wdevs/ResolveSpec
3
0
Fork 0
mirror of https://github.com/bitechdev/ResolveSpec.git synced 2026-01-17 08:24:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(validation): Clear JoinAliases in FilterRequestOptions
Some checks failed
Build , Vet Test, and Lint / Run Vet Tests (1.24.x) (push) Successful in -27m20s
Details
Build , Vet Test, and Lint / Run Vet Tests (1.23.x) (push) Successful in -26m49s
Details
Build , Vet Test, and Lint / Build (push) Successful in -26m53s
Details
Build , Vet Test, and Lint / Lint Code (push) Successful in -26m22s
Details
Tests / Integration Tests (push) Failing after -27m37s
Details
Tests / Unit Tests (push) Successful in -27m25s
Details

Browse Source 
* Implemented logic to clear JoinAliases after filtering.
* Added unit test to verify JoinAliases is nil post-filtering.
* Ensured other fields are correctly filtered.
This commit is contained in:
Hein
2026-01-15 14:43:11 +02:00
parent 24a7ef7284
commit c12c045db1
2 changed files with 48 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
pkg/common/validation.go
View File

@@ -237,15 +237,29 @@ func (v *ColumnValidator) FilterRequestOptions(options RequestOptions) RequestOp
for _, sort := range options.Sort {
if v.IsValidColumn(sort.Column) {
validSorts = append(validSorts, sort)
} else if strings.HasPrefix(sort.Column, "(") && strings.HasSuffix(sort.Column, ")") {
// Allow sort by expression/subquery, but validate for security
if IsSafeSortExpression(sort.Column) {
validSorts = append(validSorts, sort)
} else {
logger.Warn("Unsafe sort expression '%s' removed", sort.Column)
}
} else {
logger.Warn("Invalid column in sort '%s' removed", sort.Column)
foundJoin := false
for _, j := range options.JoinAliases {
if strings.Contains(sort.Column, j) {
foundJoin = true
break
}
}
if foundJoin {
validSorts = append(validSorts, sort)
continue
}
if strings.HasPrefix(sort.Column, "(") && strings.HasSuffix(sort.Column, ")") {
// Allow sort by expression/subquery, but validate for security
if IsSafeSortExpression(sort.Column) {
validSorts = append(validSorts, sort)
} else {
logger.Warn("Unsafe sort expression '%s' removed", sort.Column)
}
} else {
logger.Warn("Invalid column in sort '%s' removed", sort.Column)
}
}
}
filtered.Sort = validSorts
@@ -291,6 +305,9 @@ func (v *ColumnValidator) FilterRequestOptions(options RequestOptions) RequestOp
}
filtered.Preload = validPreloads
// Clear JoinAliases - this is an internal validation field and should not be persisted
filtered.JoinAliases = nil
return filtered
}