ISSUE #5207 importCSV refactored to cover the vulnerability

3drepo · Oct 14, 2024 · 1cc7823 · 1cc7823
1 parent adb5c8c
commit 1cc7823
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/backend/src/v4/models/mitigation.js b/backend/src/v4/models/mitigation.js
@@ -137,10 +137,9 @@ class Mitigation {
 		});
 
 		for(const record of records) {
-			if(record?.referencedRisks?.length > 2
-				&& record.referencedRisks.match(/^\[(.+::.+::.+)*\]$/)?.length
-			) {
-				const riskRefsArray = record.referencedRisks.substring(1, record.referencedRisks.length - 1).split(",");
+			const risks = record?.referencedRisks;
+			if (risks && risks.startsWith("[") && risks.endsWith("]") && risks.split("::").length >= 3) {
+				const riskRefsArray = risks.substring(1, risks.length - 1).split(",");
 				record.referencedRisks = riskRefsArray.map((entry) => entry.replace(/"|'/g, ""));
 			} else {
 				delete record.referencedRisks;