Skip to content

Database#6

Open
yaredtsy wants to merge 29 commits into
mainfrom
database
Open

Database#6
yaredtsy wants to merge 29 commits into
mainfrom
database

Conversation

@yaredtsy

@yaredtsy yaredtsy commented Feb 3, 2023
edited
Loading

Copy link
Copy Markdown
Collaborator

github-advanced-security[bot]
github-advanced-security AI found potential problems Feb 3, 2023
View reviewed changes
Comment thread src/database/index.ts Fixed
Comment thread src/database/index.ts Fixed
Comment thread src/database/index.ts Fixed
Comment thread src/database/index.ts Fixed
github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 7, 2023
View reviewed changes

@github-advanced-security github-advanced-security AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ESLint found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

yaredtsy and others added 24 commits March 7, 2023 21:40
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 9, 2023
View reviewed changes
Comment thread src/apps/Core/User/model/user.repository.ts
};

const findUserByEmail = async (email: string): Promise<User | null> => {
const user = await UserModel.findOne({ email: email });

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query depends on a [user-provided value](1).
Comment thread src/app.ts

app.use(
session({
secret: 'secret',

Check failure

Code scanning / CodeQL

Hard-coded credentials

The hard-coded value "secret" is used as [key](1).
Comment thread src/config.ts
export const environment = process.env.NODE_ENV;
export const port = process.env.PORT || 5000;
export const timezone = process.env.TZ;
export const SECRET_KEY = process.env.SECRET_KEY || 'secret';

Check failure

Code scanning / CodeQL

Hard-coded credentials

The hard-coded value "secret" is used as [key](1).
Comment thread src/apps/Core/Permission/model/permission.repository.ts
}
const updatedPermissions = await PermissionsModel.findByIdAndUpdate(
_id,
{ action, resource, attributes: attributes || '*' },

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query depends on a [user-provided value](1).
Comment thread src/apps/Core/Role/model/role.repository.ts
role.permissions = permissions;

try {
const updateRole = await RoleModel.findByIdAndUpdate(id, role, {

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query depends on a [user-provided value](1).
Comment thread src/apps/Core/Auth/auth.routes.ts

router.post('/register', validator(schema.registerUserSchema), Register);

router.get('/logout', ProtectRoutes, Logout);

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [authorization](1), but is not rate-limited.
Comment thread src/app.ts
Comment on lines +35 to +43
session({
secret: 'secret',
resave: false,
saveUninitialized: true,
store: sessionStore,
cookie: {
maxAge: 1000 * 60 * 60 * 24
}
})

Check warning

Code scanning / CodeQL

Clear text transmission of sensitive cookie

Sensitive cookie sent without enforcing SSL encryption.
Comment thread src/app.ts
Comment on lines +35 to +43
session({
secret: 'secret',
resave: false,
saveUninitialized: true,
store: sessionStore,
cookie: {
maxAge: 1000 * 60 * 60 * 24
}
})

Check failure

Code scanning / CodeQL

Missing CSRF middleware

This cookie middleware is serving a [request handler](1) without CSRF protection.
Comment thread src/apps/Core/Role/model/role.repository.ts
};

const findRoleById = async (id: Types.ObjectId): Promise<Role | null> => {
const role = await RoleModel.findOne({ _id: id }).lean().exec();

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query depends on a [user-provided value](1).
Comment thread src/apps/Core/Role/model/role.repository.ts
};

const getRoleByName = async (roleName: string) => {
const role = await RoleModel.findOne({ roleName: roleName });

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources

This query depends on a [user-provided value](1). This query depends on a [user-provided value](2).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yaredtsy @github-advanced-security