From d898506a2819eaca0eca8d88729d70ce5c2cc217 Mon Sep 17 00:00:00 2001
From: Daniel Lugo <danlugo92@gmail.com>
Date: Wed, 29 Jan 2020 14:54:14 -0400
Subject: [PATCH] fine grained validation

---
 services/gunDB/contact-api/streams.js | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/services/gunDB/contact-api/streams.js b/services/gunDB/contact-api/streams.js
index 4a5ea059..ba7457a8 100644
--- a/services/gunDB/contact-api/streams.js
+++ b/services/gunDB/contact-api/streams.js
@@ -150,13 +150,29 @@ const onIncoming = cb => {
               return
             }
 
-            if (!Schema.isOutgoing(data)) {
+            if (typeof data !== 'object') {
               return
             }
 
+            if (typeof data.with !== 'string') {
+              return
+            }
+
+            if (typeof data.messages !== 'object') {
+              return
+            }
+
+            if (data.messages === null) {
+              return
+            }
+
+            const msgs = /** @type {[string, Schema.Message][]} */ (Object.entries(
+              data.messages
+            ).filter(([_, msg]) => Schema.isMessage(msg)))
+
             // eslint-disable-next-line require-atomic-updates
             pubToIncoming[pub] = await Utils.asyncMap(
-              Object.entries(data.messages),
+              msgs,
               async ([msgid, msg]) => {
                 let decryptedBody = ''