instanceof Date) {
return value.getTime();
} else if (isArray(value)) {
return value.map(comparable);
} else if (value && typeof value.toJSON === 'function') {
return value.toJSON();
} else {
return value;
}
}
function get(obj, key) {
return isFunction(obj.get) ? obj.get(key) : obj[key];
}
/**
*/
function or(validator) {
return function(a, b) {
if (!isArray(b) || !b.length) {
return validator(a, b);
}
for (var i = 0, n = b.length; i < n; i++) {
if (validator(a, get(b,i))) return true;
}
return false;
}
}
/**
*/
function and(validator) {
return function(a, b) {
if (!isArray(b) || !b.length) {
return validator(a, b);
}
for (var i = 0, n = b.length; i < n; i++) {
if (!validator(a, get(b, i))) return false;
}
return true;
};
}
function validate(validator, b, k, o) {
return validator.v(validator.a, b, k, o);
}
var OPERATORS = {
/**
*/
$eq: or(function(a, b) {
return a(b);
}),
/**
*/
$ne: and(function(a, b) {
return !a(b);
}),
/**
*/
$gt: or(function(a, b) {
return compare(comparable(b), a) > 0;
}),
/**
*/
$gte: or(function(a, b) {
return compare(comparable(b), a) >= 0;
}),
/**
*/
$lt: or(function(a, b) {
return compare(comparable(b), a) < 0;
}),
/**
*/
$lte: or(function(a, b) {
return compare(comparable(b), a) <= 0;
}),
/**
*/
$mod: or(function(a, b) {
return b % a[0] == a[1];
}),
/**
*/
$in: function(a, b) {
if (b instanceof Array) {
for (var i = b.length; i--;) {
if (~a.indexOf(comparable(get(b, i)))) {
return true;
}
}
} else {
var comparableB = comparable(b);
if (comparableB === b && typeof b === 'object') {
for (var i = a.length; i--;) {
if (String(a[i]) === String(b) && String(b) !== '[object Object]') {
return true;
}
}
}
/*
Handles documents that are undefined, whilst also
having a 'null' element in the parameters to $in.
*/
if (typeof comparableB == 'undefined') {
for (var i = a.length; i--;) {
if (a[i] == null) {
return true;
}
}
}
/*
Handles the case of {'field': {$in: [/regexp1/, /regexp2/, ...]}}
*/
for (var i = a.length; i--;) {
var validator = createRootValidator(get(a, i), undefined);
var result = validate(validator, b, i, a);
if ((result) && (String(result) !== '[object Object]') && (String(b) !== '[object Object]')) {
return true;
}
}
return !!~a.indexOf(comparableB);
}
return false;
},
/**
*/
$nin: function(a, b, k, o) {
return !OPERATORS.$in(a, b, k, o);
},
/**
*/
$not: function(a, b, k, o) {
return !validate(a, b, k, o);
},
/**
*/
$type: function(a, b) {
return b != void 0 ? b instanceof a || b.constructor == a : false;
},
/**
*/
$all: function(a, b, k, o) {
return OPERATORS.$and(a, b, k, o);
},
/**
*/
$size: function(a, b) {
return b ? a === b.length : false;
},
/**
*/
$or: function(a, b, k, o) {
for (var i = 0, n = a.length; i < n; i++) if (validate(get(a, i), b, k, o)) return true;
return false;
},
/**
*/
$nor: function(a, b, k, o) {
return !OPERATORS.$or(a, b, k, o);
},
/**
*/
$and: function(a, b, k, o) {
for (var i = 0, n = a.length; i < n; i++) {
if (!validate(get(a, i), b, k, o)) {
return false;
}
}
return true;
},
/**
*/
$regex: or(function(a, b) {
return typeof b === 'string' && a.test(b);
}),
/**
*/
$where: function(a, b, k, o) {
return a.call(b, b, k, o);
},
/**
*/
$elemMatch: function(a, b, k, o) {
if (isArray(b)) {
return !!~search(b, a);
}
return validate(a, b, k, o);
},
/**
*/
$exists: function(a, b, k, o) {
return o.hasOwnProperty(k) === a;
}
};
/**
*/
var prepare = {
/**
*/
$eq: function(a) {
if (a instanceof RegExp) {
return function(b) {
return typeof b === 'string' && a.test(b);
};
} else if (a instanceof Function) {
return a;
} else if (isArray(a) && !a.length) {
// Special case of a == []
return function(b) {
return (isArray(b) && !b.length);
};
} else if (a === null){
return function(b){
//will match both null and undefined
return b == null;
}
}
return function(b) {
return compare(comparable(b), comparable(a)) === 0;
};
},
/**
*/
$ne: function(a) {
return prepare.$eq(a);
},
/**
*/
$and: function(a) {
return a.map(parse);
},
/**
*/
$all: function(a) {
return prepare.$and(a);
},
/**
*/
$or: function(a) {
return a.map(parse);
},
/**
*/
$nor: function(a) {
return a.map(parse);
},
/**
*/
$not: function(a) {
return parse(a);
},
/**
*/
$regex: function(a, query) {
return new RegExp(a, query.$options);
},
/**
*/
$where: function(a) {
return typeof a === 'string' ? new Function('obj', 'return ' + a) : a;
},
/**
*/
$elemMatch: function(a) {
return parse(a);
},
/**
*/
$exists: function(a) {
return !!a;
}
};
/**
*/
function search(array, validator) {
for (var i = 0; i < array.length; i++) {
var result = get(array, i);
if (validate(validator, get(array, i))) {
return i;
}
}
return -1;
}
/**
*/
function createValidator(a, validate) {
return { a: a, v: validate };
}
/**
*/
function nestedValidator(a, b) {
var values = [];
findValues(b, a.k, 0, b, values);
if (values.length === 1) {
var first = values[0];
return validate(a.nv, first[0], first[1], first[2]);
}
// If the query contains $ne, need to test all elements ANDed together
var inclusive = a && a.q && typeof a.q.$ne !== 'undefined';
var allValid = inclusive;
for (var i = 0; i < values.length; i++) {
var result = values[i];
var isValid = validate(a.nv, result[0], result[1], result[2]);
if (inclusive) {
allValid &= isValid;
} else {
allValid |= isValid;
}
}
return allValid;
}
/**
*/
function findValues(current, keypath, index, object, values) {
if (index === keypath.length || current == void 0) {
values.push([current, keypath[index - 1], object]);
return;
}
var k = get(keypath, index);
// ensure that if current is an array, that the current key
// is NOT an array index. This sort of thing needs to work:
// sift({'foo.0':42}, [{foo: [42]}]);
if (isArray(current) && isNaN(Number(k))) {
for (var i = 0, n = current.length; i < n; i++) {
findValues(get(current, i), keypath, index, current, values);
}
} else {
findValues(get(current, k), keypath, index + 1, current, values);
}
}
/**
*/
function createNestedValidator(keypath, a, q) {
return { a: { k: keypath, nv: a, q: q }, v: nestedValidator };
}
/**
* flatten the query
*/
function isVanillaObject(value) {
return value && value.constructor === Object;
}
function parse(query) {
query = comparable(query);
if (!query || !isVanillaObject(query)) { // cross browser support
query = { $eq: query };
}
var validators = [];
for (var key in query) {
var a = query[key];
if (key === '$options') {
continue;
}
if (OPERATORS[key]) {
if (prepare[key]) a = prepare[key](a, query);
validators.push(createValidator(comparable(a), OPERATORS[key]));
} else {
if (key.charCodeAt(0) === 36) {
throw new Error('Unknown operation ' + key);
}
validators.push(createNestedValidator(key.split('.'), parse(a), a));
}
}
return validators.length === 1 ? validators[0] : createValidator(validators, OPERATORS.$and);
}
/**
*/
function createRootValidator(query, getter) {
var validator = parse(query);
if (getter) {
validator = {
a: validator,
v: function(a, b, k, o) {
return validate(a, getter(b), k, o);
}
};
}
return validator;
}
/**
*/
export default function sift(query, array, getter) {
if (isFunction(array)) {
getter = array;
array = void 0;
}
var validator = createRootValidator(query, getter);
function filter(b, k, o) {
return validate(validator, b, k, o);
}
if (array) {
return array.filter(filter);
}
return filter;
}
/**
*/
export function indexOf(query, array, getter) {
return search(array, createRootValidator(query, getter));
};
/**
*/
export function compare(a, b) {
if(a===b) return 0;
if(typeof a === typeof b) {
if (a > b) {
return 1;
}
if (a < b) {
return -1;
}
}
};

237
test/vuln-project/node_modules/sift/test/basic-test.js generated vendored Normal file
View File

@@ -0,0 +1,237 @@
import * as assert from 'assert';
import sift, {indexOf as siftIndexOf} from '..';
describe(__filename + '#', function() {
it('doesn\'t sort arrays', function () {
var values = sift({
$or: [3, 2, 1]
}, [9,8,7,6,5,4,3,2,1]);
assert.equal(values.length, 3);
assert.equal(values[0], 3);
assert.equal(values[1], 2);
assert.equal(values[2], 1);
});
it('can create a custom selector, and use it', function () {
var sifter = sift({ age: { $gt: 5}}, function (item) {
return item.person;
});
var people = [{ person: { age: 6 }}],
filtered = people.filter(sifter);
assert.equal(filtered.length, 1);
assert.equal(filtered[0], people[0]);
});
it('throws an error if the operation is invalid', function () {
var err;
try {
sift({$aaa:1})('b');
} catch (e) {
err = e;
}
assert.equal(err.message, 'Unknown operation $aaa');
});
it('can use a custom selector as the 3rd param', function () {
var people = [{ person: { age: 6 }}];
var filtered = sift({ age: { $gt: 5}}, people, function (item) {
return item.person;
});
assert.equal(filtered.length, 1);
assert.equal(filtered[0], people[0]);
});
it('can get the first index of a matching element', function () {
var index = siftIndexOf({ val: { $gt: 5}}, [{val: 4}, {val: 3}, {val: 6}, {val: 7}]);
assert.equal(index, 2);
});
it('returns -1 as index if no matching element is found', function () {
var index = siftIndexOf({ val: { $gt: 7}}, [{val: 4}, {val: 3}, {val: 6}, {val: 7}]);
assert.equal(index, -1);
});
it('can match empty arrays', function () {
var statusQuery = {$or: [{status: {$exists: false}},
{status: []},
{status: {$in: ['urgent', 'completed', 'today']}}
]};
var filtered = sift(statusQuery, [{ status: [] },
{ status: ['urgent'] },
{ status: ['nope'] }
]);
assert.equal(filtered.length, 2);
});
it('$ne: null does not hit when field is present', function(){
var sifter = sift({age: {$ne: null}});
var people = [
{age: 'matched'},
{missed: 1}
];
var filtered = people.filter(sifter);
assert.equal(filtered.length, 1);
assert.equal(filtered[0].age, 'matched');
});
it('$ne does not hit when field is different', function () {
var sifter = sift({ age: { $ne: 5 }});
var people = [{ age: 5 }],
filtered = people.filter(sifter);
assert.equal(filtered.length, 0);
});
it('$ne does hit when field exists with different value', function () {
var sifter = sift({ age: { $ne: 4 }});
var people = [{ age: 5 }],
filtered = people.filter(sifter);
assert.equal(filtered.length, 1);
});
it('$ne does hit when field does not exist', function(){
var sifter = sift({ age: { $ne: 5 }});
var people = [{}],
filtered = people.filter(sifter);
assert.equal(filtered.length, 1);
});
it('$eq matches objects that serialize to the same value', function() {
var counter = 0;
function Book(name) {
this.name = name;
this.copyNumber = counter;
this.toJSON = function() {
return this.name; // discard the copy when serializing.
};
counter += 1;
}
var warAndPeace = new Book('War and Peace');
var sifter = sift({ $eq: warAndPeace});
var books = [ new Book('War and Peace')];
var filtered = books.filter(sifter);
assert.equal(filtered.length, 1);
});
it('$neq does not match objects that serialize to the same value', function() {
var counter = 0;
function Book(name) {
this.name = name;
this.copyNumber = counter;
this.toJSON = function() {
return this.name; // discard the copy when serializing.
};
counter += 1;
}
var warAndPeace = new Book('War and Peace');
var sifter = sift({ $ne: warAndPeace});
var books = [ new Book('War and Peace')];
var filtered = books.filter(sifter);
assert.equal(filtered.length, 0);
});
// https://gist.github.com/jdnichollsc/00ea8cf1204b17d9fb9a991fbd1dfee6
it('returns a period between start and end dates', function() {
var product = {
'productTypeCode': 'productTypeEnergy',
'quantities': [
{
'period': {
'startDate': new Date('2017-01-13T05:00:00.000Z'),
'endDate': new Date('2017-01-31T05:00:00.000Z'),
'dayType': {
'normal': true,
'holiday': true
},
'specificDays': [
'monday',
'wednesday',
'friday'
],
'loadType': {
'high': true,
'medium': false,
'low': false
}
},
'type': 'DemandPercentage',
'quantityValue': '44'
},
{
'period': {
'startDate': new Date('2017-01-13T05:00:00.000Z'),
'endDate': new Date('2017-01-31T05:00:00.000Z'),
'dayType': {
'normal': true,
'holiday': true
},
'loadType': {
'high': false,
'medium': true,
'low': false
}
},
'type': 'Value',
'quantityValue': '22'
}
]
};
var period = {
'startDate': new Date('2017-01-08T05:00:00.000Z'),
'endDate': new Date('2017-01-29T05:00:00.000Z'),
'dayType': {
'normal': true,
'holiday': true
},
'loadType': {
'high': true,
'medium': false,
'low': true
},
specificPeriods : ['3', '4', '5-10']
};
var results = sift({
$and: [
{ 'period.startDate': { $lte : period.endDate } },
{ 'period.endDate': { $gte : period.startDate } }
]
}, product.quantities);
assert.equal(results.length, 2);
});
});

20
test/vuln-project/node_modules/sift/test/immutable-test.js generated vendored Normal file
View File

@@ -0,0 +1,20 @@
import * as assert from 'assert';
import * as Immutable from 'immutable';
import sift from '..';
const ObjectID = require('bson').ObjectID;
describe(__filename + '#', function() {
var topic = Immutable.List([1, 2, 3, 4, 5, 6, 6, 4, 3]);
var persons = Immutable.fromJS([{ person: {age: 3} }, { person: {age: 5} }, { person: {age: 8} }]);
it('works with Immutable.Map in a Immutable.List', function() {
assert.equal(sift({ 'person.age' : { $gt: 4 } }, persons).size, 2);
assert.equal(persons.filter(sift({ 'person.age' : { $gt: 4 } })).size, 2);
});
});

409
test/vuln-project/node_modules/sift/test/objects-test.js generated vendored Executable file
View File

@@ -0,0 +1,409 @@
import assert from 'assert';
import sift from '..';
describe(__filename + '#', function () {
var topic = [
{
name: 'craig',
age: 90001,
tags: ['coder', 'programmer', 'traveler', 'photographer'],
address: {
city: 'Minneapolis',
state: 'MN',
phone: '9999999999'
},
tags: ['photos', 'cook'],
hobbies: [
{
name: 'programming',
description: 'some desc'
},
{
name: 'cooking'
},
{
name: 'photography',
places: ['haiti', 'brazil', 'costa rica']
},
{
name: 'backpacking'
}
]
},
{
name: 'tim',
age: 90001,
tags: ['traveler', 'photographer'],
address: {
city: 'St. Paul',
state: 'MN',
phone: '765765756765'
},
tags: ['dj'],
hobbies: [
{
name: 'biking',
description: 'some desc'
},
{
name: 'DJ'
},
{
name: 'photography',
places: ['costa rica']
}
]
}
];
xit('throws error if $not is incorrect', function () {
assert.throws(function () {
sift({
$not: ['abc']
}, topic);
}, Error);
});
it('has sifted through photography in brazil count of 1', function () {
var sifted = sift({
hobbies: {
name: 'photography',
places: {
$in: ['brazil']
}
}
}, topic);
assert.equal(sifted.length, 1);
});
it('has sifted through photography in brazil, haiti, and costa rica count of 1', function () {
var sifted = sift({
hobbies: {
name: 'photography',
places: {
$all: ['brazil', 'haiti', 'costa rica']
}
}
}, topic);
assert.equal(sifted.length, 1);
assert.equal(sifted[0], topic[0]);
});
it('has a sifted hobbies of photography, cooking, or biking count of 2', function () {
var sifted = sift({
hobbies: {
name: {
$in: ['photography', 'cooking', 'biking']
}
}
}, topic);
assert.equal(sifted.length, 2);
});
it('has sifted to complex count of 2', function () {
var sifted = sift({
hobbies: {
name: 'photography',
places: {
$in: ['costa rica']
}
},
address: {
state: 'MN',
phone: {
$exists: true
}
}
}, topic);
assert.equal(sifted.length, 2);
});
it('has sifted to complex count of 0', function () {
var sifted = sift({
hobbies: {
name: 'photos',
places: {
$in: ['costa rica']
}
}
}, topic);
assert.equal(sifted.length, 0);
});
it('has sifted subobject hobbies count of 3', function () {
var sifted = sift({
'hobbies.name': 'photography'
}, topic);
assert.equal(sifted.length, 2);
});
it('has sifted dot-notation hobbies of photography, cooking, and biking count of 3', function () {
var sifted = sift({
'hobbies.name': {
$in: ['photography', 'cooking', 'biking']
}
}, topic);
assert.equal(sifted.length, 2);
});
it('has sifted to complex dot-search count of 2', function () {
var sifted = sift({
'hobbies.name': 'photography',
'hobbies.places': {
$in: ['costa rica']
},
'address.state': 'MN',
'address.phone': {
$exists: true
}
}, topic);
assert.equal(sifted.length, 2);
});
it('has sifted with selector function count of 2', function () {
var sifted = sift({
'name': 'photography',
'places': {
$in: ['costa rica']
}
}, topic, function (item) {
return item.hobbies;
});
assert.equal(sifted.length, 2);
});
describe('nesting', function () {
it('$eq for nested object', function () {
var sifted = sift({'sub.num': {'$eq': 10}}, loremArr);
assert(sifted.length > 0);
sifted.forEach(function (v) {
assert.equal(10, v.sub.num);
});
});
it('$ne for nested object', function () {
var sifted = sift({'sub.num': {'$ne': 10}}, loremArr);
assert(sifted.length > 0);
sifted.forEach(function (v) {
assert.notEqual(10, v.sub.num);
});
});
it('$regex for nested object (one missing key)', function () {
var persons = [{
id: 1,
prof: 'Mr. Moriarty'
}, {
id: 2,
prof: 'Mycroft Holmes'
}, {
id: 3,
name: 'Dr. Watson',
prof: 'Doctor'
}, {
id: 4,
name: 'Mr. Holmes',
prof: 'Detective'
}];
var q = { 'name': { '$regex': 'n' } };
var sifted = sift(q, persons);
assert.deepEqual(sifted, [{
id: 3,
name: 'Dr. Watson',
prof: 'Doctor'
}]);
});
});
describe('arrays of objects', function () {
var objects = [
{
things: [
{
id: 123
}, {
id: 456
}
]
}, {
things: [
{
id: 123
},
{
id: 789
}
]
}
];
it('$eq for array of objects, matches if at least one exists', function () {
let q = {
'things.id': 123
}
var sifted = sift(q, objects)
assert.deepEqual(sifted, objects)
let q2 = {
'things.id': 789
}
var sifted2 = sift(q2, objects)
assert.deepEqual(sifted2, [objects[1]])
})
it('$ne for array of objects, returns if none of the array elements match the query', function () {
let q = {
'things.id': {
$ne: 123
}
}
var sifted = sift(q, objects)
assert.deepEqual(sifted, [])
let q2 = {
'things.id': {
$ne: 789
}
}
var sifted2 = sift(q2, objects)
assert.deepEqual(sifted2, [objects[0]])
})
})
describe('$where', function() {
var couples = [{
name: 'SMITH',
person: [{
firstName: 'craig',
gender: 'female',
age: 29
}, {
firstName: 'tim',
gender: 'male',
age: 32
}
]
}, {
name: 'JOHNSON',
person: [{
firstName: 'emily',
gender: 'female',
age: 35
}, {
firstName: 'jacob',
gender: 'male',
age: 32
}
]
}];
it('can filter people', function() {
var results = sift({'person': {$elemMatch: { 'gender': 'female', 'age': {'$lt': 30}}}}, couples);
assert.equal(results[0].name, 'SMITH');
var results = sift({'person': {$elemMatch: { 'gender': 'male', 'age': {'$lt': 30}}}}, [couples[0]]);
assert.equal(results.length, 0);
});
});
describe('keypath', function () {
var arr = [
{
a: {
b: {
c: 1,
c2: 1
}
}
}
]
it('can be used', function () {
assert.equal(sift({'a.b.c':1})(arr[0]), true);
});
});
});
var loremArr = [
{
'num': 1,
'pum': 1,
'sub': {
'num': 1,
'pum': 1
}
},
{
'num': 2,
'pum': 2,
'sub': {
'num': 2,
'pum': 2
}
},
{
'num': 3,
'pum': 3,
'sub': {
'num': 3,
'pum': 3
}
},
{
'num': 4,
'pum': 4,
'sub': {
'num': 4,
'pum': 4
}
},
{
'num': 5,
'pum': 5,
'sub': {
'num': 5,
'pum': 5
}
},
{
'num': 6,
'pum': 6,
'sub': {
'num': 6,
'pum': 6
}
},
{
'num': 7,
'pum': 7,
'sub': {
'num': 7,
'pum': 7
}
},
{
'num': 8,
'pum': 8,
'sub': {
'num': 8,
'pum': 8
}
},
{
'num': 9,
'pum': 9,
'sub': {
'num': 9,
'pum': 9
}
},
{
'num': 10,
'pum': 10,
'sub': {
'num': 10,
'pum': 10
}
},
{
'num': 11,
'pum': 11,
'sub': {
'num': 10,
'pum': 10
}
}
];

203
test/vuln-project/node_modules/sift/test/operations-test.js generated vendored Normal file
View File

@@ -0,0 +1,203 @@
import * as assert from 'assert';
import sift from '..';
var ObjectID = require('bson').ObjectID;
describe(__filename + '#', function () {
[
// $eq
[{$eq:5}, [5,'5', 6], [5]],
['5', [5,'5', 6], ['5']],
[false, [false,'false', true], [false]],
[true, [1, true], [true]],
[0, [0,'0'], [0]],
[null, [null], [null]],
[void 0, [void 0, null], [void 0]],
[1, [2,3,4,5], []],
[1, [[1]], [[1]]],
[new Date(1), [new Date(), new Date(1), new Date(2), new Date(3)], [new Date(1)]],
[/^a/, ['a','ab','abc','b','bc'], ['a','ab','abc']],
[function(b) { return b === 1; }, [1,2,3],[1]],
[ObjectID('54dd5546b1d296a54d152e84'),[ObjectID(),ObjectID('54dd5546b1d296a54d152e84')],[ObjectID('54dd5546b1d296a54d152e84')]],
// $ne
[{$ne:5}, [5, '5', 6], ['5', 6]],
[{$ne:'5'}, ['5', 6], [6]],
[{$ne:false}, [false], []],
[{$ne:void 0}, [false, 0, '0', void 0], [false, 0, '0']],
[{$ne:/^a/}, ['a','ab','abc','b','bc'], ['b','bc']],
[{$ne:1}, [[2],[1]], [[2]]],
[{groups:{$ne:111}}, [{groups:[111,222,333,444]},{groups:[222,333,444]}],[{groups:[222,333,444]}]],
// $lt
[{$lt:5}, [3,4,5,6],[3,4]],
[{$lt:'c'}, ['a','b','c'],['a','b']],
[{$lt:null}, [-3,-4], []],
[{$lt:new Date(3)}, [new Date(1), new Date(2), new Date(3)],[new Date(1), new Date(2)]],
// $lte
[{$lte:5}, [3,4,5,6],[3,4,5]],
[{groups:{$lt:5}}, [{groups:[1,2,3,4]}, {groups:[7,8]}], [{groups:[1,2,3,4]}]],
// $gt
[{$gt:5}, [3,4,5,6],[6]],
[{$gt:null}, [3,4], []],
[{groups:{$gt:5}}, [{groups:[1,2,3,4]}, {groups:[7,8]}], [{groups:[7,8]}]],
// $gte
[{$gte:5}, [3,4,5,6],[5, 6]],
[{groups:{$gte:5}}, [{groups:[1,2,3,4]}, {groups:[7,8]}], [{groups:[7,8]}]],
// $mod
[{$mod:[2,1]}, [1,2,3,4,5,6],[1,3,5]],
[{groups:{$mod:[2,0]}}, [{groups:[1,2,3,4]}, {groups:[7,9]}], [{groups:[1,2,3,4]}]],
// $exists
[{$exists:false}, [0,false,void 0, null],[]],
[{$exists:true}, [0,false,void 0, 1, {}],[0, false, void 0, 1, {}]],
[{'a.b': {$exists: true}}, [{a: {b: 'exists'}}, {a: {c: 'does not exist'}}], [{a: {b: 'exists'}}]],
[{field: { $exists: false }}, [{a: 1}, {a: 2, field: 5}, {a: 3, field: 0}, {a: 4, field: undefined}, {a: 5}],[{a: 1}, {a: 5}]],
// $in
// TODO - {$in:[Date]} doesn't work - make it work?
[{$in:[0,false,1,'1']},[0,1,2,3,4,false],[0,1,false]],
[{$in:[1,'1','2']},['1','2','3'],['1','2']],
[{$in:[new Date(1)]},[new Date(1), new Date(2)],[new Date(1)]],
[{'a.b.status':{'$in': [0]}}, [{'a':{'b':[{'status':0}]}},{'a':{'b':[{'status':2}]}}],[{'a':{'b':[{'status':0}]}}]],
[{'a.b.status':{'$in': [0, 2]}}, [{'a':{'b':[{'status':0}]}},{'a':{'b':[{'status':2}]}}], [{'a':{'b':[{'status':0}]}},{'a':{'b':[{'status':2}]}}]],
[{'x': {$in: [{$regex: '.*aaa.*'}, {$regex: '.*bbb.*'}]}}, [{'x': {'b': 'aaa'}}, {'x': 'bbb'}, {'x': 'ccc'}, {'x': 'aaa'}], [{'x': 'bbb'}, {'x': 'aaa'}]],
[{'x': {$in: [/.*aaa.*/, /.*bbb.*/]}}, [{'x': {'b': 'aaa'}}, {'x': 'bbb'}, {'x': 'ccc'}, {'x': 'aaa'}], [{'x': 'bbb'}, {'x': 'aaa'}]],
// $nin
[{$nin:[0,false,1,'1']},[0,1,2,3,4,false],[2,3,4]],
[{$nin:[1,'1','2']},['1','2','3'],['3']],
[{$nin:[new Date(1)]},[new Date(1), new Date(2)],[new Date(2)]],
[{'root.notDefined': {$nin: [1, 2, 3]}}, [{'root': {'defined': 1337}}], [{'root': {'defined': 1337}}]],
[{'root.notDefined': {$nin: [1, 2, 3, null]}}, [{'root': {'defined': 1337}}], []],
[{'x': {$nin: [{$regex: '.*aaa.*'}, {$regex: '.*bbb.*'}]}}, [{'x': {'b': 'aaa'}}, {'x': 'bbb'}, {'x': 'ccc'}, {'x': 'aaa'}], [{'x': {'b': 'aaa'}},{'x': 'ccc'}]],
[{'x': {$nin: [/.*aaa.*/, /.*bbb.*/]}}, [{'x': {'b': 'aaa'}}, {'x': 'bbb'}, {'x': 'ccc'}, {'x': 'aaa'}], [{'x': {'b': 'aaa'}},{'x': 'ccc'}]],
// $not
[{$not:false},[0,false],[0]],
[{$not:0},[0, false, 1, 2, 3],[false, 1, 2, 3]],
[{$not:{$in:[1,2,3]}},[1,2,3,4,5,6],[4,5,6]], // with expressions
// $type
[{$type:Date}, [0,new Date(1)],[new Date(1)]],
[{$type:Number}, [0,false,1],[0,1]],
[{$type:Boolean}, [0,false, void 0],[false]],
[{$type:String}, ['1',1,false],['1']],
// $all
[{$all:[1,2,3]},[[1,2,3,4],[1,2,4]],[[1,2,3,4]]],
[{$all:[0,false]},[[0,1,2],[0,false],['0','false'],void 0],[[0,false]]],
[{$all:['1']},[[1]],[]],
[{$all:[new Date(1),new Date(2)]},[[new Date(1), new Date(2)],[new Date(1)]],[[new Date(1), new Date(2)]]],
// $size
[{$size:3},['123',[1,2,3],'1'],['123',[1,2,3]]],
[{$size:1},['123',[1,2,3],'1', void 0],['1']],
// $or
[{$or:[1,2,3]},[1,2,3,4],[1,2,3]],
[{$or:[{$ne:1},2]},[1,2,3,4,5,6],[2,3,4,5,6]],
// $nor
[{$nor:[1,2,3]},[1,2,3,4],[4]],
[{$nor:[{$ne:1},2]},[1,2,3,4,5,6],[1]],
// $and
[{$and:[{$gt:1},{$lt:4}]},[1,2,3,4],[2,3]],
[{$and: [{field: {$not: {$type: String}}}, {field: {$ne: null}}]}, [{a: 1, field: 1}, {a: 2, field: '2'}], [{a: 1, field: 1}]],
// $regex
[{$regex:'^a'},['a','ab','abc','bc','bcd'],['a','ab','abc']],
[{a:{$regex:'b|c'}}, [{a:['b']},{a:['c']},{a:'c'},{a:'d'}], [{a:['b']},{a:['c']},{a:'c'}]],
[{ folder: { $regex:'^[0-9]{4}$' }}, [{ folder:['1234','3212'] }], [{ folder:['1234','3212'] }]],
// $options
[{$regex:'^a', $options: 'i'},['a','Ab','abc','bc','bcd'],['a','Ab','abc']],
[{'text':{'$regex':'.*lis.*','$options':'i'}}, [{text:['Bob','Melissa','Joe','Sherry']}], [{text:['Bob','Melissa','Joe','Sherry']}]],
// undefined
[{$regex:'a'},[undefined, null, true, false, 0, 'aa'],['aa']],
[/a/,[undefined, null, true, false, 0, 'aa'],['aa']],
[/.+/,[undefined, null, true, false, 0, 'aa', {}],['aa']],
// Multiple conditions on an undefined root
[{'a.b': {$exists: true, $nin: [null]}}, [{a: {b: 'exists'}}, {a: {c: 'does not exist'}}], [{a: {b: 'exists'}}]],
// $where
[{$where:function () { return this.v === 1 }}, [{v:1},{v:2}],[{v:1}]],
[{$where:'this.v === 1'}, [{v:1},{v:2}],[{v:1}]],
[{$where:'obj.v === 1'}, [{v:1},{v:2}],[{v:1}]],
// $elemMatch
//{'person': {'$elemMatch': {'gender': 'male', 'age': {'$lt': 30}}}}
[
{a:{$elemMatch:{b:1,c:2}}},
[{a:{b:1,c:2}},{a:[{b:1,c:2,d:3}]},{a:{b:2,c:3}}], [{a:{b:1,c:2}},{a:[{b:1,c:2,d:3}]}]
],
[{a:{$elemMatch:{b:2,c:{$gt:2}}}}, [{a:{b:1,c:2}},{a:{b:1,c:2,d:3}},[{a:{b:2,c:3}}]], [[{a:{b:2,c:3}}]]],
[
{tags: {$all: [{$elemMatch: {a: 1}}]}},
[{tags: [{a: 1}]}, {tags: [{a: 1}, {b: 1}]}], [{tags: [{a: 1}]}, {tags: [{a: 1}, {b: 1}]}]
],
// dot-notation
[
{'a.b': /c/ },
[{a:{b:'c'}}, {a:{b:'cd'}}, {'a.b':'c'},{a:{b:'e'}}],
[{a:{b:'c'}}, {a:{b:'cd'}}]
],
[
{'foo.0': 'baz' },
[{foo:['bar', 'baz']}, {foo:['baz', 'bar']}],
[{foo:['baz', 'bar']}]
],
[
{'foo.0.name': 'baz' },
[{foo:[{ name: 'bar' }, { name: 'baz' }]}, {foo:[{ name: 'baz' }, { name: 'bar' }]}],
[{foo:[{ name: 'baz' }, { name: 'bar' }]}]
],
// object.toString() tests
[
{ $in: [{ toString: function(){ return 'a'; }}]},
[{toString: function(){ return 'a'; }}, {toString: function(){ return 'b' }}],
[{toString: function(){ return 'a'; }}]
],
[
{ $in: [{}]},
[{}, {}],
[]
],
// various comparisons
[
{ c: { d: 'd' }},
[{ a: 'b', b: 'c', c: { d: 'd', e: 'e' }}, { c: { d: 'e' }}],
[{ a: 'b', b: 'c', c: { d: 'd', e: 'e' }}]
],
// based on https://gist.github.com/jdnichollsc/00ea8cf1204b17d9fb9a991fbd1dfee6
[
{ $and: [{ 'a.s': { $lte: new Date('2017-01-29T05:00:00.000Z') }}, {'a.e': { $gte: new Date('2017-01-08T05:00:00.000Z') }}]},
[{ a: { s: new Date('2017-01-13T05:00:00.000Z'), e: new Date('2017-01-31T05:00:00.000Z') }}],
[{ a: { s: new Date('2017-01-13T05:00:00.000Z'), e: new Date('2017-01-31T05:00:00.000Z') }}]
],
].forEach(function (operation, i) {
var filter = operation[0];
var array = operation[1];
var matchArray = operation[2];
it(i + ': ' + JSON.stringify(filter), function() {
assert.equal(JSON.stringify(array.filter(sift(filter))), JSON.stringify(matchArray));
});
});
});

8
test/vuln-project/node_modules/sift/tsconfig.json generated vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"compilerOptions": {
"target": "es6",
"moduleResolution": "node",
"module": "commonjs",
"allowSyntheticDefaultImports": true
}
}

23
test/vuln-project/node_modules/sift/webpack.config.js generated vendored Normal file
View File

@@ -0,0 +1,23 @@
const {resolve} = require('path');
const fs = require('fs');
module.exports = {
devtool: 'none',
mode: 'production',
entry: {
index: [__dirname + '/lib/index.js']
},
output: {
path: __dirname,
library: 'sift',
libraryTarget: 'umd',
filename: 'sift.min.js'
},
resolve: {
extensions: ['.js']
},
module: {
rules: [
]
}
};

4016
test/vuln-project/node_modules/sift/yarn.lock generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff