fix(oas): prevent ReDoS in the BodyConverter (#219)

closes #218
NeuraLegion · Nov 14, 2023 · 30eb0e4 · 30eb0e4
1 parent d7f1a96
commit 30eb0e4
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/packages/oas/src/converter/parts/postdata/BodyConverter.ts b/packages/oas/src/converter/parts/postdata/BodyConverter.ts
@@ -59,7 +59,12 @@ export abstract class BodyConverter<T extends OpenAPI.Document>
   }: EncodingData): string {
     const [mime]: string[] = contentType
       .split(',')
-      .map((x) => x.trim().replace(/;.+?$/, ''));
+      .map((x) => {
+        const [part]: string[] = x.trim().split(';');
+
+        return part;
+      })
+      .filter(Boolean) as string[];
 
     switch (mime) {
       case 'application/json':