feat: handle improper type validation sync vulnerability

src/controllers/bulkUpload.ts

@@ -1,7 +1,7 @@
 /* eslint-disable global-require, import/no-dynamic-require, @typescript-eslint/no-unused-vars */
 import { client as errNotificationClient } from '../util/errorNotifier';
 import logger from '../logger';
-import { CatchErr } from '../util/types';
+import { CatchErr, ContextBodySimple } from '../util/types';
 // TODO: To be refactored and redisgned
 
 const getDestFileUploadHandler = (version, dest) =>
@@ -45,7 +45,7 @@
     return {};
   };
 
-  const { destType } = ctx.request.body;
+  const { destType }: ContextBodySimple = ctx.request.body;
   const destFileUploadHandler = getDestFileUploadHandler('v0', destType.toLowerCase());
 
   if (!destFileUploadHandler || !destFileUploadHandler.processFileData) {
@@ -82,7 +82,7 @@
     JSON.stringify(ctx.request.body),
   );
 
-  const { destType } = ctx.request.body;
+  const { destType }: ContextBodySimple = ctx.request.body;
   const destFileUploadHandler = getPollStatusHandler('v0', destType.toLowerCase());
   let response;
   if (!destFileUploadHandler || !destFileUploadHandler.processPolling) {
@@ -117,7 +117,7 @@
     JSON.stringify(ctx.request.body),
   );
 
-  const { destType } = ctx.request.body;
+  const { destType }: ContextBodySimple = ctx.request.body;
   const destFileUploadHandler = getJobStatusHandler('v0', destType.toLowerCase());
 
   if (!destFileUploadHandler || !destFileUploadHandler.processJobStatus) {
@@ -153,7 +153,7 @@
     JSON.stringify(ctx.request.body),
   );
 
-  const { destType } = ctx.request.body;
+  const { destType }: ContextBodySimple = ctx.request.body;
   const destFileUploadHandler = getJobStatusHandler('v0', destType.toLowerCase());
 
   if (!destFileUploadHandler || !destFileUploadHandler.processJobStatus) {

src/util/types.ts

@@ -3,6 +3,9 @@ export type FixMe = any;
 
 export type CatchErr = any;
 
+export type ContextBodySimple = {
+  destType: string;
+};
 export interface Config {
   cdkEnabled?: boolean;
   cdkV2Enabled?: boolean;

src/v0/destinations/google_adwords_offline_conversions/networkHandler.js

@@ -190,9 +190,11 @@ const ProxyRequest = async (request) => {
     const addPayload = body.JSON.addConversionPayload;
     // Mapping Conversion Action
     const conversionId = await getConversionActionId(headers, params);
-    addPayload.operations.forEach((operation) => {
-      set(operation, 'create.transaction_attribute.conversion_action', conversionId);
-    });
+    if (Array.isArray(addPayload.operations)) {
+      addPayload.operations.forEach((operation) => {
+        set(operation, 'create.transaction_attribute.conversion_action', conversionId);
+      });
+    }
     await addConversionToJob(endpoint, headers, firstResponse, addPayload);
     const thirdResponse = await runTheJob(
       endpoint,