Legger til sanitizedPaths som foreslått av CodeQL

Author: terjeofnorway

server/src/req-handlers/invalidate-paths.ts

@@ -2,7 +2,6 @@ import { RequestHandler } from 'express';
 import PageCacheHandler from 'cache/page-cache-handler';
 import { logger } from 'srcCommon/logger';
 import escapeHtml from 'escape-html';
-import { escape } from 'querystring';
 
 export const handleInvalidatePathsReq: RequestHandler = (req, res) => {
     const { eventid = '' } = req.headers;
@@ -17,9 +16,10 @@ export const handleInvalidatePathsReq: RequestHandler = (req, res) => {
 
     const cacheHandler = new PageCacheHandler();
 
-    paths.forEach((path) => cacheHandler.delete(path));
+    const sanitizedPaths = paths.map((path) => escapeHtml(path.toString()));
+    sanitizedPaths.forEach((path) => cacheHandler.delete(path));
 
-    const msg = `Received cache invalidation event for ${paths.length} paths - event id ${escapeHtml(eventid.toString())}`;
+    const msg = `Received cache invalidation event for ${sanitizedPaths.length} paths - event id ${escapeHtml(eventid.toString())}`;
     logger.info(msg);
 
     res.status(200).send(msg);