Merge pull request #12 from wuespace/alert-autofix-1

Potential fix for code scanning alert no. 1: Incomplete string escaping or encoding

Author: pklaschka

example/locales/de.json

@@ -1,6 +1,8 @@
 {
   "Hello world!": "Hallo Welt!",
   "Lazy term": "Fauler Begriff",
-  "This text contains {0} \\{} curly braces and \\\\{\\{}}\\{0}.": "Dieser Text enthält {0} \\{} geschweifte Klammern und \\\\{\\{}}\\{0}.",
-  "Untranslated text": ""
+  "Untranslated text": "",
+  "Unknown Error": "",
+  "An unexpected error occurred while processing your request.": "",
+  "This text contains {0} \\{} curly braces and \\\\\\{\\{}}\\{0}.": "Dieser Text enthält {0} \\{} geschweifte Klammern und \\\\\\{\\{}}\\{0}."
 }

example/locales/en.json

@@ -1,6 +1,8 @@
 {
   "Hello world!": "Hello world!",
   "Lazy term": "Lazy term",
-  "This text contains {0} \\{} curly braces and \\\\{\\{}}\\{0}.": "This text contains {0} \\{} curly braces and \\\\{\\{}}\\{0}.",
-  "Untranslated text": "Untranslated text"
+  "Untranslated text": "Untranslated text",
+  "Unknown Error": "Unknown Error",
+  "An unexpected error occurred while processing your request.": "An unexpected error occurred while processing your request.",
+  "This text contains {0} \\{} curly braces and \\\\\\{\\{}}\\{0}.": "This text contains {0} \\{} curly braces and \\\\\\{\\{}}\\{0}."
 }

lib/common/escapeKey.ts

@@ -1,3 +1,6 @@
 export function escapeKey(key: string): string {
-  return key.replaceAll(/{/g, "\\{");
+  // Escape all backslashes first
+  key = key.replace(/\\/g, "\\\\");
+  // Then escape curly braces
+  return key.replace(/[{]/g, "\\{");
 }

lib/common/unescapeKey.ts

@@ -1,3 +1,3 @@
 export function unescapeKey(key: string): string {
-  return key.replaceAll(/\\{/g, "{");
+  return key.replaceAll(/\\{/g, "{").replaceAll(/\\\\/g, "\\");
 }

lib/extract/TypeScriptSourceFile.ts

@@ -64,7 +64,7 @@ export class TypeScriptSourceFile {
     this.processNode(this.getSourceFile(), extractions);
   }
 
-  private processNode(node: ts.Node, extractions = this.extractions) {
+  private processNode(node: ts.Node, extractions: Extractions) {
     if (TypeScriptSourceFile.isTemplateString(node)) {
       this.processTemplateString(node, this.getSourceFile(), extractions);
     }
@@ -84,18 +84,17 @@ export class TypeScriptSourceFile {
     sourceFile: ts.SourceFile,
     extractions: Extractions,
   ) {
-    let templateString: string;
-    const tpl = node.template;
-    if (ts.isNoSubstitutionTemplateLiteral(tpl)) {
-      templateString = escapeKey(tpl.text);
-    } else if (ts.isTemplateExpression(tpl)) {
-      let templateParts = escapeKey(tpl.head.text);
-      tpl.templateSpans.forEach((span, index) => {
-        templateParts += "{" + index + "}" + escapeKey(span.literal.text);
+    let templateString = "";
+    const template = node.template;
+    if (ts.isNoSubstitutionTemplateLiteral(template)) {
+      templateString = escapeKey(template.text);
+    } else if (ts.isTemplateExpression(template)) {
+      let combinedTemplateParts = escapeKey(template.head.text);
+      template.templateSpans.forEach((span, index) => {
+        combinedTemplateParts += "{" + index + "}" +
+          escapeKey(span.literal.text);
       });
-      templateString = templateParts;
-    } else {
-      templateString = "";
+      templateString = combinedTemplateParts;
     }
     const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
     extractions.addExtraction(templateString, this.fileName, line + 1);