From eaca5abde5c94871c65b3d81713fb97df1bfae93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= Date: Mon, 1 Dec 2025 17:07:24 +0100 Subject: [PATCH] Input validation and error handling for secretsMode param Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- app/server/modules/lifecycle/config-export.controller.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts index e91d00cf..5344f0c8 100644 --- a/app/server/modules/lifecycle/config-export.controller.ts +++ b/app/server/modules/lifecycle/config-export.controller.ts @@ -67,7 +67,13 @@ function parseExportParams(c: Context): ExportParams { const includeIds = c.req.query("includeIds") !== "false"; const includeTimestamps = c.req.query("includeTimestamps") !== "false"; const includeRuntimeState = c.req.query("includeRuntimeState") === "true"; - const secretsMode = (c.req.query("secretsMode") as SecretsMode) || "exclude"; + const secretsModeRaw = c.req.query("secretsMode"); + const allowedSecretsModes: SecretsMode[] = ["exclude", "encrypted", "cleartext"]; + const secretsMode: SecretsMode = secretsModeRaw + ? (allowedSecretsModes.includes(secretsModeRaw as SecretsMode) + ? (secretsModeRaw as SecretsMode) + : (() => { throw new Error("Invalid secretsMode parameter"); })()) + : "exclude"; const excludeKeys = getExcludeKeys(includeIds, includeTimestamps, includeRuntimeState); return { includeIds, includeTimestamps, secretsMode, excludeKeys }; }