fixed bug when receiving array parameter

FGRibreau · Mar 4, 2022 · 89945eb · 89945eb
1 parent 93ae32b
commit 89945eb
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 5 deletions.
diff --git a/index.js b/index.js
@@ -35,10 +35,14 @@ function sanitizeHeaders(options) {
   const queryObject = querystring.parse(urlObject.query);
 
   const hasExternalLink = Object.keys(queryObject).some(function (queryParam) {
-    const qUrl = url.parse(queryObject[queryParam]);
-
-    // external link if protocol || host || port is different
-    return (!!qUrl.host && ( qUrl.protocol !== urlObject.protocol || qUrl.host !== urlObject.host || qUrl.port !== urlObject.port) );
+    const values = _.isArray(queryObject[queryParam]) ? queryObject[queryParam] : [queryObject[queryParam]]
+    const v = values.map(v => {
+      const qUrl = url.parse(v);
+
+      // external link if protocol || host || port is different
+      return (!!qUrl.host && ( qUrl.protocol !== urlObject.protocol || qUrl.host !== urlObject.host || qUrl.port !== urlObject.port) );
+    })
+    return v.some(v => v === true)
   });
 
   if (hasExternalLink && options.hasOwnProperty("headers") && typeof (options.headers) === "object") {
@@ -74,7 +78,7 @@ function _cloneOptions(options) {
  */
 function makePromise(requestInstance, promiseFactoryFn) {
 
-  // Resolver function wich assigns the promise (resolve, reject) functions
+  // Resolver function which assigns the promise (resolve, reject) functions
   // to the requestInstance
   function Resolver(resolve, reject) {
     this._resolve = resolve;

diff --git a/test/leak.test.js b/test/leak.test.js
@@ -108,4 +108,23 @@ describe('Information Leak', function () {
     });
   });
 
+
+  it('should not fail when the request has query parameters in array format', function (done) {
+
+    request({
+      url: 'https://httpbingo.org/bearer?test=hello&test=world',
+      headers: {
+        'Content-Type': 'application/json',
+        'cookie': 'ajs_anonymous_id=1234567890',
+        'authorization': 'Bearer eyJhb12345abcdef'
+      }
+    }, function (err, response, body) {
+      t.deepEqual(body, {
+        "authenticated": true,
+        "token": "eyJhb12345abcdef"
+      });
+      done();
+    });
+  });
+
 });