Fix code scanning alert no. 21: Type confusion through parameter tamp…

…ering

It looks like you're dealing with a type confusion vulnerability in req.query.name. The Copilot Autofix AI suggested a fix to ensure that req.query.name is a string before using it. This is important to prevent injection attacks like SQL injection or path traversal.

Here’s a summary of the suggested fix:

javascript
let requestedFilePath = req.query.name;
if (typeof requestedFilePath !== 'string') {
  res.status(400).send("Bad request");
  return;
}
This check ensures that req.query.name is a string and handles cases where it might be an array or any other type. This can help prevent potential security vulnerabilities.

It looks like this issue has been detected and fixed multiple times in your repository, likely due to changes in dependencies or code reverts. Ensuring that this fix is consistently applied and tested is crucial to maintaining the security of your application.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: aka <akadev8@outlook.com>

fixtures/flight-esm/server/region.js

@@ -125,6 +125,10 @@ if (process.env.NODE_ENV === 'development') {
     try {
       res.set('Content-type', 'application/json');
       let requestedFilePath = req.query.name;
+      if (typeof requestedFilePath !== 'string') {
+        res.status(400).send("Bad request");
+        return;
+      }
 
       let isCompiledOutput = false;
       if (requestedFilePath.startsWith('file://')) {