fix(striker-ui-api): handle fence param sanitization based on type

striker-ui-api/src/lib/request_handlers/fence/createFence.ts

@@ -7,15 +7,19 @@ import { getFenceSpec, timestamp, write } from '../../accessModule';
 import { sanitize } from '../../sanitize';
 import { stderr, stdoutVar, uuid } from '../../shell';
 
+const handleNumberType = (v: unknown) => String(sanitize(v, 'number'));
+
+const handleStringType = (v: unknown) => sanitize(v, 'string');
+
 const MAP_TO_VAR_TYPE: Record<
   AnvilDataFenceParameterType,
-  'boolean' | 'number' | 'string'
+  (v: unknown) => string
 > = {
-  boolean: 'boolean',
+  boolean: (v) => (sanitize(v, 'boolean') ? '1' : ''),
-  integer: 'number',
+  integer: handleNumberType,
-  second: 'number',
+  second: handleNumberType,
-  select: 'string',
+  select: handleStringType,
-  string: 'string',
+  string: handleStringType,
 };
 
 export const createFence: RequestHandler<
@@ -24,7 +28,7 @@ export const createFence: RequestHandler<
   {
     agent: string;
     name: string;
-    parameters: { [parameterId: string]: boolean | number | string };
+    parameters: { [parameterId: string]: string };
   }
 > = async (request, response) => {
   const {
@@ -83,7 +87,7 @@ export const createFence: RequestHandler<
         return previous;
 
       // TODO: add SQL modifier after finding a way to escape single quotes
-      const paramValue = sanitize(rParamValue, MAP_TO_VAR_TYPE[paramType]);
+      const paramValue = MAP_TO_VAR_TYPE[paramType](rParamValue);
 
       previous.push(`${paramId}="${paramValue}"`);