Possible bug or spec?
ppashakhanloo opened this issue · comments
Hi there,
I was reading the source code of this repository for a project of mine and came across this line of code: routes/error-tracker.js#L102
If you follow where the value of req.body
flows in the code, you can can see that it ends in a call to deleter()
in utils/cache.js
. So my question is this: which function is responsible for sanitizing req
? It can be potentially exploited (or just result in an undesired behavior). I could not find information about it in the repository so I apologize if I misread or overlooked something.
Thanks
Hi @ppashakhanloo: Sanitization happens in
anderror-tracker/routes/error-tracker.js
Lines 109 to 124 in 224fe25
The deleter
call itself shouldn't matter for the param body, it will only delete cache entries that we generate to ensure the cache doesn't grow unbounded.