1.1.0 โข Published 8 months ago
@lock-sdk/payload-guard v1.1.0
๐ก Payload Guard
A smart and extensible request payload inspection module for the Lock Security Framework. Protect your APIs and web services from malicious input patterns like XSS, SQLi, command injection, SSRF, and more โ with configurable modes, caching, and field-level filtering.
๐ Features
- ๐งช Detects XSS, SQLi, SSRF, command/path/template injections
- โ๏ธ Supports
query,params,body,headers, andcookies - ๐ Block or detect mode per environment
- ๐ฆ Smart LRU caching to avoid reprocessing
๐ Usage
Basic Example (block malicious content)
import { secure, payloadGuard } from '@lock-sdk/main';
const middleware = secure()(
payloadGuard({
detectXSS: true,
detectSQLi: true,
detectSSRF: true,
})
);โ๏ธ Configuration
| Option | Type | Default | Description |
|---|---|---|---|
mode | 'block' | 'detect' | 'block' | Block immediately or just log/detect |
blockStatusCode | number | 403 | Status code when blocked |
blockMessage | string | 'Request blocked due to potential security threat' | Error message for blocked responses |
checkParts | ('params' | 'query' | 'body' | 'headers' | 'cookies')[] | ['params', 'query', 'body', 'headers'] | Request parts to inspect |
excludeHeaders | string[] | ['authorization', 'cookie', 'set-cookie'] | Headers to ignore |
excludeFields | string[][] | JSON keys to skip during inspection | |
detectXSS | boolean | true | Enable XSS detection |
detectSQLi | boolean | true | Enable SQL injection detection |
detectSSRF | boolean | true | Enable SSRF detection |
detectCommandInjection | boolean | true | Enable shell injection detection |
detectPathTraversal | boolean | true | Enable ../ and file path traversal detection |
enableCaching | boolean | true | Enable LRU-based payload caching |
cacheTtl | number (ms) | 3600000 | Cache expiration time |
cacheSize | number | 10000 | Max entries in cache |
failBehavior | 'open' | 'closed' | 'open' | What to do if the module throws internally |
๐ก Maintained By
Lock Team