Skip to content

Commit

Permalink
Merge pull request #4173 from alphagov/PP-12167-Update-Joi-to-fix-hoe…
Browse files Browse the repository at this point in the history 
…k-vulnerability

PP-12167 Update joi to resolve hoek vulnerability
  • Loading branch information
@james-peacock-gds
james-peacock-gds authored Feb 9, 2024
2 parents 1e6f4cb + 5f3a7b2 commit 87c7cf2
Show file tree
Hide file tree
Showing 10 changed files with 104 additions and 86 deletions.
6 changes: 3 additions & 3 deletions app/services/clients/stripe/StripeAccount.class.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@

const Joi = require('joi')

const schema = {
const schema = Joi.object({
url: Joi.string().optional(),
entity_verification_document_id: Joi.string().optional()
}
})

class StripeAccount {
constructor (body) {
const params = Object.assign({}, body)

const { error, value: model } = Joi.validate(params, schema, { allowUnknown: true, stripUnknown: true })
const { error, value: model } = schema.validate(params, { allowUnknown: true, stripUnknown: true })

if (error) {
throw new Error(`StripeAccount ${error.details[0].message}`)
Expand Down
6 changes: 3 additions & 3 deletions app/services/clients/stripe/StripeBankAccount.class.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@

const Joi = require('joi')

const schema = {
const schema = Joi.object({
bank_account_sort_code: Joi.string().required(),
bank_account_number: Joi.string().required()
}
})

class StripeBankAccount {
constructor (body) {
const params = Object.assign({}, body)
const { error, value: model } = Joi.validate(params, schema, { allowUnknown: true, stripUnknown: true })
const { error, value: model } = schema.validate(params, { allowUnknown: true, stripUnknown: true })

if (error) {
throw new Error(`StripeBankAccount ${error.details[0].message}`)
Expand Down
6 changes: 3 additions & 3 deletions app/services/clients/stripe/StripeCompany.class.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,17 @@

const Joi = require('joi')

const schema = {
const schema = Joi.object({
vat_id: Joi.string().optional(),
tax_id: Joi.string().optional(),
directors_provided: Joi.boolean().optional(),
executives_provided: Joi.boolean().optional()
}
})

class StripeCompany {
constructor (body) {
const params = Object.assign({}, body)
const { error, value: model } = Joi.validate(params, schema)
const { error, value: model } = schema.validate(params)

if (error) {
throw new Error(`StripeCompany ${error.details[0].message}`)
Expand Down
6 changes: 3 additions & 3 deletions app/services/clients/stripe/StripeDirector.class.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,21 @@

const Joi = require('joi')

const schema = {
const schema = Joi.object({
first_name: Joi.string().required(),
last_name: Joi.string().required(),
email: Joi.string().required(),
dob_day: Joi.number().integer().strict().min(1).max(31),
dob_month: Joi.number().integer().strict().min(1).max(12),
dob_year: Joi.number().integer().strict().min(1900).max(2100),
relationship: Joi.string().optional()
}
})

class StripeDirector {
constructor (body) {
const params = Object.assign({}, body)

const { error, value: model } = Joi.validate(params, schema, { allowUnknown: true, stripUnknown: true })
const { error, value: model } = schema.validate(params, { allowUnknown: true, stripUnknown: true })

if (error) {
throw new Error(`StripeDirector ${error.details[0].message}`)
Expand Down
6 changes: 3 additions & 3 deletions app/services/clients/stripe/StripeDirector.class.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ describe('StripeDirector', () => {
dob_day: 0,
dob_month: dobMonth,
dob_year: dobYear
})).to.throw('StripeDirector "dob_day" must be larger than or equal to 1')
})).to.throw('StripeDirector "dob_day" must be greater than or equal to 1')
})

it('Should throw error when day is more than 31', () => {
Expand All @@ -128,7 +128,7 @@ describe('StripeDirector', () => {
dob_day: dobDay,
dob_month: 0,
dob_year: dobYear
})).to.throw('StripeDirector "dob_month" must be larger than or equal to 1')
})).to.throw('StripeDirector "dob_month" must be greater than or equal to 1')
})

it('Should throw error when month is larger than 12', () => {
Expand All @@ -151,7 +151,7 @@ describe('StripeDirector', () => {
dob_day: dobDay,
dob_month: dobMonth,
dob_year: 999
})).to.throw('StripeDirector "dob_year" must be larger than or equal to 1900')
})).to.throw('StripeDirector "dob_year" must be greater than or equal to 1900')
})

it('Should throw error when year is more than 9999', () => {
Expand Down
6 changes: 3 additions & 3 deletions app/services/clients/stripe/StripeOrganisationDetails.class.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

const Joi = require('joi')

const schema = {
const schema = Joi.object({
name: Joi.string().required(),
address_line1: Joi.string().required(),
address_line2: Joi.string().optional(),
Expand All @@ -11,13 +11,13 @@ const schema = {
address_country: Joi.string().required(),
telephone_number: Joi.string().optional(),
url: Joi.string().optional()
}
})

class StripeOrganisationDetails {
constructor (body) {
const params = Object.assign({}, body)

const { error, value: model } = Joi.validate(params, schema, { allowUnknown: true, stripUnknown: true })
const { error, value: model } = schema.validate(params, { allowUnknown: true, stripUnknown: true })

if (error) {
throw new Error(`StripeOrganisationDetails ${error.details[0].message}`)
Expand Down
6 changes: 3 additions & 3 deletions app/services/clients/stripe/StripePerson.class.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

const Joi = require('joi')

const schema = {
const schema = Joi.object({
first_name: Joi.string().required(),
last_name: Joi.string().required(),
address_line1: Joi.string().required(),
Expand All @@ -14,12 +14,12 @@ const schema = {
dob_year: Joi.number().integer().strict().min(1000).max(9999),
phone: Joi.string().optional(),
email: Joi.string().optional()
}
})

class StripePerson {
constructor (body) {
const params = Object.assign({}, body)
const { error, value: model } = Joi.validate(params, schema, { allowUnknown: true, stripUnknown: true })
const { error, value: model } = schema.validate(params, { allowUnknown: true, stripUnknown: true })

if (error) {
throw new Error(`StripePerson ${error.details[0].message}`)
Expand Down
6 changes: 3 additions & 3 deletions app/services/clients/stripe/StripePerson.class.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ describe('StripePerson', () => {
dob_day: 0,
dob_month: dobMonth,
dob_year: dobYear
})).to.throw('StripePerson "dob_day" must be larger than or equal to 1')
})).to.throw('StripePerson "dob_day" must be greater than or equal to 1')
})

it('should fail when day is more than 31', () => {
Expand All @@ -238,7 +238,7 @@ describe('StripePerson', () => {
dob_day: dobDay,
dob_month: 0,
dob_year: dobYear
})).to.throw('StripePerson "dob_month" must be larger than or equal to 1')
})).to.throw('StripePerson "dob_month" must be greater than or equal to 1')
})

it('should fail when month is larger than 12', () => {
Expand All @@ -264,7 +264,7 @@ describe('StripePerson', () => {
dob_day: dobDay,
dob_month: dobMonth,
dob_year: 999
})).to.throw('StripePerson "dob_year" must be larger than or equal to 1000')
})).to.throw('StripePerson "dob_year" must be greater than or equal to 1000')
})

it('should fail when year is more than 9999', () => {
Expand Down
Loading

0 comments on commit 87c7cf2

Please sign in to comment.