attempt to fix codeql vulnerability

2022-08-22 15:49:08 -04:00 · 2022-08-22 15:49:08 -04:00 · 4090714ace
parent 2b6ef96851
commit 4090714ace
2 changed files with 27 additions and 22 deletions
--- a/routes/login.js
+++ b/routes/login.js
@ -4,17 +4,19 @@ import * as authenticationFunctions from "../helpers/functions.authentication.js
 export const router = Router();
 const getSafeRedirectURL = (possibleRedirectURL = "") => {
    const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix");
-    const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
-        possibleRedirectURL.slice(urlPrefix.length) :
-        possibleRedirectURL).toLowerCase();
-    switch (urlToCheck) {
-        case "/admin/fees":
-        case "/lotOccupancies":
-        case "/lots":
-        case "/maps":
-        case "/workOrders":
-        case "/reports":
-            return urlPrefix + urlToCheck;
+    if (typeof (possibleRedirectURL) === "string") {
+        const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
+            possibleRedirectURL.slice(urlPrefix.length) :
+            possibleRedirectURL).toLowerCase();
+        switch (urlToCheck) {
+            case "/admin/fees":
+            case "/lotOccupancies":
+            case "/lots":
+            case "/maps":
+            case "/workOrders":
+            case "/reports":
+                return urlPrefix + urlToCheck;
+        }
    }
    return urlPrefix + "/dashboard";
 };
--- a/routes/login.ts
+++ b/routes/login.ts
@ -15,19 +15,22 @@ const getSafeRedirectURL = (possibleRedirectURL = "") => {

    const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix");

-    const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
-        possibleRedirectURL.slice(urlPrefix.length) :
-        possibleRedirectURL).toLowerCase();
+    if (typeof (possibleRedirectURL) === "string") {
+        
+        const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ?
+            possibleRedirectURL.slice(urlPrefix.length) :
+            possibleRedirectURL).toLowerCase();

-    switch (urlToCheck) {
-        case "/admin/fees":
-        case "/lotOccupancies":
-        case "/lots":
-        case "/maps":
-        case "/workOrders":
-        case "/reports":
+        switch (urlToCheck) {
+            case "/admin/fees":
+            case "/lotOccupancies":
+            case "/lots":
+            case "/maps":
+            case "/workOrders":
+            case "/reports":

-            return urlPrefix + urlToCheck;
+                return urlPrefix + urlToCheck;
+        }
    }

    return urlPrefix + "/dashboard";