Add a custom sanitization function for the "Tag" property (#546)

* Add a custom sanitization function for the tag property in create call body * remove tag.* property from schema * do not escape URLs but validate them * apply suggestions from PR review --------- Co-authored-by: Markus Frindt <m.frindt@cognigy.com>
2025-12-20 08:40:38 +00:00 · 2023-11-27 19:03:47 +01:00
parent 9478f3a1b8
commit 7e349fe4e5
2 changed files with 38 additions and 9 deletions
--- a/lib/http-routes/api/create-call.js
+++ b/lib/http-routes/api/create-call.js
@@ -5,7 +5,7 @@ const CallInfo = require('../../session/call-info');
 const {CallDirection, CallStatus} = require('../../utils/constants');
 const uuidv4 = require('uuid-random');
 const SipError = require('drachtio-srf').SipError;
-const { validationResult } = require('express-validator');
+const { validationResult, body } = require('express-validator');
 const { validate } = require('@jambonz/verb-specifications');
 const sysError = require('./error');
 const HttpRequestor = require('../../utils/http-requestor');
@@ -13,7 +13,7 @@ const WsRequestor = require('../../utils/ws-requestor');
 const RootSpan = require('../../utils/call-tracer');
 const dbUtils = require('../../utils/db-utils');
 const { mergeSdpMedia, extractSdpMedia } = require('../../utils/sdp-utils');
-const { createCallSchema } = require('../schemas/create-call');
+const { createCallSchema, customSanitizeFunction } = require('../schemas/create-call');

 const removeNullProperties = (obj) => (Object.keys(obj).forEach((key) => obj[key] === null && delete obj[key]), obj);
 const removeNulls = (req, res, next) => {
@@ -24,6 +24,12 @@ const removeNulls = (req, res, next) => {
 router.post('/',
  removeNulls,
  createCallSchema,
+  body('tag').custom((value) => {
+    if (value) {
+      customSanitizeFunction(value);
+    }
+    return true;
+  }),
  async(req, res) => {
    const {logger} = req.app.locals;
    const errors = validationResult(req);