From 7710fa91729d59444e1803e321453a635c9d25c9 Mon Sep 17 00:00:00 2001 From: Warren <5959690+wrn14897@users.noreply.github.com> Date: Thu, 28 Mar 2024 22:59:21 -0700 Subject: [PATCH 1/2] fix: use escapeJsonString to inject webhook payload vars --- packages/api/src/tasks/checkAlerts.ts | 41 +++++++-------------------- 1 file changed, 11 insertions(+), 30 deletions(-) diff --git a/packages/api/src/tasks/checkAlerts.ts b/packages/api/src/tasks/checkAlerts.ts index 1955a2925..d1a8008c4 100644 --- a/packages/api/src/tasks/checkAlerts.ts +++ b/packages/api/src/tasks/checkAlerts.ts @@ -229,6 +229,10 @@ const handleSendSlackWebhook = async ( }); }; +export const escapeJsonString = (str: string) => { + return JSON.stringify(str).slice(1, -1); +}; + export const handleSendGenericWebhook = async ( webhook: IWebhook, message: { @@ -273,36 +277,13 @@ export const handleSendGenericWebhook = async ( let body = ''; if (webhook.body) { const handlebars = Handlebars.create(); - let isJsonBody = false; - try { - const jsonBody = JSON.parse(webhook.body); - isJsonBody = true; - for (const [_key, _val] of Object.entries(jsonBody)) { - jsonBody[_key] = handlebars.compile(_val, { - noEscape: true, - })({ - body: message.body, - link: message.hdxLink, - title: message.title, - }); - } - body = JSON.stringify(jsonBody); - } catch (e) { - logger.error({ - message: 'Webhook body is not a valid JSON', - error: serializeError(e), - }); - } - - if (!isJsonBody) { - body = handlebars.compile(webhook.body, { - noEscape: true, - })({ - body: message.body, - link: message.hdxLink, - title: message.title, - }); - } + body = handlebars.compile(webhook.body, { + noEscape: true, + })({ + body: escapeJsonString(message.body), + link: escapeJsonString(message.hdxLink), + title: escapeJsonString(message.title), + }); } try { From 7fc7db0f269c504298091ea47b02e554da51b137 Mon Sep 17 00:00:00 2001 From: Warren <5959690+wrn14897@users.noreply.github.com> Date: Thu, 28 Mar 2024 23:06:46 -0700 Subject: [PATCH 2/2] feat: update test --- .../api/src/tasks/__tests__/checkAlerts.test.ts | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/packages/api/src/tasks/__tests__/checkAlerts.test.ts b/packages/api/src/tasks/__tests__/checkAlerts.test.ts index cdb88f393..2ab2bb87c 100644 --- a/packages/api/src/tasks/__tests__/checkAlerts.test.ts +++ b/packages/api/src/tasks/__tests__/checkAlerts.test.ts @@ -23,6 +23,7 @@ import { buildAlertMessageTemplateTitle, buildLogSearchLink, doesExceedThreshold, + escapeJsonString, expandToNestedObject, getDefaultExternalAction, processAlert, @@ -129,6 +130,18 @@ describe('checkAlerts', () => { }); }); + it('escapeJsonString', () => { + expect(escapeJsonString('foo')).toBe('foo'); + expect(escapeJsonString("foo'")).toBe("foo'"); + expect(escapeJsonString('foo"')).toBe('foo\\"'); + expect(escapeJsonString('foo\\')).toBe('foo\\\\'); + expect(escapeJsonString('foo\n')).toBe('foo\\n'); + expect(escapeJsonString('foo\r')).toBe('foo\\r'); + expect(escapeJsonString('foo\t')).toBe('foo\\t'); + expect(escapeJsonString('foo\b')).toBe('foo\\b'); + expect(escapeJsonString('foo\f')).toBe('foo\\f'); + }); + describe('Alert Templates', () => { const defaultSearchView: any = { alert: {