fix(security): escape regular expression created from user input (#3506)

glowcloud · web-flow · commit 013edf9836ce · 2024-05-08T15:52:36.000+02:00
Refs #3505
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -124,6 +124,7 @@
     "node-fetch-commonjs": "^3.3.2",
     "openapi-path-templating": "^1.5.1",
     "qs": "^6.10.2",
+    "ramda-adjunct": "^5.0.0",
     "traverse": "=0.6.8"
   },
   "overrides": {
diff --git a/src/execute/index.js b/src/execute/index.js
@@ -1,5 +1,6 @@
 import cookie from 'cookie';
 import { isPlainObject } from 'is-plain-object';
+import { escapeRegExp } from 'ramda-adjunct';
 import { ApiDOMStructuredError } from '@swagger-api/apidom-error';
 import { url } from '@swagger-api/apidom-reference/configuration/empty';
 
@@ -353,7 +354,7 @@ function oas3BaseUrl({ spec, pathName, method, server, contextUrl, serverVariabl
         const variableDefinition = selectedServerObj.variables[variable];
         const variableValue = serverVariables[variable] || variableDefinition.default;
 
-        const re = new RegExp(`{${variable}}`, 'g');
+        const re = new RegExp(`{${escapeRegExp(variable)}}`, 'g');
         selectedServerUrl = selectedServerUrl.replace(re, variableValue);
       }
     });
