From 30eb0e488e8a21993480a49b75e3926284489995 Mon Sep 17 00:00:00 2001
From: ostridm <dmitry.ostrikov@brightsec.com>
Date: Tue, 14 Nov 2023 19:25:45 +0300
Subject: [PATCH] fix(oas): prevent ReDoS in the `BodyConverter` (#219)

closes #218
---
 packages/oas/src/converter/parts/postdata/BodyConverter.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/oas/src/converter/parts/postdata/BodyConverter.ts b/packages/oas/src/converter/parts/postdata/BodyConverter.ts
index 15cd8064..8aca63d4 100644
--- a/packages/oas/src/converter/parts/postdata/BodyConverter.ts
+++ b/packages/oas/src/converter/parts/postdata/BodyConverter.ts
@@ -59,7 +59,12 @@ export abstract class BodyConverter<T extends OpenAPI.Document>
   }: EncodingData): string {
     const [mime]: string[] = contentType
       .split(',')
-      .map((x) => x.trim().replace(/;.+?$/, ''));
+      .map((x) => {
+        const [part]: string[] = x.trim().split(';');
+
+        return part;
+      })
+      .filter(Boolean) as string[];
 
     switch (mime) {
       case 'application/json':