evo/evoleasing-account
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security audit fixes: task ID 12: add sanitize method on passing acc_number param to CRM

Browse Source
This commit is contained in:
merelendor 2024-12-02 01:04:22 +03:00
parent c26aaf2f29
commit fbd8c16616
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/SanitizeString/index.js Normal file
View File

@ -0,0 +1,5 @@
export default function SanitizeString(str, punctuation = false, space = false, replace = false)
{
const r = new RegExp(`[^\\d${ space ? `\\s` : `` }\\.\\-@${ punctuation ? `"'=+,;«»()&!?%` : ``}\\p{A-z}\u0401\u0451\u0410-\u044f]`, 'gi');
return str.replace(r, replace ? ' ' : '');
}

3
pages/api/auth/switch.js
View File

@ -6,11 +6,12 @@ import moment from 'moment';
import jwt from 'jsonwebtoken'; import jwt from 'jsonwebtoken';
import { cors } from '../../../lib/cors'; import { cors } from '../../../lib/cors';
import SanitizeString from '../../../lib/SanitizeString';
export default async function handler(req, res) export default async function handler(req, res)
{ {
await cors(req, res); await cors(req, res);
let { acc_number } = req.body; let acc_number = SanitizeString(req.body.acc_number, false, false, true);
console.log("API", "auth/switch"); console.log("API", "auth/switch");
if(req.headers.cookie !== undefined) if(req.headers.cookie !== undefined)