Update to address security vulnerability with data input.

bcgov · Jul 30, 2024 · 1ebdf1f · 1ebdf1f
1 parent e2c41fc
commit 1ebdf1f
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/src/api/ruleMapping/ruleMapping.service.ts b/src/api/ruleMapping/ruleMapping.service.ts
@@ -40,10 +40,11 @@ export class RuleMappingService {
           };
         });
       } else if (node.type === 'functionNode' && node?.content) {
-        return (node.content.split('\n') || []).reduce((acc: any, line: string) => {
-          const match = line.match(fieldKey === 'inputs' ? /\s*\*\s*@param\s+/ : /\s*\*\s*@returns\s+/);
+        return (node.content.split('\n') || []).reduce((acc: any[], line: string) => {
+          const pattern = fieldKey === 'inputs' ? /^\s*\*\s*@param\s+(.+)$/ : /^\s*\*\s*@returns\s+(.+)$/;
+          const match = line.match(pattern);
           if (match) {
-            const item = line.replace(match[0], '').trim();
+            const item = match[1].trim();
             acc.push({
               key: item,
               property: item,