fix: sonarqube issues #155
Conversation
cgawron
commented
Sep 30, 2024
cgawron
commented
- remove unused imports
- remove void casts
- do not use index as key in lists
- remove unused imports - remove void casts - do not use index as key in lists
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -338,7 +338,7 @@ | |||
| google_tokens[key] = <string>token.tokens[key]; | |||
| } | |||
| }); | |||
| void UserModel.findOneAndUpdate({ _id: user }, { google_tokens }, { new: true }) | |||
| UserModel.findOneAndUpdate({ _id: user }, { google_tokens }, { new: true }) | |||
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we need to ensure that the user input is properly sanitized before being used in the database query. One way to achieve this is by using the $eq operator to ensure that the user input is interpreted as a literal value. Additionally, we should validate that the user input is a string and a valid ObjectId.
- Modify the
saveTokensfunction to use the$eqoperator in the MongoDB query. - Ensure that the
userinput is a string and a valid ObjectId before using it in the query.
| @@ -333,3 +333,3 @@ | ||
| function saveTokens(user: string, token) { | ||
| if (!isValidObjectId(user)) { | ||
| if (typeof user !== "string" || !isValidObjectId(user)) { | ||
| console.error('Invalid user ID'); | ||
| @@ -344,3 +344,3 @@ | ||
| }); | ||
| UserModel.findOneAndUpdate({ _id: user }, { google_tokens }, { new: true }) | ||
| UserModel.findOneAndUpdate({ _id: { $eq: user } }, { google_tokens }, { new: true }) | ||
| .then(user => { |
Test Results2 files 2 suites 0s ⏱️ Results for commit 83c732a. ♻️ This comment has been updated with latest results. |
- remove unused imports - remove void casts - do not use index as key in lists
…olled sources Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…olled sources Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
- remove unused imports - remove void casts - do not use index as key in lists
- migrate `ts-jest` config
- backend: update vitest & @vitest/coverage-v8
- make sure test results are available for coverage measurement
- make sure test results are available for coverage measurement
- update yarn.lock
- do not automount service account token - limit container resources
- do not automount service account token - limit container resources
- migrate to CTRF reports
- migrate to CTRF reports
- add CTRF report as PR comment
- add CTRF report as PR comment
- add CTRF report as PR comment
Test Summary - Run #157
🎉 All tests passed! |
- add CTRF report as PR comment
- add CTRF report as PR comment
Test Summary - Run #159
🎉 All tests passed! |
- add CTRF report as PR comment
- set resource limit for container
Test Summary - Run #161
❌ Some tests failed!
|
- upload cypress screenshots for error analysis
Test Summary - Run #162
❌ Some tests failed!
|
- update default for API URL to https://argocd.gawron.cloud/api/v1
- update default for API URL to https://argocd.gawron.cloud/api/v1
Test Summary - Run #163
❌ Some tests failed!
|
|
🎉 This PR is included in version 1.7.11 🎉 The release is available on Your semantic-release bot 📦🚀 |
|
🎉 This PR is included in version 1.6.4 🎉 The release is available on Your semantic-release bot 📦🚀 |
