fix 'Bypass Security Checks'

VEO-XXX Fix code vulnerability reported by 'sim4n6'. (https://sim4n6.beehiiv.com/p/unicode-characters-bypass-security-checks) TT#2553613 Late-Unicode Normalization in SerNet/verinice codebase
SerNet · Jul 24, 2023 · c864de8 · c864de8
1 parent 9c0b45b
commit c864de8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/sernet.gs.service/src/sernet/verinice/model/search/VeriniceQuery.java b/sernet.gs.service/src/sernet/verinice/model/search/VeriniceQuery.java
@@ -88,7 +88,7 @@ public String getQuery() {
     }
 
     private static String sanitizeQuery(String query) {
-        return Normalizer.normalize(query.replace("/", ""), Form.NFC);
+        return Normalizer.normalize(query, Form.NFC).replace("/", "");
     }
 
     /**