New symbol operators as per latest Sequelize security recommendation.

Author: paparomeo

lib/sqlHandler.js

@@ -16,6 +16,8 @@ var modelGenerators = {
 
 var MIN_SERVER_VERSION = '1.10.0'
 
+var Op = Sequelize.Op
+
 class SqlStoreError extends Error {
   constructor (properties) {
     super()
@@ -56,6 +58,7 @@ SqlStore.prototype.initialise = function (resourceConfig) {
   } else {
     var database = self.config.database || resourceConfig.resource
     var sequelizeArgs = [database, self.config.username, self.config.password, {
+      operatorsAliases: false,
       dialect: self.config.dialect,
       dialectOptions: self.config.dialectOptions,
       host: self.config.host,
@@ -307,11 +310,11 @@ SqlStore.prototype._scalarFilterElementToWhereObj = function (element) {
   var op = element.operator
   if (!op) return value
 
-  if (op === '>') return { $gt: value }
-  if (op === '<') return { $lt: value }
+  if (op === '>') return { [Op.gt]: value }
+  if (op === '<') return { [Op.lt]: value }
 
-  var iLikeOperator = '$like'
-  if (self.sequelize.getDialect() === 'postgres') iLikeOperator = '$iLike'
+  var iLikeOperator = Op.like
+  if (self.sequelize.getDialect() === 'postgres') iLikeOperator = Op.iLike
 
   if (op === '~') {
     var caseInsensitiveEqualExpression = { }
@@ -337,7 +340,7 @@ SqlStore.prototype._filterElementToSearchBlock = function (filterElement) {
   if (filterElement.length === 1) {
     return whereObjs[0]
   }
-  return { $or: whereObjs }
+  return { [Op.or]: whereObjs }
 }
 
 SqlStore.prototype._getSearchBlock = function (filter) {