caritas/nestjs-paginate
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: select security bug (#879)

Browse Source
This commit is contained in:
Awais 2024-02-27 12:26:52 +04:00 committed by GitHub
parent c052d15f4d
commit 6f47f0cffd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/paginate.ts
View File

@ -273,10 +273,13 @@ export async function paginate<T extends ObjectLiteral>(
// When we partial select the columns (main or relation) we must add the primary key column otherwise // When we partial select the columns (main or relation) we must add the primary key column otherwise
// typeorm will not be able to map the result. // typeorm will not be able to map the result.
const selectParams = let selectParams =
config.select && query.select && !config.ignoreSelectInQueryParam config.select && query.select && !config.ignoreSelectInQueryParam
? config.select.filter((column) => query.select.includes(column)) ? config.select.filter((column) => query.select.includes(column))
: config.select : config.select
if (!includesAllPrimaryKeyColumns(queryBuilder, query.select)) {
selectParams = config.select
}
if (selectParams?.length > 0 && includesAllPrimaryKeyColumns(queryBuilder, selectParams)) { if (selectParams?.length > 0 && includesAllPrimaryKeyColumns(queryBuilder, selectParams)) {
const cols: string[] = selectParams.reduce((cols, currentCol) => { const cols: string[] = selectParams.reduce((cols, currentCol) => {
const columnProperties = getPropertiesByColumnName(currentCol) const columnProperties = getPropertiesByColumnName(currentCol)