Merge pull request #499 from owasp-noir/fix/prevent-duplicate-path-params

ksg97031 · web-flow · commit af6e0faaec0a · 2025-01-18T22:41:32.000+09:00
fix: Prevent duplicate path params from being added
diff --git a/src/models/noir.cr b/src/models/noir.cr
@@ -279,7 +279,10 @@ class NoirRunner
           new_endpoint.url = new_endpoint.url.gsub("{#{match[1]}}", new_value)
         end
 
-        new_endpoint.params << Param.new(param, "", "path")
+        new_param = Param.new(param, "", "path")
+        unless new_endpoint.params.includes?(new_param)
+          new_endpoint.params << new_param
+        end
       end
 
       scans = endpoint.url.scan(/\/:([^\/]+)/).flatten
@@ -289,7 +292,10 @@ class NoirRunner
           new_endpoint.url = new_endpoint.url.gsub(":#{match[1]}", new_value)
         end
 
-        new_endpoint.params << Param.new(match[1], "", "path")
+        new_param = Param.new(match[1], "", "path")
+        unless new_endpoint.params.includes?(new_param)
+          new_endpoint.params << new_param
+        end
       end
 
       scans = endpoint.url.scan(/\/<([^>]+)>/).flatten
@@ -299,7 +305,11 @@ class NoirRunner
         if new_value != ""
           new_endpoint.url = new_endpoint.url.gsub("<#{match[1]}>", new_value)
         end
-        new_endpoint.params << Param.new(param, "", "path")
+
+        new_param = Param.new(param, "", "path")
+        unless new_endpoint.params.includes?(new_param)
+          new_endpoint.params << new_param
+        end
       end
 
       final << new_endpoint
