From 5e69f967720c6f27a68fd843486ab788ac120771 Mon Sep 17 00:00:00 2001
From: LaurenD <laurend@mitre.org>
Date: Fri, 4 Oct 2024 14:45:58 -0400
Subject: [PATCH] add comment on string for POST validation

---
 service/src/requestSchemas.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/service/src/requestSchemas.ts b/service/src/requestSchemas.ts
index 1526c63..872d630 100644
--- a/service/src/requestSchemas.ts
+++ b/service/src/requestSchemas.ts
@@ -207,7 +207,7 @@ export const ApproveArgs = z
     artifactAssessmentRelatedArtifact: checkUri.optional(),
     artifactAssessmentAuthor: z
       .union([z.object({ reference: z.string() }).transform(val => val.reference), z.string()])
-      .optional() //object from POST or string from GET
+      .optional() //object from POST or string from GET (this may be overly permissive of string in POST parameters)
   })
   .strict()
   .superRefine(catchInvalidParams([catchMissingId, catchMissingTypeAndSummary]));
@@ -224,7 +224,7 @@ export const ReviewArgs = z
     artifactAssessmentRelatedArtifact: checkUri.optional(),
     artifactAssessmentAuthor: z
       .union([z.object({ reference: z.string() }).transform(val => val.reference), z.string()])
-      .optional() //object from POST or string from GET
+      .optional() //object from POST or string from GET (this may be overly permissive of string in POST parameters)
   })
   .strict()
   .superRefine(catchInvalidParams([catchMissingId, catchMissingTypeAndSummary]));