let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: guard Slack cmdarg decode

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-15 10:25:27 +00:00
parent 9097ef90b7
commit cf81cb942b
2 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/slack/monitor/slash.ts
View File

@@ -72,11 +72,23 @@ function parseSlackCommandArgValue(raw?: string | null): {
if (parts.length !== 5 || parts[0] !== SLACK_COMMAND_ARG_VALUE_PREFIX) return null;
const [, command, arg, value, userId] = parts;
if (!command || !arg || !value || !userId) return null;
const decode = (text: string) => {
try {
return decodeURIComponent(text);
} catch {
return null;
}
};
const decodedCommand = decode(command);
const decodedArg = decode(arg);
const decodedValue = decode(value);
const decodedUserId = decode(userId);
if (!decodedCommand || !decodedArg || !decodedValue || !decodedUserId) return null;
return {
command: decodeURIComponent(command),
arg: decodeURIComponent(arg),
value: decodeURIComponent(value),
userId: decodeURIComponent(userId),
command: decodedCommand,
arg: decodedArg,
value: decodedValue,
userId: decodedUserId,
};
}