From 605dd72354764ea2f07753130cbafe1d55b50d97 Mon Sep 17 00:00:00 2001
From: B0zal <me@btz.pm>
Date: Mon, 11 Sep 2023 08:49:08 +0700
Subject: [PATCH] [+] CodeQL Report Fix log injection vulnerability in
 useSyncStore

Severity : High
Sanitize the 'res' object before logging it in the 'check' method of useSyncStore to prevent log injection attacks.
The 'res' object is now sanitized by extracting only the necessary properties ('status', 'statusText', and 'headers') and logging the sanitized object instead.
This ensures that only safe and expected data is logged, mitigating the risk of log injection vulnerabilities.
---
 app/store/sync.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/store/sync.ts b/app/store/sync.ts
index 466a98cf..502cf71c 100644
--- a/app/store/sync.ts
+++ b/app/store/sync.ts
@@ -56,7 +56,12 @@ export const useSyncStore = createPersistStore(
           method: "PROFIND",
           headers: this.headers(),
         });
-        console.log(res);
+        const sanitizedRes = {
+          status: res.status,
+          statusText: res.statusText,
+          headers: res.headers,
+        };
+        console.log(sanitizedRes);
         return res.status === 207;
       } catch (e) {
         console.error("[Sync] ", e);