Fix incomplete sanitization vulnerability by using replaceAll

Copilot · Christopher-C-Robinson · Christopher Robinson · commit fa756da3a7d8 · 2025-11-12T13:47:47.000-06:00
Co-authored-by: Christopher-C-Robinson &lt;78235938+Christopher-C-Robinson@users.noreply.github.com&gt;
diff --git a/src/extension.ts b/src/extension.ts
@@ -163,12 +163,12 @@ async function onSave(event: vscode.TextDocumentWillSaveEvent)
 
             if (configuration.files.include.length > 0)
             {
-                include = configuration.files.include.some(inc => matches(inc, sourceCodeFilePathRelative) || matches(inc, sourceCodeFilePathRelative.replace("../", "").replace("./", "")));
+                include = configuration.files.include.some(inc => matches(inc, sourceCodeFilePathRelative) || matches(inc, sourceCodeFilePathRelative.replaceAll("../", "").replaceAll("./", "")));
             }
 
             if (configuration.files.exclude.length > 0)
             {
-                exclude = configuration.files.exclude.some(exc => matches(exc, sourceCodeFilePathRelative) || matches(exc, sourceCodeFilePathRelative.replace("../", "").replace("./", "")));
+                exclude = configuration.files.exclude.some(exc => matches(exc, sourceCodeFilePathRelative) || matches(exc, sourceCodeFilePathRelative.replaceAll("../", "").replaceAll("./", "")));
             }
 
             if (include && !exclude)
@@ -229,12 +229,12 @@ async function organize(sourceCodeFilePath: string, configuration: Configuration
 
     if (configuration.files.include.length > 0)
     {
-        include = configuration.files.include.some(inc => matches(inc, sourceCodeFilePathRelative) || matches(inc, sourceCodeFilePathRelative.replace("../", "").replace("./", "")));
+        include = configuration.files.include.some(inc => matches(inc, sourceCodeFilePathRelative) || matches(inc, sourceCodeFilePathRelative.replaceAll("../", "").replaceAll("./", "")));
     }
 
     if (configuration.files.exclude.length > 0)
     {
-        exclude = configuration.files.exclude.some(exc => matches(exc, sourceCodeFilePathRelative) || matches(exc, sourceCodeFilePathRelative.replace("../", "").replace("./", "")));
+        exclude = configuration.files.exclude.some(exc => matches(exc, sourceCodeFilePathRelative) || matches(exc, sourceCodeFilePathRelative.replaceAll("../", "").replaceAll("./", "")));
     }
 
     if (include && !exclude)

Original file line number	Diff line number	Diff line change
`@@ -163,12 +163,12 @@ async function onSave(event: vscode.TextDocumentWillSaveEvent)`
`163`	`163`
`164`	`164`	`if (configuration.files.include.length > 0)`
`165`	`165`	`{`
`166`		`- include = configuration.files.include.some(inc => matches(inc, sourceCodeFilePathRelative) \|\| matches(inc, sourceCodeFilePathRelative.replace("../", "").replace("./", "")));`
	`166`	`+ include = configuration.files.include.some(inc => matches(inc, sourceCodeFilePathRelative) \|\| matches(inc, sourceCodeFilePathRelative.replaceAll("../", "").replaceAll("./", "")));`
`167`	`167`	`}`
`168`	`168`
`169`	`169`	`if (configuration.files.exclude.length > 0)`
`170`	`170`	`{`
`171`		`- exclude = configuration.files.exclude.some(exc => matches(exc, sourceCodeFilePathRelative) \|\| matches(exc, sourceCodeFilePathRelative.replace("../", "").replace("./", "")));`
	`171`	`+ exclude = configuration.files.exclude.some(exc => matches(exc, sourceCodeFilePathRelative) \|\| matches(exc, sourceCodeFilePathRelative.replaceAll("../", "").replaceAll("./", "")));`
`172`	`172`	`}`
`173`	`173`
`174`	`174`	`if (include && !exclude)`
`@@ -229,12 +229,12 @@ async function organize(sourceCodeFilePath: string, configuration: Configuration`
`229`	`229`
`230`	`230`	`if (configuration.files.include.length > 0)`
`231`	`231`	`{`
`232`		`- include = configuration.files.include.some(inc => matches(inc, sourceCodeFilePathRelative) \|\| matches(inc, sourceCodeFilePathRelative.replace("../", "").replace("./", "")));`
	`232`	`+ include = configuration.files.include.some(inc => matches(inc, sourceCodeFilePathRelative) \|\| matches(inc, sourceCodeFilePathRelative.replaceAll("../", "").replaceAll("./", "")));`
`233`	`233`	`}`
`234`	`234`
`235`	`235`	`if (configuration.files.exclude.length > 0)`
`236`	`236`	`{`
`237`		`- exclude = configuration.files.exclude.some(exc => matches(exc, sourceCodeFilePathRelative) \|\| matches(exc, sourceCodeFilePathRelative.replace("../", "").replace("./", "")));`
	`237`	`+ exclude = configuration.files.exclude.some(exc => matches(exc, sourceCodeFilePathRelative) \|\| matches(exc, sourceCodeFilePathRelative.replaceAll("../", "").replaceAll("./", "")));`
`238`	`238`	`}`
`239`	`239`
`240`	`240`	`if (include && !exclude)`