Skip to content
Permalink
Browse files

chore(example7): fix sql injection (#279)

  • Loading branch information
goldcaddy77 committed Dec 16, 2019
1 parent 2b2bff2 commit d2ed3e692c4eebe3738d87c82106b8e05c191eb0
@@ -1,18 +1,22 @@
// This file has been auto-generated by Warthog. Do not update directly as it
// will be re-written. If you need to change this file, update models or add
// new TypeGraphQL objects
// @ts-ignore
import { GraphQLDateTime as DateTime } from "graphql-iso-date";
import { GraphQLID as ID } from "graphql";

// @ts-ignore
import {
ArgsType,
Field as TypeGraphQLField,
Float,
InputType as TypeGraphQLInputType,
Int
} from "type-graphql";
// @ts-ignore
import { registerEnumType } from "type-graphql";

// eslint-disable-next-line @typescript-eslint/no-var-requires
// @ts-ignore eslint-disable-next-line @typescript-eslint/no-var-requires
const { GraphQLJSONObject } = require("graphql-type-json");

// @ts-ignore
@@ -243,13 +247,13 @@ export class SegmentCreateInput {
@TypeGraphQLField()
projKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;

@TypeGraphQLField()
envKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
environmentId?: string;
}

@@ -267,13 +271,13 @@ export class SegmentUpdateInput {
@TypeGraphQLField({ nullable: true })
projKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;

@TypeGraphQLField({ nullable: true })
envKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
environmentId?: string;
}

@@ -498,25 +502,25 @@ export class UserSegmentCreateInput {
@TypeGraphQLField()
projKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;

@TypeGraphQLField()
envKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
environmentId?: string;

@TypeGraphQLField()
userKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
userId?: string;

@TypeGraphQLField()
segmentKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
segmentId?: string;
}

@@ -525,25 +529,25 @@ export class UserSegmentUpdateInput {
@TypeGraphQLField({ nullable: true })
projKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;

@TypeGraphQLField({ nullable: true })
envKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
environmentId?: string;

@TypeGraphQLField({ nullable: true })
userKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
userId?: string;

@TypeGraphQLField({ nullable: true })
segmentKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
segmentId?: string;
}

@@ -909,25 +913,25 @@ export class FeatureFlagUserCreateInput {
@TypeGraphQLField()
featureKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
featureFlagId?: string;

@TypeGraphQLField()
userKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
userId?: string;

@TypeGraphQLField()
projKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;

@TypeGraphQLField()
envKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
environmentId?: string;
}

@@ -936,25 +940,25 @@ export class FeatureFlagUserUpdateInput {
@TypeGraphQLField({ nullable: true })
featureKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
featureFlagId?: string;

@TypeGraphQLField({ nullable: true })
userKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
userId?: string;

@TypeGraphQLField({ nullable: true })
projKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;

@TypeGraphQLField({ nullable: true })
envKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
environmentId?: string;
}

@@ -1305,7 +1309,7 @@ export class FeatureFlagCreateInput {
@TypeGraphQLField()
projKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;
}

@@ -1320,7 +1324,7 @@ export class FeatureFlagUpdateInput {
@TypeGraphQLField({ nullable: true })
projKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;
}

@@ -1545,25 +1549,25 @@ export class FeatureFlagSegmentCreateInput {
@TypeGraphQLField()
projKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;

@TypeGraphQLField()
envKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
environmentId?: string;

@TypeGraphQLField()
featureKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
featureFlagId?: string;

@TypeGraphQLField()
segmentKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
segmentId?: string;
}

@@ -1572,25 +1576,25 @@ export class FeatureFlagSegmentUpdateInput {
@TypeGraphQLField({ nullable: true })
projKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;

@TypeGraphQLField({ nullable: true })
envKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
environmentId?: string;

@TypeGraphQLField({ nullable: true })
featureKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
featureFlagId?: string;

@TypeGraphQLField({ nullable: true })
segmentKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
segmentId?: string;
}

@@ -1776,7 +1780,7 @@ export class EnvironmentCreateInput {
@TypeGraphQLField()
projKey!: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;
}

@@ -1791,7 +1795,7 @@ export class EnvironmentUpdateInput {
@TypeGraphQLField({ nullable: true })
projKey?: string;

@TypeGraphQLField(() => String, { nullable: true })
@TypeGraphQLField(() => ID, { nullable: true })
projectId?: string;
}

@@ -29,20 +29,20 @@ export class FeatureFlagService extends BaseService<FeatureFlag> {
const query = `
SELECT ffu.feature_key
FROM feature_flag_users ffu
WHERE ffu.user_key = '${data.userKey}'
AND ffu.proj_key = '${data.projKey}'
AND ffu.env_key = '${data.envKey}'
WHERE ffu.user_key = '$1'
AND ffu.proj_key = '$2'
AND ffu.env_key = '$3'
UNION
SELECT ffs.feature_key
FROM user_segments us
INNER JOIN segments s ON us.segment_id = s.id
INNER JOIN feature_flag_segments ffs ON ffs.segment_id = s.id
WHERE us.user_key = '${data.userKey}'
AND us.proj_key = '${data.projKey}'
AND us.env_key = '${data.envKey}';
WHERE us.user_key = '$1'
AND us.proj_key = '$2'
AND us.env_key = '$3';
`;

const results = await this.repository.query(query);
const results = await this.repository.query(query, [data.userKey, data.projKey, data.envKey]);

return results.map(item => item.feature_key);
}
@@ -4,26 +4,27 @@
"baseUrl": "src",
"declaration": true,
"declarationDir": "dist/types",
"lib": ["es2016", "dom", "es5", "scripthost", "esnext", "esnext.asynciterable"],
"module": "commonjs",
"moduleResolution": "node",
"emitDecoratorMetadata": true,
"experimentalDecorators": true,
"sourceMap": true,
"outDir": "./dist",
"forceConsistentCasingInFileNames": true,
"keyofStringsOnly": true,
"lib": ["es2016", "dom", "es5", "scripthost", "esnext", "esnext.asynciterable"],
"module": "commonjs",
"moduleResolution": "node",
"noImplicitAny": true,
"noImplicitReturns": true,
"noImplicitThis": true,
"noUnusedLocals": false,
"outDir": "./dist",
"pretty": true,
"skipLibCheck": true,
"sourceMap": true,
"strict": true,
"strictNullChecks": true,
"target": "es5",
"types": ["jest", "isomorphic-fetch", "node"],
"typeRoots": ["node_modules/@types", "./typings", "./typings/typings.d.ts"]
"typeRoots": ["node_modules/@types", "./typings", "./typings/typings.d.ts"],
"types": ["jest", "isomorphic-fetch", "node"]
},
"include": ["src/**/*"],
"exclude": ["node_modules/**/*", "src/**/*.test.ts", "**/generated/*"]
"exclude": ["node_modules", "**/node_modules/*", "src/**/*.test.ts", "**/generated/*"],
"include": ["src/**/*"]
}
@@ -1,27 +1,8 @@
{
"extends": "./tsconfig.json",
"compilerOptions": {
"allowSyntheticDefaultImports": true,
"baseUrl": ".",
"outDir": "build/dist",
"module": "commonjs",
"target": "es5",
"lib": ["dom", "es5", "es6", "es7", "esnext", "esnext.asynciterable", "scripthost"],
"sourceMap": true,
"allowJs": true,
"moduleResolution": "node",
"emitDecoratorMetadata": true,
"experimentalDecorators": true,
"forceConsistentCasingInFileNames": true,
"noImplicitReturns": true,
"noImplicitThis": true,
"noImplicitAny": true,
"noUnusedLocals": false, // Avoid noise in our resolvers when we use DI
"strictNullChecks": true,
"strictPropertyInitialization": false,
"suppressImplicitAnyIndexErrors": true,
"types": ["jest", "isomorphic-fetch", "node"],
"typeRoots": ["node_modules/@types", "./typings", "./src/typings.d.ts"]
"strict": false
},
"include": ["src/**/*", "test/**/*"],
"exclude": ["node_modules", "**/node_modules/*", "examples"]
"exclude": ["node_modules", "**/node_modules/*", "examples"],
"include": ["src/**/*", "test/**/*"]
}

0 comments on commit d2ed3e6

Please sign in to comment.
You can’t perform that action at this time.