Skip to content

Figma Fiesta certificates#156

Merged
djdiptayan1 merged 2 commits intoreleasefrom
staging
Oct 16, 2025
Merged

Figma Fiesta certificates#156
djdiptayan1 merged 2 commits intoreleasefrom
staging

Conversation

@djdiptayan1
Copy link
Copy Markdown
Member

@djdiptayan1 djdiptayan1 commented Oct 16, 2025

No description provided.

djdiptayan1 and others added 2 commits October 16, 2025 17:16
@djdiptayan1
Refactor EmailDialogue component to use email instead of name; update…
3cd1e57 
… API handler to validate email field
@djdiptayan1
Merge pull request #155 from SRM-IST-KTR/dj/applyOD
9857272 
Refactor EmailDialogue component to use email instead of name; update API handler to validate email field
@vercel
Copy link
Copy Markdown
Contributor

vercel bot commented Oct 16, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
githubsrmv2 Ready Ready Preview Comment Oct 16, 2025 0:20am

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Oct 16, 2025

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch staging

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@djdiptayan1 djdiptayan1 merged commit 9a86fec into release Oct 16, 2025
6 checks passed
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 16, 2025
View reviewed changes
pages/api/v1/certificates/index.js
// error: `No certificate found for email: ${email}`
// });
// }
const userData = await User.findOne({ email });

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources High

This query object depends on a
user-provided value
Loading
.

Copilot Autofix

AI 6 months ago

The best way to fix this is to ensure that the email variable passed into the Mongo query is a primitive string, not an object or other structure. This can be done by either (a) enforcing the use of the $eq operator (making MongoDB treat it as a literal value), or (b) using explicit type-checking before querying. The fix should be added at/just before the query on line 72. For completeness, returning a 400 Bad Request on invalid type increases robustness.

Steps:

  • Before using email in the query, check that typeof email === "string".
  • If not, respond with a 400 error and do not perform any query.
  • If you want to be certain, you may additionally trim or validate the email string.
  • Alternatively, and/or in addition, use the { email: { $eq: email } } query form on line 72, forcibly treating email as a value in the query.

No new imports are needed.

Suggested changeset 1
pages/api/v1/certificates/index.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pages/api/v1/certificates/index.js b/pages/api/v1/certificates/index.js
--- a/pages/api/v1/certificates/index.js
+++ b/pages/api/v1/certificates/index.js
@@ -18,6 +18,10 @@
                 .json({ success: false, error: "All fields are required." });
         }
 
+        if (typeof email !== "string") {
+            return res.status(400).json({ success: false, error: "Invalid email format." });
+        }
+
         //only for ossome hacks 2
         // if (!name || !event || !type) {
         //     return res
@@ -69,7 +73,7 @@
             });
 
             const User = db.model(eventData.collection[type], userSchema);
-            const userData = await User.findOne({ email });
+            const userData = await User.findOne({ email: { $eq: email } });
 
             //only for ossome hacks 2
             // const userData = await User.findOne({
EOF
@@ -18,6 +18,10 @@
.json({ success: false, error: "All fields are required." });
}

if (typeof email !== "string") {
return res.status(400).json({ success: false, error: "Invalid email format." });
}

//only for ossome hacks 2
// if (!name || !event || !type) {
// return res
@@ -69,7 +73,7 @@
});

const User = db.model(eventData.collection[type], userSchema);
const userData = await User.findOne({ email });
const userData = await User.findOne({ email: { $eq: email } });

//only for ossome hacks 2
// const userData = await User.findOne({
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@djdiptayan1 @github-advanced-security