diff --git a/packages/contentstack-audit/src/messages/index.ts b/packages/contentstack-audit/src/messages/index.ts index e5451a38e3..a607a5d0fb 100644 --- a/packages/contentstack-audit/src/messages/index.ts +++ b/packages/contentstack-audit/src/messages/index.ts @@ -1,4 +1,5 @@ import memoize from 'lodash/memoize'; +import { escapeRegExp } from '@contentstack/cli-utilities'; const errors = {}; @@ -65,8 +66,8 @@ function $t(msg: string, args: Record): string { if (!msg) return ''; for (const key of Object.keys(args)) { - const escapedKey = key.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); - msg = msg.replace(new RegExp(`{${escapedKey}}`, 'g'), args[key] || escapedKey); + const escapedKey = escapeRegExp(key); + msg = msg.replace(new RegExp(`{${escapedKey}}`, 'g'), escapeRegExp(args[key]) || escapedKey); } return msg; diff --git a/packages/contentstack-bulk-publish/src/consumer/publish.js b/packages/contentstack-bulk-publish/src/consumer/publish.js index ae21d7ac0b..d86a69ea9a 100644 --- a/packages/contentstack-bulk-publish/src/consumer/publish.js +++ b/packages/contentstack-bulk-publish/src/consumer/publish.js @@ -43,7 +43,6 @@ async function publishEntry(data, _config, queue) { .publish({ publishDetails: { environments: entryObj.environments, locales: lang }, locale: entryObj.locale || 'en-us', - version: entryObj.version }) .then((publishEntryResponse) => { if (!publishEntryResponse.error_message) { @@ -246,9 +245,10 @@ async function performBulkPublish(data, _config, queue) { .publish(payload) .then((bulkPublishEntriesResponse) => { if (!bulkPublishEntriesResponse.error_message) { + const sanitizedData = JSON.stringify(removePublishDetails(bulkPublishObj.entries)); console.log( chalk.green( - `Bulk entries sent for publish ${JSON.stringify(removePublishDetails(bulkPublishObj.entries))}`, + `Bulk entries sent for publish ${sanitizedData}`, ), (bulkPublishEntriesResponse.job_id) ? chalk.yellow(`job_id: ${bulkPublishEntriesResponse.job_id}`) : '' ); diff --git a/packages/contentstack-import/src/utils/asset-helper.ts b/packages/contentstack-import/src/utils/asset-helper.ts index 49b88cd39d..5c13c7bb53 100644 --- a/packages/contentstack-import/src/utils/asset-helper.ts +++ b/packages/contentstack-import/src/utils/asset-helper.ts @@ -1,7 +1,7 @@ import Bluebird from 'bluebird'; import * as url from 'url'; import * as path from 'path'; -import { ContentstackClient, managementSDKClient } from '@contentstack/cli-utilities'; +import { ContentstackClient, managementSDKClient, escapeRegExp } from '@contentstack/cli-utilities'; import { ImportConfig } from '../types'; const debug = require('debug')('util:requests'); let _ = require('lodash'); @@ -249,8 +249,9 @@ export const lookupAssets = function ( assetUrls.forEach(function (assetUrl: any) { let mappedAssetUrl = mappedAssetUrls[assetUrl]; if (typeof mappedAssetUrl !== 'undefined') { - const escapedAssetUrl = assetUrl.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); - entry = entry.replace(new RegExp(escapedAssetUrl, 'img'), mappedAssetUrl); + const sanitizedUrl = escapeRegExp(assetUrl); + const escapedMappedUrl = escapeRegExp(mappedAssetUrl); + entry = entry.replace(new RegExp(sanitizedUrl, 'img'), escapedMappedUrl); matchedUrls.push(mappedAssetUrl); } else { unmatchedUrls.push(assetUrl); diff --git a/packages/contentstack-import/src/utils/common-helper.ts b/packages/contentstack-import/src/utils/common-helper.ts index ad8a471f52..ed402fcf42 100644 --- a/packages/contentstack-import/src/utils/common-helper.ts +++ b/packages/contentstack-import/src/utils/common-helper.ts @@ -151,7 +151,11 @@ export const field_rules_update = (importConfig: ImportConfig, ctPath: string) = management_token: importConfig.management_token, }); let ctObj = stackAPIClient.contentType(schema.uid); - Object.assign(ctObj, _.cloneDeep(schema)); + //NOTE:- Remove this code Object.assign(ctObj, _.cloneDeep(schema)); -> security vulnerabilities due to mass assignment + const schemaKeys = Object.keys(schema); + for (const key of schemaKeys) { + ctObj[key] = _.cloneDeep(schema[key]); + } ctObj .update() .then(() => { diff --git a/packages/contentstack-import/src/utils/entries-helper.ts b/packages/contentstack-import/src/utils/entries-helper.ts index fecfd95179..b07b6b576b 100644 --- a/packages/contentstack-import/src/utils/entries-helper.ts +++ b/packages/contentstack-import/src/utils/entries-helper.ts @@ -7,6 +7,7 @@ import * as path from 'path'; import * as _ from 'lodash'; import config from '../config'; import * as fileHelper from './file-helper'; +import { escapeRegExp } from '@contentstack/cli-utilities'; import { EntryJsonRTEFieldDataType } from '../types/entries'; @@ -199,8 +200,9 @@ export const lookupEntries = function ( let entry = JSON.stringify(data.entry); uids.forEach(function (uid: any) { if (mappedUids.hasOwnProperty(uid)) { - const escapedUid = uid.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); - entry = entry.replace(new RegExp(escapedUid, 'img'), mappedUids[uid]); + const sanitizedUid = escapeRegExp(uid); + const escapedMappedUid = escapeRegExp(mappedUids[uid]); + entry = entry.replace(new RegExp(sanitizedUid, 'img'), escapedMappedUid); mapped.push(uid); } else { unmapped.push(uid); diff --git a/packages/contentstack-utilities/src/helpers.ts b/packages/contentstack-utilities/src/helpers.ts index 35aa4d7727..ea606592c5 100644 --- a/packages/contentstack-utilities/src/helpers.ts +++ b/packages/contentstack-utilities/src/helpers.ts @@ -37,6 +37,7 @@ export const createDeveloperHubUrl = (developerHubBaseUrl: string): string => { return developerHubBaseUrl.startsWith('http') ? developerHubBaseUrl : `https://${developerHubBaseUrl}`; }; + export const validatePath = (input: string) => { const pattern = /[*$%#<>{}!&?]/g; if (pattern.test(input)) { @@ -50,3 +51,7 @@ export const validatePath = (input: string) => { } return true; }; + +// To escape special characters in a string +export const escapeRegExp = (str: string) => str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); +