From d44d53d8cbfb05d79a7b15febd30ad9f3e9b3e29 Mon Sep 17 00:00:00 2001
From: Ryan Cartwright <fryzee.cartwright@gmail.com>
Date: Tue, 7 Jan 2025 10:15:16 +1100
Subject: [PATCH 1/2] update path matching regex to be stricter to ensure no
 history leakage

---
 .../frontend/src/components/apis/APIHistory.tsx   | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/pkg/dashboard/frontend/src/components/apis/APIHistory.tsx b/pkg/dashboard/frontend/src/components/apis/APIHistory.tsx
index 0f0e85bd..dafa74d2 100644
--- a/pkg/dashboard/frontend/src/components/apis/APIHistory.tsx
+++ b/pkg/dashboard/frontend/src/components/apis/APIHistory.tsx
@@ -18,13 +18,18 @@ interface Props {
 }
 
 const checkEquivalentPaths = (matcher: string, path: string): boolean => {
-  // If the paths are equal regardless of query params
-  if (path.split('?').length > 1 && matcher.split('?').length > 1) {
-    return path.split('?')[0] === matcher.split('?')[0]
+  // Split both the matcher and path by "?" to separate query parameters
+  const [matcherBase] = matcher.split('?')
+  const [pathBase] = path.split('?')
+
+  // If both have query parameters, compare only the base paths
+  if (matcher.includes('?') && path.includes('?')) {
+    return matcherBase === pathBase
   }
 
-  const regex = matcher.replace(/{(.*)}/, '(.*)')
-  return path.match(regex) !== null
+  const regex = new RegExp(`^${matcherBase.replace(/{[^/]+}/, '[^/]+')}$`)
+
+  return regex.test(pathBase)
 }
 
 const APIHistory: React.FC<Props> = ({

From 699f550728b62ec0d0d09d6f940c7705d6207047 Mon Sep 17 00:00:00 2001
From: Ryan Cartwright <39504851+HomelessDinosaur@users.noreply.github.com>
Date: Tue, 7 Jan 2025 14:18:39 +1100
Subject: [PATCH 2/2] Update
 pkg/dashboard/frontend/src/components/apis/APIHistory.tsx

Co-authored-by: David Moore <4121492+davemooreuws@users.noreply.github.com>
---
 pkg/dashboard/frontend/src/components/apis/APIHistory.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/dashboard/frontend/src/components/apis/APIHistory.tsx b/pkg/dashboard/frontend/src/components/apis/APIHistory.tsx
index dafa74d2..814fb7c1 100644
--- a/pkg/dashboard/frontend/src/components/apis/APIHistory.tsx
+++ b/pkg/dashboard/frontend/src/components/apis/APIHistory.tsx
@@ -27,7 +27,7 @@ const checkEquivalentPaths = (matcher: string, path: string): boolean => {
     return matcherBase === pathBase
   }
 
-  const regex = new RegExp(`^${matcherBase.replace(/{[^/]+}/, '[^/]+')}$`)
+  const regex = new RegExp(`^${matcherBase.replace(/{[^/]+}/g, '[^/]+')}$`)
 
   return regex.test(pathBase)
 }