From 2ab6e60341d7b49308a01dbb541f9b9a8751effd Mon Sep 17 00:00:00 2001
From: Matt Carvin <90224411+mcarvin8@users.noreply.github.com>
Date: Wed, 13 Nov 2024 10:12:16 -0500
Subject: [PATCH] fix: ensure only elements in each `types` element are `name`
 and `members`

---
 src/helpers/parsePackage.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/helpers/parsePackage.ts b/src/helpers/parsePackage.ts
index 7417e1d..95ac685 100644
--- a/src/helpers/parsePackage.ts
+++ b/src/helpers/parsePackage.ts
@@ -30,6 +30,14 @@ export async function parsePackageXml(xmlContent: string): Promise<SalesforcePac
       if (!Array.isArray(type.name) || type.name.length !== 1 || typeof type.name[0] !== 'string') {
         throw new Error('Invalid package.xml: Each <types> block must have exactly one <name> element.');
       }
+      // Validate that only "name" and "members" keys are present
+      const allowedTypesKeys = new Set(['name', 'members']);
+      const typeKeys = Object.keys(type);
+      const hasUnexpectedTypesKeys = typeKeys.some((key) => !allowedTypesKeys.has(key));
+
+      if (hasUnexpectedTypesKeys) {
+        throw new Error('Invalid package.xml: Each <types> block must contain only <name> and <members> tags.');
+      }
       const name = type.name[0];
       const members = Array.isArray(type.members) ? type.members.flat() : type.members;
       return {