Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix code scanning alert - Database query built from user-controlled sources #881

Closed
thisismayuresh opened this issue Nov 22, 2024 · 3 comments · Fixed by #896
Closed

Fix code scanning alert - Database query built from user-controlled sources #881

thisismayuresh opened this issue Nov 22, 2024 · 3 comments · Fixed by #896
Assignees
@sinanptm
Labels
enhancement New feature or request

Comments

@thisismayuresh
Copy link
Collaborator

thisismayuresh commented Nov 22, 2024
edited
Loading

Description

Implementing additional safety measures for database queries in libs/dal/src/repositories/base-repository.ts. This enhancement focuses on improving input handling in the findOneAndUpdate method.

Current Implementation

protected async findOneAndUpdate(
    query: FilterQuery<T>,
    updateBody: UpdateQuery<T>,
    options: QueryOptions<T> = { new: true }
): Promise<T> {
    return this.MongooseModel.findOneAndUpdate(query, updateBody, options);
}
@thisismayuresh thisismayuresh added the enhancement New feature or request label Nov 22, 2024
@sinanptm
Copy link

Could you assign this issue to me

I will add extra safety measures for database queries.

@sinanptm sinanptm mentioned this issue Nov 22, 2024
Closed
@saksham-malhotra-27
Copy link

Hey ! is this still open or assigned already ?

@sinanptm
Copy link

Thank you for your request. The issue has already been assigned to me, and I am currently handling it. In fact, I have already submitted a pull request, and it is now being tested.

@thisismayuresh thisismayuresh linked a pull request Dec 5, 2024 that will close this issue
Fix: Databse Query Injection Vulnerability in BaseRepository #882
Closed
@thisismayuresh thisismayuresh mentioned this issue Dec 5, 2024
Merged
@thisismayuresh thisismayuresh linked a pull request Dec 5, 2024 that will close this issue
Feat/santiized query #896
Merged
chavda-bhavik added a commit that referenced this issue Dec 5, 2024
@chavda-bhavik
Feat/santiized query (#896)
c1cd3e6 
**Merging this branch will resolve the security warning related to**
#881
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sinanptm sinanptm

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
3 participants
@thisismayuresh @saksham-malhotra-27 @sinanptm