You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added a BigInt.prototype.toJSON() polyfill in the Prisma client module to fix the TypeError: Do not know how to serialize a BigInt error that occurs when passing Prisma data (Repository.githubId, PullRequest.githubId) to Client Components via React Server Components or NextResponse.json().
Type of Change
New feature
Bug fix
Documentation update
Refactoring
Performance improvement
Screenshots (if applicable)
N/A
Testing
Verified JSON.stringify() with BigInt values no longer throws and converts to strings
Confirmed regular Int fields (e.g., prNumber) remain as numbers
TypeScript compilation passes with zero errors
Dashboard page loads successfully at http://localhost:9002/dashboard
This polyfill is automatically applied whenever the Prisma client is imported, covering all API routes and Server Components that fetch data with BigInt fields.
⚠️ Detected 2 potential issues matching your code policies. Please review them before merging.
🟠 HIGH | Secret in src/lib/prisma.ts
A HIGH-level Secret threat breach would occur if an attacker obtains the DATABASE_URL from the compromised prisma.ts file, potentially accessing sensitive database information.
🛠️ View Remediation Suggestions
["Remove sensitive environment variables from source code","Utilize environment variable injectors or .env files securely with least privilege access","Replace the hardcoded DATABASE_URL with a secure, dynamically generated connection string"]
🔴 CRITICAL | Vulnerability in src/lib/prisma.ts
Breach occurs when explicit process.env leak via uncontrolled console.log() statement in src/lib/prisma.ts; attacker gains access to sensitive database credentials.
🛠️ View Remediation Suggestions
["Remove all console.log() statements related to process.env variables","Implement environment-specific configuration using a configuration system like dotenv","Configure Prisma to handle environment variables securely"]
⚠️ Detected 1 potential issues matching your code policies. Please review them before merging.
🔴 CRITICAL | Vulnerability in src/lib/prisma.ts
Using console.log with a variable referencing a sensitive environment variable (process.env.DATABASE_URL) could expose the database connection URL, potentially leading to unauthorized access.
🛠️ View Remediation Suggestions
[" // Remove logging statement"," // Replace with a more secure logging approach using a library like winston or log4js."," // Use console.error for critical errors only"]
⚠️ Detected 1 potential issues matching your code policies. Please review them before merging.
🟡 MEDIUM | Contextual Leak in src/lib/prisma.ts
An attacker has accessed the DATABASE_URL environment variable through the intercepted payload in src/lib/prisma.ts, posing a MEDIUM threat through Contextual Leak. This allows them to establish an unauthorized database connection.
🛠️ View Remediation Suggestions
["Avoid logging process.env variables, replacing them with user-supplied inputs, or utilizing environment variables management platforms for secure configuration."]
⚠️ Detected 1 potential issues matching your code policies. Please review them before merging.
🔴 CRITICAL | Vulnerability in src/lib/prisma.ts
Exposing sensitive environment variables via process.env.DATABASE_URL can be logged, allowing unauthorized access to data and exploitation of sensitive database connections. A malicious actor can utilize this exposed info to breach the Vault.
🛠️ View Remediation Suggestions
["Always use environment variable loaders that conceal sensitive information","Implement a secrets manager for secure key storage","Limit the scope of environment variables exposed to the codebase"]
Its still the same... most prolly what you are doing and what the codebase already have is the same thing... but it is not working thats why i have raised this issue
Thanks for the clarification. I understand the issue now. I apologize for the inconvenience caused. I'll investigate it further, identify the root cause, and work on a proper fix instead of duplicating the existing implementation. I'll update the PR once I have a working solution. Thank you for your patience!
Thanks for the clarification. I understand the issue now. I apologize for the inconvenience caused. I'll investigate it further, identify the root cause, and work on a proper fix instead of duplicating the existing implementation. I'll update the PR once I have a working solution. Thank you for your patience!
⚠️ Detected 3 potential issues matching your code policies. Please review them before merging.
🔴 CRITICAL | Vulnerability in src/app/dashboard/findings/page.tsx
Breach occurs when an attacker extracts and uses sensitive environment variables from src/app/dashboard/findings/page.tsx, exposing internal system configuration.
🛠️ View Remediation Suggestions
["Verify environment variable usage and store sensitive data in a secrets management system.","Remove direct access to process.env... and inject environment variables through a secure interface.","Implement IAM role-based access control to restrict access to sensitive system components."]
🟠 HIGH | Vulnerability in src/app/dashboard/findings/page.tsx
An attacker could inject malicious SQL syntax into findingsRaw to extract sensitive data or execute unintended database operations.
🛠️ View Remediation Suggestions
["Implement query whitelisting by defining allowed fields in the Prisma schema file to prevent arbitrary query execution.","Use Prisma's built-in query validation to restrict user input."]
🟠 HIGH | Misconfig in src/app/dashboard/page.tsx
Wildcard CORS configuration allows unauthorized origin access, enabling attackers to exploit the application; the intercepted payload retrieves recent PRs without authenticating the origin.
🛠️ View Remediation Suggestions
["Implement origin-specific CORS policies","Verify authentication and authorization mechanisms"]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Added a
BigInt.prototype.toJSON()polyfill in the Prisma client module to fix theTypeError: Do not know how to serialize a BigInterror that occurs when passing Prisma data (Repository.githubId, PullRequest.githubId) to Client Components via React Server Components or NextResponse.json().Type of Change
Screenshots (if applicable)
N/A
Testing
JSON.stringify()with BigInt values no longer throws and converts to stringsIntfields (e.g.,prNumber) remain as numbershttp://localhost:9002/dashboardRelated Issues
Closes #144
Checklist
Additional Notes
The fix is a single line added to
src/lib/prisma.ts:This polyfill is automatically applied whenever the Prisma client is imported, covering all API routes and Server Components that fetch data with BigInt fields.