fix(odata-service-writer): avoid double slashes when adding new odata service #3197
Conversation
avoid double slashes when adding new data service
🦋 Changeset detectedLatest commit: 70fc4ab The changes in this PR will be included in the next version bump. This PR includes changesets to release 13 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
815are
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
| * @returns The input string with leading and trailing slashes removed. | ||
| */ | ||
| function trimSlashes(input: string): string { | ||
| while (input.startsWith('/')) { |
There was a problem hiding this comment.
Could this be used as an attack vector? Consider a limit on string size, or use regex with same.
There was a problem hiding this comment.
regex was giving following sonar issue for me:
There was a problem hiding this comment.
Yeah I think you would need to add a character limit anyway or Sonar would complain about DOS attack. Previously we needed to limit the '/' check.
// We remove trailing slashes (up to 10, infinite would allow DOS attack) from the host to avoid double slashes when appending the service path.
this._destinationUrl = servicePath
? destUrl.replace(
`https://${destination.Name.toLowerCase()}.dest`,
destination.Host.replace(/\/{1,10}$/, '')
)
: destination.Host;
Problem happens if we pass service like:
then double forward slash is added here:
As fix - sanitize trailing slashes before creating uri for
settings.localUri- trimSlashes