Skip to content

Commit

Permalink
ISSUE #5207 query in findByJob sanitised
Browse files Browse the repository at this point in the history
  • Loading branch information
@ChristosTsiotsias
ChristosTsiotsias committed Oct 14, 2024
1 parent 025b5ca commit adb5c8c
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions backend/src/v4/models/job.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,12 @@

"use strict";

const { v5Path } = require("../../interop");
const {map, compact, uniq} = require("lodash");
const responseCodes = require("../response_codes.js");
const C = require("../constants.js");
const db = require("../handler/db");
const { sanitiseRegex } = require(`${v5Path}/utils/helper/strings.js`);

function validateJobName(jobName) {
const regex = "^[^/?=#+]{0,119}[^/?=#+ ]{1}$";
Expand Down Expand Up @@ -94,8 +96,8 @@ Job.addUserToJob = async function(teamspace, jobName, user) {
};

Job.findByJob = async function(teamspace, jobName, caseSensitive = true) {

const query = caseSensitive ? { _id: jobName } : { _id: new RegExp(jobName, "i")};
const sanitisedJobName = sanitiseRegex(jobName);
const query = caseSensitive ? { _id: jobName } : { _id: new RegExp(sanitisedJobName, "i")};
const foundJob = await db.findOne(teamspace, JOBS_COLLECTION_NAME, query);

if (foundJob && !foundJob.users) {
Expand Down

0 comments on commit adb5c8c

Please sign in to comment.