Skip to content

fix(dump): check suffix against a regexp to sanitize user input#2665

Open
QuentinRousselet wants to merge 1 commit into
2-devfrom
fix/dump-script-injection
Open

fix(dump): check suffix against a regexp to sanitize user input#2665
QuentinRousselet wants to merge 1 commit into
2-devfrom
fix/dump-script-injection

Conversation

@QuentinRousselet

Copy link
Copy Markdown
Contributor

What does this PR do ?

Add a regex to sanitize user input on dump api

    const suffixRegex = /^[A-Za-z0-9_-]{0,64}$/;
    if (!suffixRegex.test(suffix)) {
      throw new BadRequestError(
        `Invalid suffix '${suffix}'. Suffix must be alphanumeric and can contain '-' and '_'. Max length is 64 characters.`,
      );
    }

@QuentinRousselet QuentinRousselet self-assigned this Jul 1, 2026
@QuentinRousselet QuentinRousselet force-pushed the fix/dump-script-injection branch from 5b2c085 to 04778a2 Compare July 1, 2026 16:20
@QuentinRousselet QuentinRousselet force-pushed the fix/dump-script-injection branch from 04778a2 to 7fd5884 Compare July 1, 2026 16:23
@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant