Fix: Resource path causing app to crash (#3053)

microsoftgraph · Mar 21, 2024 · 5e9c4e2 · 5e9c4e2
1 parent 464ae59
commit 5e9c4e2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/src/app/utils/query-parameter-sanitization.ts b/src/app/utils/query-parameter-sanitization.ts
@@ -16,6 +16,7 @@ const LAMBDA_OPERATORS = ['/any', '/all'];
 
 // REGEXES
 const ALL_ALPHA_REGEX = /^[a-z]+$/i;
+const ONE_NUMERIC_REGEX = /^(?=[a-zA-Z]*\d[a-zA-Z]*$)[a-zA-Z\d]*$/;
 const POSITIVE_INTEGER_REGEX = /^[1-9]\d*$/;
 // Matches media type formats
 // Examples: https://www.iana.org/assignments/media-types/media-types.xhtml
@@ -62,6 +63,10 @@ function isAllAlpha(str: string): boolean {
   return ALL_ALPHA_REGEX.test(str);
 }
 
+function isAlphaNumeric(str: string): boolean {
+  return ONE_NUMERIC_REGEX.test(str);
+}
+
 function isPlaceHolderSegment(segment: string) {
   return segment.startsWith('{') && segment.endsWith('}')
 }
@@ -483,6 +488,7 @@ function sanitizeFilterQueryOptionValue(queryParameterValue: string): string {
 export {
   isPropertyName,
   isAllAlpha,
+  isAlphaNumeric,
   isPlaceHolderSegment,
   sanitizeQueryParameter
 }
diff --git a/src/app/utils/query-url-sanitization.ts b/src/app/utils/query-url-sanitization.ts
@@ -2,6 +2,7 @@
 import { IQuery } from '../../types/query-runner';
 import {
   isAllAlpha,
+  isAlphaNumeric,
   isPlaceHolderSegment,
   sanitizeQueryParameter
 } from './query-parameter-sanitization';
@@ -105,6 +106,7 @@ function sanitizePathSegment(previousSegment: string, segment: string): string {
 
   if (
     isAllAlpha(segment) ||
+    isAlphaNumeric(segment) ||
     isDeprecation(segment) ||
     SANITIZED_ITEM_PATH_REGEX.test(segment) ||
     segmentsToIgnore.includes(segment.toLowerCase()) ||