heath impl

2025-04-02 19:31:13 -03:00
parent 15bb11fc4c
commit 8ba6f345c7
32 changed files with 2620 additions and 395 deletions
--- a/src/common/middlewares/dist/request-sanitizer.middleware.js
+++ b/src/common/middlewares/dist/request-sanitizer.middleware.js
@@ -0,0 +1,54 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+exports.__esModule = true;
+exports.RequestSanitizerMiddleware = void 0;
+var common_1 = require("@nestjs/common");
+var RequestSanitizerMiddleware = /** @class */ (function () {
+    function RequestSanitizerMiddleware() {
+    }
+    RequestSanitizerMiddleware.prototype.use = function (req, res, next) {
+        if (req.headers) {
+            this.sanitizeObject(req.headers);
+        }
+        if (req.query) {
+            this.sanitizeObject(req.query);
+        }
+        if (req.body) {
+            this.sanitizeObject(req.body);
+        }
+        next();
+    };
+    RequestSanitizerMiddleware.prototype.sanitizeObject = function (obj) {
+        var _this = this;
+        Object.keys(obj).forEach(function (key) {
+            if (typeof obj[key] === 'string') {
+                obj[key] = _this.sanitizeString(obj[key]);
+            }
+            else if (typeof obj[key] === 'object' && obj[key] !== null) {
+                _this.sanitizeObject(obj[key]);
+            }
+        });
+    };
+    RequestSanitizerMiddleware.prototype.sanitizeString = function (str) {
+        // Remover tags HTML básicas
+        str = str.replace(/<(|\/|[^>\/bi]|\/[^>bi]|[^\/>][^>]+|\/[^>][^>]+)>/g, '');
+        // Remover scripts JavaScript
+        str = str.replace(/javascript:/g, '');
+        str = str.replace(/on\w+=/g, '');
+        // Remover comentários HTML
+        str = str.replace(/<!--[\s\S]*?-->/g, '');
+        // Sanitizar caracteres especiais para evitar SQL injection
+        str = str.replace(/'/g, "''");
+        return str;
+    };
+    RequestSanitizerMiddleware = __decorate([
+        common_1.Injectable()
+    ], RequestSanitizerMiddleware);
+    return RequestSanitizerMiddleware;
+}());
+exports.RequestSanitizerMiddleware = RequestSanitizerMiddleware;