From e8f5450cb05213c3c06802442103f5c414eee5cc Mon Sep 17 00:00:00 2001
From: KernelDeimos <eric.alex.dube@gmail.com>
Date: Mon, 20 Jan 2025 10:34:25 -0500
Subject: [PATCH] fix: reduce code paths for querystrings

---
 src/backend/src/modules/web/WebServerService.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/backend/src/modules/web/WebServerService.js b/src/backend/src/modules/web/WebServerService.js
index a47192dd..5670786f 100644
--- a/src/backend/src/modules/web/WebServerService.js
+++ b/src/backend/src/modules/web/WebServerService.js
@@ -520,6 +520,22 @@ class WebServerService extends BaseService {
         app.use(helmet.xssFilter());
         // app.use(helmet.referrerPolicy());
         app.disable('x-powered-by');
+
+        // remove object and array query parameters
+        app.use(function (req, res, next) {
+            for ( let k in req.query ) {
+                if ( req.query[k] === undefined || req.query[k] === null ) {
+                    continue;
+                }
+
+                const allowed_types = ['string', 'number', 'boolean'];
+                if ( ! allowed_types.includes(typeof req.query[k]) ) {
+                    req.query[k] = undefined;
+                }
+            }
+            console.log('\x1B[36;1m======= ok???', req.query);
+            next();
+        });
         
         const uaParser = require('ua-parser-js');
         app.use(function (req, res, next) {