From 799a6fe1cf383df4584d565e93669f34272ec370 Mon Sep 17 00:00:00 2001 From: An Phi Date: Wed, 26 Oct 2022 10:54:55 -0400 Subject: [PATCH 1/2] sanitize ULRs before parsing query params --- .changeset/mighty-dodos-explain.md | 5 +++++ .changeset/smart-rules-appear.md | 5 +++++ .../src/components/QueryEditor.tsx | 8 ++++++-- .../src/components/QuerySetup.tsx | 8 ++++++-- .../src/components/query/DataSpaceQueryCreator.tsx | 4 ++-- packages/legend-shared/package.json | 1 + packages/legend-shared/src/network/NetworkUtils.ts | 3 +++ yarn.lock | 8 ++++++++ 8 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 .changeset/mighty-dodos-explain.md create mode 100644 .changeset/smart-rules-appear.md diff --git a/.changeset/mighty-dodos-explain.md b/.changeset/mighty-dodos-explain.md new file mode 100644 index 0000000000..a1b2d86ec1 --- /dev/null +++ b/.changeset/mighty-dodos-explain.md @@ -0,0 +1,5 @@ +--- +'@finos/legend-shared': minor +--- + +Add `sanitizeURL` utility. diff --git a/.changeset/smart-rules-appear.md b/.changeset/smart-rules-appear.md new file mode 100644 index 0000000000..61e2c3ede3 --- /dev/null +++ b/.changeset/smart-rules-appear.md @@ -0,0 +1,5 @@ +--- +'@finos/legend-application-query': patch +'@finos/legend-extension-dsl-data-space': patch +'@finos/legend-shared': patch +--- diff --git a/packages/legend-application-query/src/components/QueryEditor.tsx b/packages/legend-application-query/src/components/QueryEditor.tsx index c6b065f681..4014e2a26d 100644 --- a/packages/legend-application-query/src/components/QueryEditor.tsx +++ b/packages/legend-application-query/src/components/QueryEditor.tsx @@ -39,7 +39,11 @@ import { CheckIcon, MenuContentItemLabel, } from '@finos/legend-art'; -import { debounce, getQueryParameters } from '@finos/legend-shared'; +import { + debounce, + getQueryParameters, + sanitizeURL, +} from '@finos/legend-shared'; import { observer } from 'mobx-react-lite'; import { Fragment, useEffect, useMemo, useRef, useState } from 'react'; import { @@ -645,7 +649,7 @@ export const ServiceQueryCreator = observer(() => { const gav = params[LEGEND_QUERY_PATH_PARAM_TOKEN.GAV]; const servicePath = params[LEGEND_QUERY_PATH_PARAM_TOKEN.SERVICE_PATH]; const executionKey = getQueryParameters( - applicationStore.navigator.getCurrentAddress(), + sanitizeURL(applicationStore.navigator.getCurrentAddress()), true, )[LEGEND_QUERY_QUERY_PARAM_TOKEN.SERVICE_EXECUTION_KEY]; diff --git a/packages/legend-application-query/src/components/QuerySetup.tsx b/packages/legend-application-query/src/components/QuerySetup.tsx index 05ab593c74..bab71a08ce 100644 --- a/packages/legend-application-query/src/components/QuerySetup.tsx +++ b/packages/legend-application-query/src/components/QuerySetup.tsx @@ -31,7 +31,11 @@ import { CheckIcon, MenuContentDivider, } from '@finos/legend-art'; -import { getQueryParameters, guaranteeNonNullable } from '@finos/legend-shared'; +import { + getQueryParameters, + guaranteeNonNullable, + sanitizeURL, +} from '@finos/legend-shared'; import { observer, useLocalObservable } from 'mobx-react-lite'; import React, { createContext, useContext, useEffect } from 'react'; import { @@ -251,7 +255,7 @@ export const QuerySetupLandingPage = withQuerySetupLandingPageStore( const setupStore = useQuerySetupLandingPageStore(); const applicationStore = useLegendQueryApplicationStore(); const params = getQueryParameters( - applicationStore.navigator.getCurrentAddress(), + sanitizeURL(applicationStore.navigator.getCurrentAddress()), true, ); const showAdvancedActions = diff --git a/packages/legend-extension-dsl-data-space/src/components/query/DataSpaceQueryCreator.tsx b/packages/legend-extension-dsl-data-space/src/components/query/DataSpaceQueryCreator.tsx index 49984a7d3b..f54aaaf859 100644 --- a/packages/legend-extension-dsl-data-space/src/components/query/DataSpaceQueryCreator.tsx +++ b/packages/legend-extension-dsl-data-space/src/components/query/DataSpaceQueryCreator.tsx @@ -15,7 +15,7 @@ */ import { observer, useLocalObservable } from 'mobx-react-lite'; -import { getQueryParameters } from '@finos/legend-shared'; +import { getQueryParameters, sanitizeURL } from '@finos/legend-shared'; import { useApplicationStore, useParams } from '@finos/legend-application'; import { useDepotServerClient } from '@finos/legend-server-depot'; import { @@ -82,7 +82,7 @@ export const DataSpaceQueryCreator = observer(() => { params[DATA_SPACE_QUERY_CREATOR_PATH_PARAM_TOKEN.EXECUTION_CONTEXT]; const runtimePath = params[LEGEND_QUERY_PATH_PARAM_TOKEN.RUNTIME_PATH]; const classPath = getQueryParameters( - applicationStore.navigator.getCurrentAddress(), + sanitizeURL(applicationStore.navigator.getCurrentAddress()), true, )[DATA_SPACE_QUERY_CREATOR_QUERY_PARAM_TOKEN.CLASS_PATH]; diff --git a/packages/legend-shared/package.json b/packages/legend-shared/package.json index 03ce0888ec..3658974f80 100644 --- a/packages/legend-shared/package.json +++ b/packages/legend-shared/package.json @@ -39,6 +39,7 @@ "test:watch": "jest --watch" }, "dependencies": { + "@braintree/sanitize-url": "6.0.1", "@types/lodash-es": "4.17.6", "@types/object-hash": "2.2.1", "@types/pako": "2.0.0", diff --git a/packages/legend-shared/src/network/NetworkUtils.ts b/packages/legend-shared/src/network/NetworkUtils.ts index 7278207436..89b7eaef9a 100644 --- a/packages/legend-shared/src/network/NetworkUtils.ts +++ b/packages/legend-shared/src/network/NetworkUtils.ts @@ -29,6 +29,7 @@ import { stringify as _stringifyQueryParams, } from 'query-string'; import { returnUndefOnError } from '../error/ErrorUtils.js'; +import { sanitizeUrl } from '@braintree/sanitize-url'; /** * Unlike the download call (GET requests) which is gziped, the upload call send uncompressed data which is in megabytes realms @@ -554,3 +555,5 @@ export const buildUrl = (parts: string[]): string => parts .map((part) => part.replaceAll(/^\/+/g, '').replaceAll(/\/+$/g, '')) .join(URL_SEPARATOR); + +export const sanitizeURL = (val: string): string => sanitizeUrl(val); diff --git a/yarn.lock b/yarn.lock index a24389e094..5af9721634 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1547,6 +1547,13 @@ __metadata: languageName: node linkType: hard +"@braintree/sanitize-url@npm:6.0.1": + version: 6.0.1 + resolution: "@braintree/sanitize-url@npm:6.0.1" + checksum: 6f9221299aac0c841a17ecb1ebc60eb43c794f05b5136ca9b87116c8472b7e96f21e56ba2da8369f964112c6055fab791a37015bbea4bd5a189cc38206d214ad + languageName: node + linkType: hard + "@changesets/apply-release-plan@npm:^6.1.1": version: 6.1.1 resolution: "@changesets/apply-release-plan@npm:6.1.1" @@ -2987,6 +2994,7 @@ __metadata: version: 0.0.0-use.local resolution: "@finos/legend-shared@workspace:packages/legend-shared" dependencies: + "@braintree/sanitize-url": 6.0.1 "@finos/legend-dev-utils": "workspace:*" "@jest/globals": 29.2.2 "@types/lodash-es": 4.17.6 From 610016c029775485d19b35afe1eafee92527a90c Mon Sep 17 00:00:00 2001 From: An Phi Date: Wed, 26 Oct 2022 10:55:50 -0400 Subject: [PATCH 2/2] bump dependencies --- .changeset/wicked-phones-float.md | 8 +++++++ package.json | 2 +- .../package.json | 2 +- .../package.json | 2 +- .../package.json | 2 +- yarn.lock | 24 +++++++++---------- 6 files changed, 24 insertions(+), 16 deletions(-) create mode 100644 .changeset/wicked-phones-float.md diff --git a/.changeset/wicked-phones-float.md b/.changeset/wicked-phones-float.md new file mode 100644 index 0000000000..3eca00590f --- /dev/null +++ b/.changeset/wicked-phones-float.md @@ -0,0 +1,8 @@ +--- +'@finos/legend-application-query': patch +'@finos/legend-application-query-deployment': patch +'@finos/legend-application-studio-deployment': patch +'@finos/legend-application-taxonomy-deployment': patch +'@finos/legend-extension-dsl-data-space': patch +'@finos/legend-shared': patch +--- diff --git a/package.json b/package.json index 60ec2d3491..81a3858ace 100644 --- a/package.json +++ b/package.json @@ -94,7 +94,7 @@ "@finos/eslint-plugin-legend-studio": "workspace:*", "@finos/legend-dev-utils": "workspace:*", "@finos/stylelint-config-legend-studio": "workspace:*", - "@types/node": "18.11.5", + "@types/node": "18.11.6", "chalk": "5.1.2", "cross-env": "7.0.3", "envinfo": "7.8.1", diff --git a/packages/legend-application-query-deployment/package.json b/packages/legend-application-query-deployment/package.json index 5071b68726..2283be4baa 100644 --- a/packages/legend-application-query-deployment/package.json +++ b/packages/legend-application-query-deployment/package.json @@ -45,7 +45,7 @@ "rimraf": "3.0.2", "typescript": "4.8.4", "webpack": "5.74.0", - "webpack-bundle-analyzer": "4.6.1", + "webpack-bundle-analyzer": "4.7.0", "webpack-cli": "4.10.0", "webpack-dev-server": "4.11.1" } diff --git a/packages/legend-application-studio-deployment/package.json b/packages/legend-application-studio-deployment/package.json index 52a62811c7..4453b1ab03 100644 --- a/packages/legend-application-studio-deployment/package.json +++ b/packages/legend-application-studio-deployment/package.json @@ -45,7 +45,7 @@ "rimraf": "3.0.2", "typescript": "4.8.4", "webpack": "5.74.0", - "webpack-bundle-analyzer": "4.6.1", + "webpack-bundle-analyzer": "4.7.0", "webpack-cli": "4.10.0", "webpack-dev-server": "4.11.1" } diff --git a/packages/legend-application-taxonomy-deployment/package.json b/packages/legend-application-taxonomy-deployment/package.json index df11bc7365..ae2db402ea 100644 --- a/packages/legend-application-taxonomy-deployment/package.json +++ b/packages/legend-application-taxonomy-deployment/package.json @@ -45,7 +45,7 @@ "rimraf": "3.0.2", "typescript": "4.8.4", "webpack": "5.74.0", - "webpack-bundle-analyzer": "4.6.1", + "webpack-bundle-analyzer": "4.7.0", "webpack-cli": "4.10.0", "webpack-dev-server": "4.11.1" } diff --git a/yarn.lock b/yarn.lock index 5af9721634..b14d0a6e05 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2128,7 +2128,7 @@ __metadata: rimraf: 3.0.2 typescript: 4.8.4 webpack: 5.74.0 - webpack-bundle-analyzer: 4.6.1 + webpack-bundle-analyzer: 4.7.0 webpack-cli: 4.10.0 webpack-dev-server: 4.11.1 languageName: unknown @@ -2211,7 +2211,7 @@ __metadata: rimraf: 3.0.2 typescript: 4.8.4 webpack: 5.74.0 - webpack-bundle-analyzer: 4.6.1 + webpack-bundle-analyzer: 4.7.0 webpack-cli: 4.10.0 webpack-dev-server: 4.11.1 languageName: unknown @@ -2291,7 +2291,7 @@ __metadata: rimraf: 3.0.2 typescript: 4.8.4 webpack: 5.74.0 - webpack-bundle-analyzer: 4.6.1 + webpack-bundle-analyzer: 4.7.0 webpack-cli: 4.10.0 webpack-dev-server: 4.11.1 languageName: unknown @@ -4305,10 +4305,10 @@ __metadata: languageName: node linkType: hard -"@types/node@npm:18.11.5": - version: 18.11.5 - resolution: "@types/node@npm:18.11.5" - checksum: ac54e9287dd4549ea3dc8aabc0cf7bfa04c52f02925d7fd68414789617ec770f034c8ae2e111e8bd00d446a46fcac42587b5a316a1303e2f6ea094854248c9ff +"@types/node@npm:18.11.6": + version: 18.11.6 + resolution: "@types/node@npm:18.11.6" + checksum: 25713209b5f8758e782348514e7bd2342bd8edb38038380c66f37b41b12d6840763edb17d81f6451591791c9d59c8255be54591333fc302f473beadada0023e6 languageName: node linkType: hard @@ -10160,7 +10160,7 @@ __metadata: "@finos/eslint-plugin-legend-studio": "workspace:*" "@finos/legend-dev-utils": "workspace:*" "@finos/stylelint-config-legend-studio": "workspace:*" - "@types/node": 18.11.5 + "@types/node": 18.11.6 chalk: 5.1.2 cross-env: 7.0.3 envinfo: 7.8.1 @@ -15848,9 +15848,9 @@ __metadata: languageName: node linkType: hard -"webpack-bundle-analyzer@npm:4.6.1": - version: 4.6.1 - resolution: "webpack-bundle-analyzer@npm:4.6.1" +"webpack-bundle-analyzer@npm:4.7.0": + version: 4.7.0 + resolution: "webpack-bundle-analyzer@npm:4.7.0" dependencies: acorn: ^8.0.4 acorn-walk: ^8.0.0 @@ -15863,7 +15863,7 @@ __metadata: ws: ^7.3.1 bin: webpack-bundle-analyzer: lib/bin/analyzer.js - checksum: 4bc97ac6a1d9cd1f133444b0fc9d9091c97f4bd8388f97636ce27abd1ebffaa7dd45d29f6693661a666e77bcc08dff43ab7c2f5e2600a3101b956c94c1d038d0 + checksum: 4ce3b379c61ce16b2219756843407cc99f2b82cd191f653043f1b705a3e32b3af03834af0dfded98ab852313a892a148bed1a8effaacd6440f028c19f41581f3 languageName: node linkType: hard