Security Fix: mitigate ReDOS attacks on the chat bot.

2025-06-06 16:37:06 +02:00
parent 98dc729447
commit 0be11fb2ae
9 changed files with 2068 additions and 55 deletions
--- a/client/common/configuration/services/channel-details.ts
+++ b/client/common/configuration/services/channel-details.ts
@ -192,6 +192,14 @@ export class ChannelDetailsService {
    )

    if (!response.ok) {
+      let e
+      try {
+        // checking if there are some json data in the response, with custom error message.
+        e = await response.json()
+      } catch (_err) {}
+      if (e?.validationErrorMessage && (typeof e.validationErrorMessage === 'string')) {
+        throw new Error('Failed to save configuration options: ' + e.validationErrorMessage)
+      }
      throw new Error('Failed to save configuration options.')
    }