MLE-17209 : Review and fix vulnerabilities in Polaris report for Node Client.

Author: anu3990

lib/patch-builder.js

@@ -538,7 +538,7 @@ function replaceInsert() {
         continue;
       }
     }
-    if (apply === null || apply === undefined) {
+    if (arg && !apply) {
       apply = arg.apply;
       if (apply != null) {
         content = arg.content;

lib/resources-exec.js

@@ -54,22 +54,24 @@ function makeRequestOptions(client, args) {
   var value = null;
   var j=0;
   for (; i < keyLen; i++) {
-    key = keys[i];
-    value = params[key];
-    if (Array.isArray(value)) {
-      prefix = sep+encodeURIComponent('rs:'+key)+'=';
-      for (j=0; j < value.length; j++) {
-        path += prefix+encodeURIComponent(value[j]);
-        if (i === 0 && j === 0) {
+    key = keys?keys[i]:null;
+    if(params){
+      value = params[key];
+      if (Array.isArray(value)) {
+        prefix = sep+encodeURIComponent('rs:'+key)+'=';
+        for (j=0; j < value.length; j++) {
+          path += prefix+encodeURIComponent(value[j]);
+          if (i === 0 && j === 0) {
+            sep ='&';
+            prefix = sep+encodeURIComponent('rs:'+key)+'=';
+          }
+        }
+      } else {
+        path += sep+'rs:'+key+'='+encodeURIComponent(value);
+        if (i === 0) {
           sep ='&';
-          prefix = sep+encodeURIComponent('rs:'+key)+'=';
         }
       }
-    } else {
-      path += sep+'rs:'+key+'='+encodeURIComponent(value);
-      if (i === 0) {
-        sep ='&';
-      }
     }
   }
 

lib/responder.js

@@ -55,7 +55,7 @@ function responseDispatcher(response) {
   }
 
   var responseType     = response.headers['content-type'];
-  var responseTypeLen  = (responseType === undefined) ? 0 : responseType.length;
+  var responseTypeLen  = (!responseType) ? 0 : responseType.length;
   var responseBoundary = null;
   if (15 <= responseTypeLen && responseType.substr(0, 15) === 'multipart/mixed') {
     responseBoundary = responseType.replace(