Skip to content

Commit

Permalink
fix: review feedback and add input validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@ernestoteo
ernestoteo committed Nov 20, 2024
1 parent 9349743 commit f2444ed
Show file tree
Hide file tree
Showing 10 changed files with 142 additions and 83 deletions.
11 changes: 10 additions & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@
"fs-extra": "^11.1.0",
"inquirer": "^8.2.5",
"jest-junit": "^16.0.0",
"luxon": "^3.3.0"
"luxon": "^3.3.0",
"validator": "^13.12.0"
},
"config": {
"commitizen": {
Expand Down
87 changes: 32 additions & 55 deletions src/add-item.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ const inquirer = require('inquirer');
const utils = require('./common');
const path = require('path');
const fs = require('fs-extra');
const validator = require('validator');

/**
* Config
Expand Down Expand Up @@ -39,7 +40,7 @@ async function getItemConfig(configs) {
if (!argv[14]){
return true;
}
answers.form = argv[14];
answers.form = validator.escape(argv[14]);
return false;
}
}
Expand All @@ -63,7 +64,7 @@ async function getItemConfig(configs) {
if (!argv[15]){
return true;
}
answers.isAlwaysCurrent = argv[15];
answers.isAlwaysCurrent = validator.escape(argv[15]);
return false;
}
}
Expand All @@ -80,7 +81,7 @@ async function getItemConfig(configs) {
if (!argv[16]){
return true;
}
answers.reportedDate = argv[16];
answers.reportedDate = validator.escape(argv[16]);
return false;
}
}
Expand Down Expand Up @@ -119,7 +120,7 @@ async function getItemConfig(configs) {
if (!argv[17]){
return true;
}
answers.item = argv[17];
answers.item = validator.escape(argv[17]);
return false;
}
}]);
Expand Down Expand Up @@ -165,7 +166,7 @@ async function getItemConfig(configs) {
if (!argv[17]){
return true;
}
answers.name = argv[17];
answers.name = validator.escape(argv[17]);
return false;
}
},
Expand All @@ -178,26 +179,13 @@ async function getItemConfig(configs) {
if (!argv[18]){
return true;
}
let answer = {};
argv[18].split(',').forEach(el => {
switch(language){
case 'en':
answer = {
label: {
'en': el
}
};
break;
case 'fr':
answer = {
label: {
'fr': el
}
};
break;
const answer = {
label: {
'en': validator.escape(argv[18].split(',')[0]),
'fr': validator.escape(argv[18].split(',')[1]),
}
});
};

Object.assign(answers, answer);
return false;
}
Expand All @@ -211,23 +199,12 @@ async function getItemConfig(configs) {
if (!argv[19]){
return true;
}
let answer = {};
switch(language){
case 'en':
answer = {
description: {
'en': argv[19].split(',')[0]
}
};
break;
case 'fr':
answer = {
description: {
'fr': argv[19].split(',')[1]
}
};
break;
}
const answer = {
description: {
'en': validator.escape(argv[19].split(',')[0]),
'fr': validator.escape(argv[19].split(',')[1])
}
};

Object.assign(answers, answer);
return false;
Expand All @@ -246,7 +223,7 @@ async function getItemConfig(configs) {
if (!argv[20]){
return true;
}
answers.name = argv[20];
answers.name = validator.escape(argv[20]);
return false;
}
},
Expand All @@ -261,8 +238,8 @@ async function getItemConfig(configs) {
}
const answer = {
label: {
'en': argv[21].split(',')[0],
'fr': argv[21].split(',')[1]
'en': validator.escape(argv[21].split(',')[0]),
'fr': validator.escape(argv[21].split(',')[1])
}
};
Object.assign(answers, answer);
Expand All @@ -279,7 +256,7 @@ async function getItemConfig(configs) {
if (!argv[22]){
return true;
}
answers.isInSet = argv[22];
answers.isInSet = validator.escape(argv[22]);
return false;
}
},
Expand All @@ -299,8 +276,8 @@ async function getItemConfig(configs) {
const answer = {
set:{
label: {
'en': argv[23].split(',')[0],
'fr': argv[23].split(',')[1]
'en': validator.escape(argv[23].split(',')[0]),
'fr': validator.escape(argv[23].split(',')[1])
}
}
};
Expand All @@ -319,7 +296,7 @@ async function getItemConfig(configs) {
return true;
}

answers.set.count = argv[24];
answers.set.count = validator.escape(argv[24]);
return false;
}
},
Expand All @@ -339,8 +316,8 @@ async function getItemConfig(configs) {
const answer = {
unit:{
label: {
'en': argv[25].split(',')[0],
'fr': argv[25].split(',')[1]
'en': validator.escape(argv[25].split(',')[0]),
'fr': validator.escape(argv[25].split(',')[1])
}
}
};
Expand All @@ -358,7 +335,7 @@ async function getItemConfig(configs) {
if (!argv[26]){
return true;
}
answers.warning_total = argv[26];
answers.warning_total = validator.escape(argv[26]);
return false;
}
},
Expand All @@ -371,7 +348,7 @@ async function getItemConfig(configs) {
if (!argv[27]){
return true;
}
answers.danger_total = argv[27];
answers.danger_total = validator.escape(argv[27]);
return false;
}
},
Expand All @@ -385,7 +362,7 @@ async function getItemConfig(configs) {
if (!argv[28]){
return true;
}
answers.max_total = argv[28];
answers.max_total = validator.escape(argv[28]);
return false;
}
}
Expand Down Expand Up @@ -416,7 +393,7 @@ async function getItemConfig(configs) {
if (!argv[29]){
return true;
}
answers.deduction_type = argv[29];
answers.deduction_type = validator.escape(argv[29]);
return false;
}
}
Expand All @@ -432,7 +409,7 @@ async function getItemConfig(configs) {
if (!argv[30]){
return true;
}
answers.formular = argv[30];
answers.formular = validator.escape(argv[30]);
return false;
}
}
Expand Down
10 changes: 6 additions & 4 deletions src/features/stock-out.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ const path = require('path');
const fs = require('fs-extra');
const ExcelJS = require('exceljs');
const inquirer = require('inquirer');
const validator = require('validator');

const { getNoLabelsColums, getTranslations, getRowWithValueAtPosition, getNumberOfSteps, buildRowValues, getSheetGroupBeginEnd,
getItemCount
} = require('../common');
Expand Down Expand Up @@ -269,7 +271,7 @@ async function getStockOutConfigs({
if (!argv[5]){
return true;
}
answers.form_name = argv[5];
answers.form_name = validator.escape(argv[5]);
return false;
}
},
Expand All @@ -292,7 +294,7 @@ async function getStockOutConfigs({
if (!argv[6]){
return true;
}
answers.formular = argv[6];
answers.formular = validator.escape(argv[6]);
return false;
}
},
Expand All @@ -308,8 +310,8 @@ async function getStockOutConfigs({
}
const answer = {
title:{
'en': argv[7].split(',')[0],
'fr': argv[7].split(',')[1]
'en': validator.escape(argv[7].split(',')[0]),
'fr': validator.escape(argv[7].split(',')[1])
}
};
Object.assign(answers, answer);
Expand Down
25 changes: 13 additions & 12 deletions src/init.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ const chalk = require('chalk');
const utils = require('./common');
const inquirer = require('inquirer');
const { getStockCountConfigs } = require('./features/stock-count');
const validator = require('validator');

async function getInitConfigs() {
const appSettings = utils.getAppSettings();
Expand Down Expand Up @@ -30,7 +31,7 @@ async function getInitConfigs() {
when: function (answers) {
const argv = process.argv;
if (argv[3] === '2_levels') {
answers.monitoring_type = argv[3];
answers.monitoring_type = validator.escape(argv[3]);
return false;
}
return true;
Expand Down Expand Up @@ -78,16 +79,16 @@ async function getInitConfigs() {
case 1:
answer = {
1: {
contact_type: argv[4],
role: argv[5]
contact_type: validator.escape(argv[4]),
role: validator.escape(argv[5])
}
};
break;
case 2:
answer = {
2: {
contact_type: argv[6],
role: argv[7]
contact_type: validator.escape(argv[6]),
role: validator.escape(argv[7])
}
};
break;
Expand All @@ -112,16 +113,16 @@ async function getInitConfigs() {
case 1:
answer = {
1: {
contact_type: argv[4],
role: argv[5]
contact_type: validator.escape(argv[4]),
role: validator.escape(argv[5])
}
};
break;
case 2:
answer = {
2: {
contact_type: argv[6],
role: argv[7]
contact_type: validator.escape(argv[6]),
role: validator.escape(argv[7])
}
};
break;
Expand Down Expand Up @@ -155,21 +156,21 @@ async function getInitConfigs() {
case 1:
answer = {
1: {
parent: argv[10],
parent: validator.escape(argv[10]),
}
};
break;
case 2:
answer = {
2: {
parent: argv[10],
parent: validator.escape(argv[10]),
}
};
break;
case 3:
answer = {
3: {
parent: argv[10],
parent: validator.escape(argv[10]),
}
};
break;
Expand Down
Loading

0 comments on commit f2444ed

Please sign in to comment.