Deal with security alerts in regex

jadrake75 · jadrake75 · commit 081fe3f31d59 · 2022-01-15T15:35:50.000-05:00
* Updated README Fixes #183
diff --git a/README.md b/README.md
@@ -15,10 +15,6 @@ stamp-web-aurelia is the web front-end for managing collections of stamps and le
 
 ![Screen shot showing Editing in Stamp-Web](https://i.imgur.com/1f8SF9h.png)
 
-## Build Status
-
-![Build Status](https://drake-server.ddns.net:9443/build/stamp-web-aurelia.svg)
-
 
 ## Demo Server
 
@@ -89,7 +85,7 @@ To run the unit tests, first ensure that you have followed the steps above in or
   
 ## Running the Integration Tests
 
-npm fddWebdriver for NodeJS is used for the integration tests. This project has been moved to [stamp-web-selenium](https://github.com/stamp-web/stamp-web-selenium)
+Webdriver for NodeJS is used for the integration tests. This project has been moved to [stamp-web-selenium](https://github.com/stamp-web/stamp-web-selenium)
 
 
 ## Test Statistics
diff --git a/src/util/location-helper.js b/src/util/location-helper.js
@@ -1,5 +1,5 @@
 /**
- Copyright 2017 Jason Drake
+ Copyright 2022 Jason Drake
 
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -22,12 +22,12 @@ function LocationHelperFn() {
         loadResource: (filename, filetype = 'js') => {
             return new Promise((resolve,reject) => {
                 let fileRef;
-                if (filetype == 'js') {
+                if (filetype === 'js') {
                     fileRef = document.createElement('script');
                     fileRef.setAttribute('type', 'text/javascript');
                     fileRef.setAttribute('src', filename);
                 }
-                else if (filetype == 'css') {
+                else if (filetype === 'css') {
                     fileRef = document.createElement('link');
                     fileRef.setAttribute('rel', 'stylesheet');
                     fileRef.setAttribute('type', 'text/css');
@@ -42,20 +42,16 @@ function LocationHelperFn() {
                     };
                     _.defer(() => {
                         document.getElementsByTagName("head")[0].appendChild(fileRef);
-                    })
-
+                    });
                 }
             });
         },
 
-        getQueryParameter: (key, default_) => {
-            if (default_ == null) {
-                default_ = null;
-            }
-            key = key.replace(/[\[]/, "\\\[").replace(/[\]]/, "\\\]");
-            key = key.replace("$", "\\$");
-            var regex = new RegExp("[\\?&]" + key + "=([^&#]*)");
-            var qs = regex.exec(window.location.href);
+        getQueryParameter: (key, default_ = null) => {
+            key = key.replace(/[\[]/g, "\\\[").replace(/[\]]/g, "\\\]");
+            key = key.replace(/\$/g, "\\$");
+            let regex = new RegExp("[\\?&]" + key + "=([^&#]*)");
+            let qs = regex.exec(window.location.href);
             if (qs == null) {
                 return default_;
             } else {
diff --git a/test/unit/util/location-helper.spec.js b/test/unit/util/location-helper.spec.js
@@ -1,5 +1,5 @@
 /**
- Copyright 2019 Jason Drake
+ Copyright 2022 Jason Drake
 
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -13,13 +13,11 @@
  See the License for the specific language governing permissions and
  limitations under the License.
  */
-import {EnumeratedTypeHelper, ConditionHelper, StampHelper, Condition, Defects} from 'util/common-models';
-import _ from 'lodash';
 import {LocationHelper} from "../../../src/util/location-helper";
 
 describe('LocationHelper test suite', () => {
 
-    describe('resolvePath tests', () => {
+    describe('resolvePath', () => {
 
         it('use default for empty', () => {
             let v = LocationHelper.resolvePath(undefined, 'default');
@@ -39,6 +37,40 @@ describe('LocationHelper test suite', () => {
             let v = LocationHelper.resolvePath({value: 'https://site.com/some/path'}, 'default');
             expect(v).toBe('https://site.com/some/path/');
         });
+    });
+
+    describe('getQueryParameter', () => {
+
+        afterEach(() => {
+           jest.resetAllMocks();
+        });
+
+        let mockLocation = loc => {
+            const location = new URL(loc);
+            location.assign = jest.fn();
+            location.replace = jest.fn();
+            location.reload = jest.fn();
+
+            delete window.location;
+            window.location = location;
+        };
 
+        it('verify extraction of $filter parameter with $filter in parameter value', () => {
+            mockLocation('http://localhost:9000/#/?$filter=(countryName%20eq%20%27$filter%27)&$orderby=number%20asc&$top=1000');
+            let q = LocationHelper.getQueryParameter('$filter');
+            expect(q).toBe('(countryName eq \'$filter\')');
+        });
+
+        it('no parameter in location', () => {
+            mockLocation('http://localhost:9000/#/?$orderby=number%20asc&$top=1000');
+            let q = LocationHelper.getQueryParameter('$filter');
+            expect(q).toBeNull();
+        });
+
+        it('no parameter in location with a default', () => {
+            mockLocation('http://localhost:9000/#/?$orderby=number%20asc&$top=1000');
+            let q = LocationHelper.getQueryParameter('$filter', 'someDefault');
+            expect(q).toBe('someDefault');
+        });
     });
 });
