feat: handle improper type validation sync vulnerability

rudderlabs · Dec 18, 2023 · 4fd3b34 · 4fd3b34
1 parent 62a43db
commit 4fd3b34
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/src/controllers/bulkUpload.ts b/src/controllers/bulkUpload.ts
@@ -45,7 +45,7 @@ export const fileUpload = async (ctx) => {
     return {};
   };
 
-  const { destType } = ctx.request.body;
+  const { destType }: { destType: string } = ctx.request.body;
   const destFileUploadHandler = getDestFileUploadHandler('v0', destType.toLowerCase());
 
   if (!destFileUploadHandler || !destFileUploadHandler.processFileData) {
@@ -82,7 +82,7 @@ export const pollStatus = async (ctx) => {
     JSON.stringify(ctx.request.body),
   );
 
-  const { destType } = ctx.request.body;
+  const { destType }: { destType: string } = ctx.request.body;
   const destFileUploadHandler = getPollStatusHandler('v0', destType.toLowerCase());
   let response;
   if (!destFileUploadHandler || !destFileUploadHandler.processPolling) {
@@ -117,7 +117,7 @@ export const getWarnJobStatus = async (ctx) => {
     JSON.stringify(ctx.request.body),
   );
 
-  const { destType } = ctx.request.body;
+  const { destType }: { destType: string } = ctx.request.body;
   const destFileUploadHandler = getJobStatusHandler('v0', destType.toLowerCase());
 
   if (!destFileUploadHandler || !destFileUploadHandler.processJobStatus) {
@@ -153,7 +153,7 @@ export const getFailedJobStatus = async (ctx) => {
     JSON.stringify(ctx.request.body),
   );
 
-  const { destType } = ctx.request.body;
+  const { destType }: { destType: string } = ctx.request.body;
   const destFileUploadHandler = getJobStatusHandler('v0', destType.toLowerCase());
 
   if (!destFileUploadHandler || !destFileUploadHandler.processJobStatus) {

diff --git a/src/v0/destinations/google_adwords_offline_conversions/networkHandler.js b/src/v0/destinations/google_adwords_offline_conversions/networkHandler.js
@@ -190,9 +190,11 @@ const ProxyRequest = async (request) => {
     const addPayload = body.JSON.addConversionPayload;
     // Mapping Conversion Action
     const conversionId = await getConversionActionId(headers, params);
-    addPayload.operations.forEach((operation) => {
-      set(operation, 'create.transaction_attribute.conversion_action', conversionId);
-    });
+    if (Array.isArray(addPayload.operations)) {
+      addPayload.operations.forEach((operation) => {
+        set(operation, 'create.transaction_attribute.conversion_action', conversionId);
+      });
+    }
     await addConversionToJob(endpoint, headers, firstResponse, addPayload);
     const thirdResponse = await runTheJob(
       endpoint,