UniqAI/hexabot
1
0
Fork 0
mirror of https://github.com/hexastack/hexabot synced 2025-02-17 01:57:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: escape regular expressions

Browse Source
This commit is contained in:
yassinedorbozgithub 2024-09-24 05:21:00 +01:00
parent 37f20f7d79
commit fcfc68187b
3 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/migrations/config/create.ts
View File

@ -11,6 +11,8 @@
import fs from 'fs';
import path from 'path';
import { escapeRegularExpression } from '@/utils/helpers/string';
// Get the argument passed (e.g., "all-users-fr")
const arg: string | undefined = process.argv[2];
@ -25,7 +27,8 @@ const templatePath: string = path.join(__dirname, '../config/template.ts');
// Check if a migration with the same name (excluding timestamp) already exists
const migrationExists: boolean = fs.readdirSync(migrationsDir).some((file) => {
const regex = new RegExp(`^[0-9]+-${arg}\.ts$`);
const escapedRegExp = escapeRegularExpression(arg);
const regex = new RegExp(`^[0-9]+-${escapedRegExp}\.ts$`);
return regex.test(file);
});

16
api/src/utils/helpers/string.ts Normal file
View File

@ -0,0 +1,16 @@
/*
* Copyright © 2024 Hexastack. All rights reserved.
*
* Licensed under the GNU Affero General Public License v3.0 (AGPLv3) with the following additional terms:
* 1. The name "Hexabot" is a trademark of Hexastack. You may not use this name in derivative works without express written permission.
* 2. All derivative works must include clear attribution to the original creator and software, Hexastack and Hexabot, in a prominent location (e.g., in the software's "About" section, documentation, and README file).
* 3. SaaS Restriction: This software, or any derivative of it, may not be used to offer a competing product or service (SaaS) without prior written consent from Hexastack. Offering the software as a service or using it in a commercial cloud environment without express permission is strictly prohibited.
*/
const reRegExpSpecialChars = /[\\^$.*+?()[\]{}|]/g,
reHasRegularExpressionChar = RegExp(reRegExpSpecialChars.source);
export const escapeRegularExpression = (string: string) =>
string && reHasRegularExpressionChar.test(string)
? string.replace(reRegExpSpecialChars, '\\$&')
: string;

6
api/src/utils/pipes/search-filter.pipe.ts
View File

@ -15,6 +15,7 @@ import {
} from '@nestjs/common';
import { TFilterQuery, Types } from 'mongoose';
import { escapeRegularExpression } from '../helpers/string';
import {
TFilterNestedKeysOfType,
TSearchFilterValue,
@ -36,9 +37,8 @@ export class SearchFilterPipe<T>
}
private getRegexValue(val: string) {
const quote = (str: string) =>
str.replace(/([.?*+^$[\]\\(){}|-])/g, '\\$1');
return new RegExp(quote(val), 'i');
const escapedRegExp = escapeRegularExpression(val);
return new RegExp(escapedRegExp, 'i');
}
private isAllowedField(field: string) {