From 5fd9ecf90b9c530f81703cf26a9076495f117280 Mon Sep 17 00:00:00 2001 From: ElinorW Date: Tue, 19 Mar 2024 18:01:04 +0300 Subject: [PATCH 1/3] add alphanumeric regex --- src/app/utils/query-parameter-sanitization.ts | 6 ++++++ src/app/utils/query-url-sanitization.ts | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/app/utils/query-parameter-sanitization.ts b/src/app/utils/query-parameter-sanitization.ts index e9ff674072..1b45ae9137 100644 --- a/src/app/utils/query-parameter-sanitization.ts +++ b/src/app/utils/query-parameter-sanitization.ts @@ -16,6 +16,7 @@ const LAMBDA_OPERATORS = ['/any', '/all']; // REGEXES const ALL_ALPHA_REGEX = /^[a-z]+$/i; +const ALL_ALPHANUM_REGEX = /^[a-zA-Z0-9]+$/; const POSITIVE_INTEGER_REGEX = /^[1-9]\d*$/; // Matches media type formats // Examples: https://www.iana.org/assignments/media-types/media-types.xhtml @@ -62,6 +63,10 @@ function isAllAlpha(str: string): boolean { return ALL_ALPHA_REGEX.test(str); } +function isAllAlphaNumeric(str: string): boolean { + return ALL_ALPHANUM_REGEX.test(str); +} + function isPlaceHolderSegment(segment: string) { return segment.startsWith('{') && segment.endsWith('}') } @@ -483,6 +488,7 @@ function sanitizeFilterQueryOptionValue(queryParameterValue: string): string { export { isPropertyName, isAllAlpha, + isAllAlphaNumeric, isPlaceHolderSegment, sanitizeQueryParameter } diff --git a/src/app/utils/query-url-sanitization.ts b/src/app/utils/query-url-sanitization.ts index c072461622..af5f928b85 100644 --- a/src/app/utils/query-url-sanitization.ts +++ b/src/app/utils/query-url-sanitization.ts @@ -2,6 +2,7 @@ import { IQuery } from '../../types/query-runner'; import { isAllAlpha, + isAllAlphaNumeric, isPlaceHolderSegment, sanitizeQueryParameter } from './query-parameter-sanitization'; @@ -104,7 +105,7 @@ function sanitizePathSegment(previousSegment: string, segment: string): string { const segmentsToIgnore = ['$value', '$count', '$ref', '$batch']; if ( - isAllAlpha(segment) || + isAllAlphaNumeric(segment) || isDeprecation(segment) || SANITIZED_ITEM_PATH_REGEX.test(segment) || segmentsToIgnore.includes(segment.toLowerCase()) || From 7244135286af366fa9e27e1e47698c38ddd6d026 Mon Sep 17 00:00:00 2001 From: ElinorW Date: Tue, 19 Mar 2024 18:50:03 +0300 Subject: [PATCH 2/3] update regex to allow only one numeric character --- src/app/utils/query-parameter-sanitization.ts | 4 ++-- src/app/utils/query-url-sanitization.ts | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/app/utils/query-parameter-sanitization.ts b/src/app/utils/query-parameter-sanitization.ts index 1b45ae9137..8c5cc6973d 100644 --- a/src/app/utils/query-parameter-sanitization.ts +++ b/src/app/utils/query-parameter-sanitization.ts @@ -16,7 +16,7 @@ const LAMBDA_OPERATORS = ['/any', '/all']; // REGEXES const ALL_ALPHA_REGEX = /^[a-z]+$/i; -const ALL_ALPHANUM_REGEX = /^[a-zA-Z0-9]+$/; +const ONE_NUMERIC_REGEX = /^(?=[a-zA-Z]*\d[a-zA-Z]*$)[a-zA-Z\d]*$/; const POSITIVE_INTEGER_REGEX = /^[1-9]\d*$/; // Matches media type formats // Examples: https://www.iana.org/assignments/media-types/media-types.xhtml @@ -64,7 +64,7 @@ function isAllAlpha(str: string): boolean { } function isAllAlphaNumeric(str: string): boolean { - return ALL_ALPHANUM_REGEX.test(str); + return ONE_NUMERIC_REGEX.test(str); } function isPlaceHolderSegment(segment: string) { diff --git a/src/app/utils/query-url-sanitization.ts b/src/app/utils/query-url-sanitization.ts index af5f928b85..b2a6fd710d 100644 --- a/src/app/utils/query-url-sanitization.ts +++ b/src/app/utils/query-url-sanitization.ts @@ -105,6 +105,7 @@ function sanitizePathSegment(previousSegment: string, segment: string): string { const segmentsToIgnore = ['$value', '$count', '$ref', '$batch']; if ( + isAllAlpha(segment) || isAllAlphaNumeric(segment) || isDeprecation(segment) || SANITIZED_ITEM_PATH_REGEX.test(segment) || From e9f84ad879a607c95b6b65f8f3fe4e75c5cda54c Mon Sep 17 00:00:00 2001 From: ElinorW Date: Tue, 19 Mar 2024 18:52:11 +0300 Subject: [PATCH 3/3] change function name --- src/app/utils/query-parameter-sanitization.ts | 4 ++-- src/app/utils/query-url-sanitization.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/app/utils/query-parameter-sanitization.ts b/src/app/utils/query-parameter-sanitization.ts index 8c5cc6973d..514b124e8d 100644 --- a/src/app/utils/query-parameter-sanitization.ts +++ b/src/app/utils/query-parameter-sanitization.ts @@ -63,7 +63,7 @@ function isAllAlpha(str: string): boolean { return ALL_ALPHA_REGEX.test(str); } -function isAllAlphaNumeric(str: string): boolean { +function isAlphaNumeric(str: string): boolean { return ONE_NUMERIC_REGEX.test(str); } @@ -488,7 +488,7 @@ function sanitizeFilterQueryOptionValue(queryParameterValue: string): string { export { isPropertyName, isAllAlpha, - isAllAlphaNumeric, + isAlphaNumeric, isPlaceHolderSegment, sanitizeQueryParameter } diff --git a/src/app/utils/query-url-sanitization.ts b/src/app/utils/query-url-sanitization.ts index b2a6fd710d..1d74b56dea 100644 --- a/src/app/utils/query-url-sanitization.ts +++ b/src/app/utils/query-url-sanitization.ts @@ -2,7 +2,7 @@ import { IQuery } from '../../types/query-runner'; import { isAllAlpha, - isAllAlphaNumeric, + isAlphaNumeric, isPlaceHolderSegment, sanitizeQueryParameter } from './query-parameter-sanitization'; @@ -106,7 +106,7 @@ function sanitizePathSegment(previousSegment: string, segment: string): string { if ( isAllAlpha(segment) || - isAllAlphaNumeric(segment) || + isAlphaNumeric(segment) || isDeprecation(segment) || SANITIZED_ITEM_PATH_REGEX.test(segment) || segmentsToIgnore.includes(segment.toLowerCase()) ||