Revert "PLAT-2614 Ampersand symbol getting converted "

ThomasKranitsas · web-flow · commit ba49c3cede44 · 2023-10-04T18:14:02.000+03:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -154,7 +154,7 @@ workflows:
             - UnitTests
           filters:
             branches:
-              only: ['develop', 'connect-performance-testing', 'feature/new-milestone-concept','feature/PLAT-2614']
+              only: ['develop', 'connect-performance-testing', 'feature/new-milestone-concept']
       - deployProd:
           context : org-global
           requires:
diff --git a/config/default.json b/config/default.json
@@ -14,8 +14,6 @@
   "directProjectServiceEndpoint": "",
   "directProjectServiceTimeout": 5000,
   "attachmentsS3Bucket": "topcoder-prod-media",
-  "attachmentsDMZS3Bucket": "topcoder-prod-media-dmz",
-  "attachmentsQuarantineS3Bucket": "topcoder-prod-media-quarantine",
   "projectAttachmentPathPrefix": "projects",
   "projectAttachmentPathSuffix": "attachments",
   "elasticsearchConfig": {
@@ -89,4 +87,4 @@
   },
   "STRIPE_SECRET_KEY": "",
   "sfdcBillingAccountNameField": "Billing_Account_Name__c"
-}
+}
diff --git a/config/development.json b/config/development.json
@@ -2,8 +2,6 @@
   "pubsubQueueName": "dev.project.service",
   "pubsubExchangeName": "dev.projects",
   "attachmentsS3Bucket": "topcoder-dev-media",
-  "attachmentsDMZS3Bucket": "topcoder-dev-media-dmz",
-  "attachmentsQuarantineS3Bucket": "topcoder-dev-media-quarantine",
   "connectProjectsUrl": "https://connect.topcoder-dev.com/projects/",
   "fileServiceEndpoint": "https://api.topcoder-dev.com/v3/files/",
   "connectProjectsUrl": "https://connect.topcoder-dev.com/projects/",
diff --git a/package.json b/package.json
@@ -57,6 +57,7 @@
     "express": "^4.13.4",
     "express-list-routes": "^0.1.4",
     "express-request-id": "^1.1.0",
+    "express-sanitizer": "^1.0.2",
     "express-validation": "^1.0.3",
     "handlebars": "^4.5.3",
     "http-aws-es": "^4.0.0",
@@ -69,14 +70,13 @@
     "moment": "^2.22.2",
     "no-kafka": "^3.4.3",
     "pg": "^7.11.0",
-    "pg-native": "^3.0.1",
+    "pg-native": "^3.0.0",
     "sequelize": "^5.8.7",
     "stripe": "^8.195.0",
     "swagger-ui-express": "^4.0.6",
     "tc-core-library-js": "github:appirio-tech/tc-core-library-js#v2.6.6",
     "traverse": "^0.6.6",
     "urlencode": "^1.1.0",
-    "xss": "^1.0.14",
     "yamljs": "^0.3.0"
   },
   "devDependencies": {
@@ -102,8 +102,5 @@
     "sinon": "^1.17.4",
     "sinon-chai": "^2.8.0",
     "supertest": "^4.0.2"
-  },
-  "volta": {
-    "node": "12.22.12"
   }
 }
diff --git a/src/app.js b/src/app.js
@@ -2,6 +2,7 @@ import express from 'express';
 import methodOverride from 'method-override';
 import _ from 'lodash';
 import bodyParser from 'body-parser';
+import expressSanitizer from 'express-sanitizer';
 import config from 'config';
 import cors from 'cors';
 import coreLib from 'tc-core-library-js';
@@ -35,6 +36,7 @@ app.use(bodyParser.urlencoded({
   extended: false,
 }));
 app.use(bodyParser.json());
+app.use(expressSanitizer());
 
 // add request Id
 const addRequestId = expressRequestId();
diff --git a/src/constants.js b/src/constants.js
@@ -139,8 +139,6 @@ export const EVENT = {
 };
 
 export const BUS_API_EVENT = {
-  AV_SCAN_REQUEST: 'avscan.action.scan',
-
   PROJECT_CREATED: 'project.action.create',
   PROJECT_UPDATED: 'project.action.update',
   PROJECT_DELETED: 'project.action.delete',
@@ -153,7 +151,6 @@ export const BUS_API_EVENT = {
   PROJECT_ATTACHMENT_ADDED: 'project.action.create',
   PROJECT_ATTACHMENT_REMOVED: 'project.action.delete',
   PROJECT_ATTACHMENT_UPDATED: 'project.action.update',
-  PROJECT_ATTACHMENT_SCAN_RESULT: 'avscan.projects.assets.result',
 
   // When phase is added/updated/deleted from the project,
   // When product is added/deleted from a phase
diff --git a/src/events/attachments/index.js b/src/events/attachments/index.js
diff --git a/src/events/kafkaHandlers.js b/src/events/kafkaHandlers.js
@@ -17,10 +17,6 @@ import {
 } from './projectPhases';
 import { timelineAdjustedKafkaHandler } from './timelines';
 import { milestoneUpdatedKafkaHandler } from './milestones';
-import {
-  attachmentScanResultKafkaHandler,
-  attachmentCreatedKafkaHandler,
-} from './attachments';
 
 const kafkaHandlers = {
   /**
@@ -41,9 +37,6 @@ const kafkaHandlers = {
   // Events coming from timeline/milestones (considering it as a separate module/service in future)
   [CONNECT_NOTIFICATION_EVENT.MILESTONE_TRANSITION_COMPLETED]: milestoneUpdatedKafkaHandler,
   [CONNECT_NOTIFICATION_EVENT.TIMELINE_ADJUSTED]: timelineAdjustedKafkaHandler,
-
-  // Events coming from attachments
-  [BUS_API_EVENT.PROJECT_ATTACHMENT_SCAN_RESULT]: attachmentScanResultKafkaHandler,
 };
 
 /**
@@ -102,10 +95,6 @@ registerKafkaHandler(
   RESOURCES.PHASE,
   projectPhaseRemovedKafkaHandler,
 );
-registerKafkaHandler(
-  BUS_API_EVENT.PROJECT_ATTACHMENT_ADDED,
-  RESOURCES.ATTACHMENT,
-  attachmentCreatedKafkaHandler,
-);
+
 
 export default kafkaHandlers;
diff --git a/src/routes/attachments/create.js b/src/routes/attachments/create.js
@@ -70,7 +70,7 @@ module.exports = [
 
     const sourceBucket = data.s3Bucket;
     const sourceKey = data.path;
-    const destBucket = config.get('attachmentsDMZS3Bucket');
+    const destBucket = config.get('attachmentsS3Bucket');
     const destKey = path;
 
     if (data.type === ATTACHMENT_TYPES.LINK) {
diff --git a/src/routes/projects/create.js b/src/routes/projects/create.js
@@ -14,7 +14,6 @@ import util from '../../util';
 import { PERMISSION } from '../../permissions/constants';
 
 const traverse = require('traverse');
-const xss = require('xss');
 
 /**
  * API to handle creating a new project.
@@ -419,11 +418,7 @@ module.exports = [
       // keep the raw '&&' string in conditions string in estimation
       const isEstimationCondition =
         (this.path.length === 3) && (this.path[0] === 'estimation') && (this.key === 'conditions');
-      // if (this.isLeaf && typeof x === 'string' && (!isEstimationCondition)) this.update(req.sanitize(x));
-      if (this.isLeaf && typeof x === 'string' && !isEstimationCondition) {
-        const sanitizedData = xss(x);
-        this.update(sanitizedData);
-      }
+      if (this.isLeaf && typeof x === 'string' && (!isEstimationCondition)) this.update(req.sanitize(x));
     });
     // override values
     _.assign(project, {
diff --git a/src/routes/projects/update.js b/src/routes/projects/update.js
@@ -15,7 +15,6 @@ import util from '../../util';
 import { PERMISSION } from '../../permissions/constants';
 
 const traverse = require('traverse');
-const xss = require('xss');
 
 /**
  * API to handle updating a project.
@@ -191,11 +190,7 @@ module.exports = [
     // prune any fields that cannot be updated directly
     updatedProps = _.omit(updatedProps, ['createdBy', 'createdAt', 'updatedBy', 'updatedAt', 'id']);
     traverse(updatedProps).forEach(function (x) { // eslint-disable-line func-names
-      // if (x && this.isLeaf && typeof x === 'string') this.update(req.sanitize(x));
-      if (x && this.isLeaf && typeof x === 'string') {
-        const sanitizedData = xss(x);
-        this.update(sanitizedData);
-      }
+      if (x && this.isLeaf && typeof x === 'string') this.update(req.sanitize(x));
     });
     let previousValue;
     models.sequelize.transaction(() => models.Project.findOne({
