From 24922271b7dcb8a1685109970d2d089705dfe0d8 Mon Sep 17 00:00:00 2001
From: Ihab Khaled <39255494+ihabkhaled@users.noreply.github.com>
Date: Sun, 24 May 2026 15:10:01 +0300
Subject: [PATCH] Potential fix for code scanning alert no. 24: Type confusion
 through parameter tampering

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../controllers/webhook-receiver.controller.ts     | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/apps/claw-workspace-service/src/modules/webhooks/controllers/webhook-receiver.controller.ts b/apps/claw-workspace-service/src/modules/webhooks/controllers/webhook-receiver.controller.ts
index aae229d7..e18f235c 100644
--- a/apps/claw-workspace-service/src/modules/webhooks/controllers/webhook-receiver.controller.ts
+++ b/apps/claw-workspace-service/src/modules/webhooks/controllers/webhook-receiver.controller.ts
@@ -1,4 +1,5 @@
 import {
+  BadRequestException,
   Controller,
   Get,
   Headers,
@@ -40,10 +41,21 @@ export class WebhookReceiverController {
     @Headers() headers: Record<string, string | string[] | undefined>,
     @Req() req: Request,
   ): Promise<WebhookReceiveResult> {
+    const requestBody = req.body;
+    let rawBody: Buffer;
+
+    if (Buffer.isBuffer(requestBody)) {
+      rawBody = requestBody;
+    } else if (typeof requestBody === 'string') {
+      rawBody = Buffer.from(requestBody, 'utf8');
+    } else {
+      throw new BadRequestException('Webhook body must be a raw buffer or string');
+    }
+
     return this.receiver.receive(
       parseWebhookProvider(providerRaw),
       connectorId === '_' ? null : connectorId,
-      Buffer.isBuffer(req.body) ? req.body : Buffer.from(JSON.stringify(req.body)),
+      rawBody,
       headers,
       (req.headers['x-forwarded-for'] as string | undefined) ?? req.ip ?? null,
     );