From 14a771636636fd2844d63cfd43d64f475d647ba9 Mon Sep 17 00:00:00 2001
From: tycrek <josh.moore@jmoore.dev>
Date: Thu, 17 Jun 2021 12:48:48 -0600
Subject: [PATCH] CodeQL

---
 ass.js | 12 +++++++++++-
 ogp.js |  2 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/ass.js b/ass.js
index d38e941..863386f 100755
--- a/ass.js
+++ b/ass.js
@@ -229,8 +229,18 @@ function startup() {
 		let resourceId = req.ass.resourceId;
 		let fileData = data[resourceId];
 
+		let requiredItems = {
+			randomId: fileData.randomId,
+			originalname: escape(fileData.originalname),
+			mimetype: fileData.mimetype,
+			size: fileData.size,
+			timestamp: fileData.timestamp,
+			opengraph: fileData.opengraph,
+			vibrant: fileData.vibrant,
+		};
+
 		// If the client is Discord, send an Open Graph embed
-		if (req.useragent.isBot) return res.type('html').send(new OpenGraph(getTrueHttp(), getTrueDomain(), resourceId, fileData.randomId, fileData).build());
+		if (req.useragent.isBot) return res.type('html').send(new OpenGraph(getTrueHttp(), getTrueDomain(), resourceId, requiredItems).build());
 
 		// Return the file differently depending on what storage option was used
 		let uploaders = {
diff --git a/ogp.js b/ogp.js
index 6d87e2b..ea769d3 100644
--- a/ogp.js
+++ b/ogp.js
@@ -22,7 +22,7 @@ class OpenGraph {
 	author;
 	color;
 
-	constructor(http, domain, resourceId, randomId, { originalname, mimetype, size, timestamp, opengraph, vibrant }) {
+	constructor(http, domain, resourceId, { randomId, originalname, mimetype, size, timestamp, opengraph, vibrant }) {
 		this.http = http;
 		this.domain = domain;
 		this.resourceId = resourceId;