Possible improper use of "replace()" to sanitize queryAi() results in XTM code?

[PedroJSilva2001]

Prerequisites

• I read the Deployment and Setup section of the OpenCTI documentation as well as the Troubleshooting page and didn't find anything relevant to my problem.
• I went through old GitHub issues and couldn't find anything relevant
• I googled the issue and didn't find anything relevant

Description

While performing a code scan in a fork of OpenCTI, I detected a possible improper sanitization of the results in XTM domain using the "replace()" function. In this case, from my understanding, with the pattern '"' it is only replacing the first occurrence of the double braces in the results of the LLM. Is this the intended behavior?

Version/Tag: 6.5.1
Commit: 1b14135
File: opencti/blob/master/opencti-platform/opencti-graphql/src/modules/xtm/xtm-domain.js
Lines:

• 151
• 197
• 241
• 287

Environment

N/A

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Run the line (e.g., in the Browser's console):

'\"Hello\"'.replace('"', '');

2. The output of this should be 'Hello"' (but is this intended?)

Reference documentation

• https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replace