Fix tests for attackPath

AikidoSec · Dec 18, 2024 · 8b33e43 · 8b33e43
1 parent 17d8b32
commit 8b33e43
Showing 1 changed file with 43 additions and 13 deletions.
diff --git a/library/helpers/attackPath.ts b/library/helpers/attackPath.ts
@@ -37,28 +37,48 @@ export function buildPathToPayload(pathToPayload: PathPart[]): string {
   }, "");
 }
 
+class Matches {
+  private readonly matches: string[] = [];
+
+  constructor(private readonly max: number) {
+    if (max < 1) {
+      throw new Error("Max must be greater than 0");
+    }
+  }
+
+  addMatch(path: PathPart[]) {
+    this.matches.push(buildPathToPayload(path));
+  }
+
+  getMatches() {
+    return this.matches;
+  }
+
+  reachedMax() {
+    return this.matches.length >= this.max;
+  }
+}
+
 export function getPathsToPayload(
   attackPayload: string,
   obj: unknown,
   matchCount = DEFAULT_MATCH_COUNT
 ): string[] {
-  const matches: string[] = [];
-
+  const matches = new Matches(matchCount);
   const attackPayloadLowercase = attackPayload.toLowerCase();
 
   const traverse = (value: unknown, path: PathPart[] = [], depth = 0) => {
-    if (matches.length >= matchCount) {
+    if (matches.reachedMax()) {
       return;
     }
 
     if (depth > MAX_DEPTH) {
       return;
     }
 
-    // Handle strings
     if (typeof value === "string") {
       if (value.toLowerCase() === attackPayloadLowercase) {
-        matches.push(buildPathToPayload(path));
+        matches.addMatch(path);
         return;
       }
 
@@ -71,30 +91,40 @@ export function getPathsToPayload(
     }
 
     if (Array.isArray(value)) {
-      // Handle arrays
+      if (
+        value.length > 1 &&
+        value.length < MAX_ARRAY_LENGTH &&
+        value.join().toLowerCase() === attackPayloadLowercase
+      ) {
+        matches.addMatch(path);
+        return;
+      }
+
       for (const [index, item] of value.entries()) {
-        if (index > MAX_ARRAY_LENGTH) {
+        if (matches.reachedMax() || index > MAX_ARRAY_LENGTH) {
           break;
         }
-        traverse(item, path.concat({ type: "array", index }), depth);
-      }
 
-      if (value.join().toLowerCase() === attackPayloadLowercase) {
-        matches.push(buildPathToPayload(path));
+        traverse(item, path.concat({ type: "array", index }), depth);
       }
 
       return;
     }
 
     if (isPlainObject(value)) {
-      // Handle objects
       for (const key in value) {
+        if (matches.reachedMax()) {
+          break;
+        }
+
         traverse(value[key], path.concat({ type: "object", key }), depth + 1);
       }
+
+      return;
     }
   };
 
   traverse(obj);
 
-  return matches;
+  return matches.getMatches();
 }