diff --git a/package.json b/package.json index a6c0e96..dab37bf 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "graphql-query-purifier", - "version": "1.0.17", + "version": "1.0.18", "description": "A small library to match .gql queries vs user input. Removes fields from user requests that are not expected by your frontend code.", "main": "./dist/index.js", "author": "multipliedtwice", @@ -27,14 +27,14 @@ "homepage": "https://github.com/multipliedtwice/graphql-query-purifier#readme", "devDependencies": { "@types/express": "^4.17.21", - "@types/jest": "^29.5.7", - "@types/node": "^20.8.10", - "eslint": "^8.53.0", + "@types/jest": "^29.5.11", + "@types/node": "^20.10.6", + "eslint": "^8.56.0", "graphql": "^16.8.1", "jest": "^29.7.0", - "prettier": "^3.0.3", - "terser": "^5.24.0", + "prettier": "^3.1.1", + "terser": "^5.26.0", "ts-jest": "^29.1.1", - "typescript": "^5.2.2" + "typescript": "^5.3.3" } -} \ No newline at end of file +} diff --git a/src/index.ts b/src/index.ts index ac971c0..7d08df4 100644 --- a/src/index.ts +++ b/src/index.ts @@ -148,7 +148,15 @@ export class GraphQLQueryPurifier { this.debug ); - // Existing code... + if (!filteredQuery.trim()) { + console.warn( + `Query was blocked due to security rules: ${req.body.query}` + ); + req.body.query = '{ __typename }'; + delete req.body.operationName; + } else { + req.body.query = filteredQuery; + } } else { console.warn(`Query was blocked: ${req.body.query}`); req.body.query = '{ __typename }'; // Replace with a minimal query diff --git a/yarn.lock b/yarn.lock index 0f9c429..8d741ca 100644 --- a/yarn.lock +++ b/yarn.lock @@ -433,9 +433,9 @@ __metadata: languageName: node linkType: hard -"@eslint/eslintrc@npm:^2.1.3": - version: 2.1.3 - resolution: "@eslint/eslintrc@npm:2.1.3" +"@eslint/eslintrc@npm:^2.1.4": + version: 2.1.4 + resolution: "@eslint/eslintrc@npm:2.1.4" dependencies: ajv: ^6.12.4 debug: ^4.3.2 @@ -446,14 +446,14 @@ __metadata: js-yaml: ^4.1.0 minimatch: ^3.1.2 strip-json-comments: ^3.1.1 - checksum: 5c6c3878192fe0ddffa9aff08b4e2f3bcc8f1c10d6449b7295a5f58b662019896deabfc19890455ffd7e60a5bd28d25d0eaefb2f78b2d230aae3879af92b89e5 + checksum: 10957c7592b20ca0089262d8c2a8accbad14b4f6507e35416c32ee6b4dbf9cad67dfb77096bbd405405e9ada2b107f3797fe94362e1c55e0b09d6e90dd149127 languageName: node linkType: hard -"@eslint/js@npm:8.54.0": - version: 8.54.0 - resolution: "@eslint/js@npm:8.54.0" - checksum: 6d88a6f711ef0133566b5340e3178a178fbb297585766460f195d0a9db85688f1e5cf8559fd5748aeb3131e2096c66595b323d8edab22df015acda68f1ebde92 +"@eslint/js@npm:8.56.0": + version: 8.56.0 + resolution: "@eslint/js@npm:8.56.0" + checksum: 5804130574ef810207bdf321c265437814e7a26f4e6fac9b496de3206afd52f533e09ec002a3be06cd9adcc9da63e727f1883938e663c4e4751c007d5b58e539 languageName: node linkType: hard @@ -1004,13 +1004,13 @@ __metadata: languageName: node linkType: hard -"@types/jest@npm:^29.5.7": - version: 29.5.8 - resolution: "@types/jest@npm:29.5.8" +"@types/jest@npm:^29.5.11": + version: 29.5.11 + resolution: "@types/jest@npm:29.5.11" dependencies: expect: ^29.0.0 pretty-format: ^29.0.0 - checksum: ca8438a5b4c098c8c023e9d5b279ea306494a1d0b5291cfb498100fa780377145f068b2a021d545b0398bbe0328dcc37044dd3aaf3c6c0fe9b0bef7b46a63453 + checksum: f892a06ec9f0afa9a61cd7fa316ec614e21d4df1ad301b5a837787e046fcb40dfdf7f264a55e813ac6b9b633cb9d366bd5b8d1cea725e84102477b366df23fdd languageName: node linkType: hard @@ -1028,7 +1028,7 @@ __metadata: languageName: node linkType: hard -"@types/node@npm:*, @types/node@npm:^20.8.10": +"@types/node@npm:*": version: 20.9.2 resolution: "@types/node@npm:20.9.2" dependencies: @@ -1037,6 +1037,15 @@ __metadata: languageName: node linkType: hard +"@types/node@npm:^20.10.6": + version: 20.10.6 + resolution: "@types/node@npm:20.10.6" + dependencies: + undici-types: ~5.26.4 + checksum: ada40e4ccbda3697dca88f8d13f4c996c493be6fbc15f5f5d3b91096d56bd700786a2c148a92a2b4c5d1f133379e63f754a786b3aebfc6a7d09fc7ea16dc017b + languageName: node + linkType: hard + "@types/qs@npm:*": version: 6.9.10 resolution: "@types/qs@npm:6.9.10" @@ -1772,14 +1781,14 @@ __metadata: languageName: node linkType: hard -"eslint@npm:^8.53.0": - version: 8.54.0 - resolution: "eslint@npm:8.54.0" +"eslint@npm:^8.56.0": + version: 8.56.0 + resolution: "eslint@npm:8.56.0" dependencies: "@eslint-community/eslint-utils": ^4.2.0 "@eslint-community/regexpp": ^4.6.1 - "@eslint/eslintrc": ^2.1.3 - "@eslint/js": 8.54.0 + "@eslint/eslintrc": ^2.1.4 + "@eslint/js": 8.56.0 "@humanwhocodes/config-array": ^0.11.13 "@humanwhocodes/module-importer": ^1.0.1 "@nodelib/fs.walk": ^1.2.8 @@ -1816,7 +1825,7 @@ __metadata: text-table: ^0.2.0 bin: eslint: bin/eslint.js - checksum: 7e876e9da2a18a017271cf3733d05a3dfbbe469272d75753408c6ea5b1646c71c6bb18cb91e10ca930144c32c1ce3701e222f1ae6784a3975a69f8f8aa68e49f + checksum: 883436d1e809b4a25d9eb03d42f584b84c408dbac28b0019f6ea07b5177940bf3cca86208f749a6a1e0039b63e085ee47aca1236c30721e91f0deef5cc5a5136 languageName: node linkType: hard @@ -2174,15 +2183,15 @@ __metadata: resolution: "graphql-query-purifier@workspace:." dependencies: "@types/express": ^4.17.21 - "@types/jest": ^29.5.7 - "@types/node": ^20.8.10 - eslint: ^8.53.0 + "@types/jest": ^29.5.11 + "@types/node": ^20.10.6 + eslint: ^8.56.0 graphql: ^16.8.1 jest: ^29.7.0 - prettier: ^3.0.3 - terser: ^5.24.0 + prettier: ^3.1.1 + terser: ^5.26.0 ts-jest: ^29.1.1 - typescript: ^5.2.2 + typescript: ^5.3.3 languageName: unknown linkType: soft @@ -3552,12 +3561,12 @@ __metadata: languageName: node linkType: hard -"prettier@npm:^3.0.3": - version: 3.1.0 - resolution: "prettier@npm:3.1.0" +"prettier@npm:^3.1.1": + version: 3.1.1 + resolution: "prettier@npm:3.1.1" bin: prettier: bin/prettier.cjs - checksum: 44b556bd56f74d7410974fbb2418bb4e53a894d3e7b42f6f87779f69f27a6c272fa7fc27cec0118cd11730ef3246478052e002cbd87e9a253f9cd04a56aa7d9b + checksum: e386855e3a1af86a748e16953f168be555ce66d6233f4ba54eb6449b88eb0c6b2ca79441b11eae6d28a7f9a5c96440ce50864b9d5f6356d331d39d6bb66c648e languageName: node linkType: hard @@ -3994,9 +4003,9 @@ __metadata: languageName: node linkType: hard -"terser@npm:^5.24.0": - version: 5.24.0 - resolution: "terser@npm:5.24.0" +"terser@npm:^5.26.0": + version: 5.26.0 + resolution: "terser@npm:5.26.0" dependencies: "@jridgewell/source-map": ^0.3.3 acorn: ^8.8.2 @@ -4004,7 +4013,7 @@ __metadata: source-map-support: ~0.5.20 bin: terser: bin/terser - checksum: d88f774b6fa711a234fcecefd7657f99189c367e17dbe95a51c2776d426ad0e4d98d1ffe6edfdf299877c7602e495bdd711d21b2caaec188410795e5447d0f6c + checksum: 02a9bb896f04df828025af8f0eced36c315d25d310b6c2418e7dad2bed19ddeb34a9cea9b34e7c24789830fa51e1b6a9be26679980987a9c817a7e6d9cd4154b languageName: node linkType: hard @@ -4112,23 +4121,23 @@ __metadata: languageName: node linkType: hard -"typescript@npm:^5.2.2": - version: 5.2.2 - resolution: "typescript@npm:5.2.2" +"typescript@npm:^5.3.3": + version: 5.3.3 + resolution: "typescript@npm:5.3.3" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 7912821dac4d962d315c36800fe387cdc0a6298dba7ec171b350b4a6e988b51d7b8f051317786db1094bd7431d526b648aba7da8236607febb26cf5b871d2d3c + checksum: 2007ccb6e51bbbf6fde0a78099efe04dc1c3dfbdff04ca3b6a8bc717991862b39fd6126c0c3ebf2d2d98ac5e960bcaa873826bb2bb241f14277034148f41f6a2 languageName: node linkType: hard -"typescript@patch:typescript@^5.2.2#~builtin": - version: 5.2.2 - resolution: "typescript@patch:typescript@npm%3A5.2.2#~builtin::version=5.2.2&hash=f3b441" +"typescript@patch:typescript@^5.3.3#~builtin": + version: 5.3.3 + resolution: "typescript@patch:typescript@npm%3A5.3.3#~builtin::version=5.3.3&hash=29ae49" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 0f4da2f15e6f1245e49db15801dbee52f2bbfb267e1c39225afdab5afee1a72839cd86000e65ee9d7e4dfaff12239d28beaf5ee431357fcced15fb08583d72ca + checksum: f61375590b3162599f0f0d5b8737877ac0a7bc52761dbb585d67e7b8753a3a4c42d9a554c4cc929f591ffcf3a2b0602f65ae3ce74714fd5652623a816862b610 languageName: node linkType: hard