I noticed that sanitization is not properly working at a point in this module when I used this package for input sanitization for a string in a API. When sanitizing a string, It must remove the harmful characters but this module fails to do it. It only gives the warning in the log, but does not removes these characters.
Steps to Reproduce:
Drive link: https://drive.google.com/drive/folders/1rq7ztN4kQUtcJWx8iTiRpHI8nKSvD90a?usp=sharing
Vulnerable Functions: req.queryString(queryParam: String): String req.bodyString(bodyParam: String): String req.headerString(headerName: String): String req.paramString(paramName: String): String
Impact: Sanitization is not done properly here, may lead to lot of problems in future due to usage. Ex. This may lead to Code execution, XSS, and many more due to improper sanitization.