mirror/insomnia
1
0
Fork 0
mirror of https://github.com/Kong/insomnia.git synced 2026-04-21 06:37:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Short-ciruit string rendering if require invocation is detected (#8358)

Browse Source 
* Short-ciruit string rendering if require invocation is detected [SEC-1323] [INS-4963]

* add sentry exception

---------

Co-authored-by: jackkav <jackkav@gmail.com>
This commit is contained in:
Vivek Thuravupala
2025-02-12 05:03:10 -08:00
committed by GitHub
parent 700f2b0404
commit dd9453fdff
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/insomnia/src/common/render.ts
View File

@@ -1,3 +1,4 @@
import * as Sentry from '@sentry/electron/renderer';
import clone from 'clone';
import orderedJSON from 'json-order';
@@ -291,6 +292,13 @@ export async function render<T>(
) {
// Do nothing to these types
} else if (typeof x === 'string') {
// Detect if the string contains a require statement
if (/require\s*\(/ig.test(x)) {
console.warn('Short-circuiting `render`; string contains possible "require" invocation:', x);
Sentry.captureException(new Error(`Short-circuiting 'render'; string contains possible "require" invocation: ${x}`));
return x;
}
try {
// @ts-expect-error -- TSCONVERSION
x = await templating.render(x, { context, path, ignoreUndefinedEnvVariable });