- Notifications
You must be signed in to change notification settings - Fork6
Potential fix for code scanning alert no. 72: Incomplete string escaping or encoding#31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
…ing or encodingCo-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
| if(suspiciousReason){ | ||
| if(invalidDateBehavior.warn){ | ||
| console.warn(`${fileName}: record${recordIdentifier} has${suspiciousReason.replace('|',' & ')} (${parsedDate.toISOString()}); strategy=${invalidDateBehavior.strategy}`); | ||
| console.warn(`${fileName}: record${recordIdentifier} has${suspiciousReason.replace(/\|/g,' & ')} (${parsedDate.toISOString()}); strategy=${invalidDateBehavior.strategy}`); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
[correctness]
The use ofsuspiciousReason.replace(/\|/g, ' & ') correctly replaces all occurrences of the pipe character. Ensure thatsuspiciousReason is always a string to avoid runtime errors. Consider adding a check or conversion to string if there's any chancesuspiciousReason could be non-string.
kkartunov commentedNov 4, 2025
@jmgasper looks safe to merge this PR which will close the severity alert. |
29ae9d7 intodevelopUh oh!
There was an error while loading.Please reload this page.
Potential fix forhttps://github.com/topcoder-platform/challenge-api-v6/security/code-scanning/72
The best way to fix this problem is to ensure that all occurrences of the pipe character (
|) in thesuspiciousReasonstring are replaced with" & ". This can be achieved by using a regular expression with the global flag (/g), specifically.replace(/\|/g, ' & '), so that every pipe in the string is replaced—not just the first. Only line 178 needs to be changed, and no additional imports or method definitions are required.Suggested fixes powered by Copilot Autofix. Review carefully before merging.