-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2019-18413. Patch for potential SQL injections (#137)
* CVE-2019-18413. Patch for potential SQL injections * Fix request 400 on get applications by permission
- Loading branch information
1 parent
6a0ffb1
commit 889736f
Showing
18 changed files
with
141 additions
and
50 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,14 @@ | ||
import { ApiProperty } from "@nestjs/swagger"; | ||
import { IsOptional } from "class-validator"; | ||
|
||
export class ChirpstackPaginatedListDto { | ||
@ApiProperty({ type: Number, required: false }) | ||
@IsOptional() | ||
limit? = 100; | ||
@ApiProperty({ type: Number, required: false }) | ||
@IsOptional() | ||
offset? = 0; | ||
@ApiProperty({ type: Number, required: false }) | ||
@IsOptional() | ||
organizationId?: number; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,13 @@ | ||
import { ApiProperty } from "@nestjs/swagger"; | ||
import { IsNumber } from "class-validator"; | ||
import { IsDefined, IsNumber } from "class-validator"; | ||
|
||
export class CreateDeviceModelDto { | ||
@ApiProperty({ required: true }) | ||
@IsNumber() | ||
belongsToId: number; | ||
|
||
@ApiProperty({ required: true }) | ||
// @IsJSON or @IsString does not work. Will be validated during the flow | ||
@IsDefined() | ||
body: JSON; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,8 @@ | ||
import { ApiProperty } from "@nestjs/swagger"; | ||
import { IsSwaggerOptional } from "@helpers/optional-validator"; | ||
|
||
export class ListAllPaginated { | ||
@ApiProperty({ type: Number, required: false }) | ||
@IsSwaggerOptional({ type: Number }) | ||
limit? = 100; | ||
@ApiProperty({ type: Number, required: false }) | ||
@IsSwaggerOptional({ type: Number }) | ||
offset? = 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,11 @@ | ||
import { ApiProperty } from "@nestjs/swagger"; | ||
import { IsString } from "class-validator"; | ||
|
||
export class LoginDto { | ||
@ApiProperty({ default: "john@localhost.dk" }) | ||
@IsString() | ||
username: string; | ||
@ApiProperty({ default: "hunter2" }) | ||
@IsString() | ||
password: string; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,15 @@ | ||
import { Exclude } from "class-transformer"; | ||
import { IsOptional } from "class-validator"; | ||
|
||
/** | ||
* This only exists to nudge Swagger to make an JSON body for us to post. | ||
* | ||
* Intentionally left blank. | ||
* Validation won't work for empty objects and we can't disable it, seemingly. | ||
* | ||
* @see https://github.com/typestack/class-validator/issues/1503 | ||
*/ | ||
export class ReceiveDataDto {} | ||
export class ReceiveDataDto { | ||
@Exclude() | ||
@IsOptional() | ||
ignoreMe: unknown; | ||
} |
4 changes: 4 additions & 0 deletions
4
src/entities/dto/sigfox/internal/create-sigfox-group-request.dto.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,16 @@ | ||
import { ApiProperty } from "@nestjs/swagger"; | ||
import { IsNumber, IsString } from "class-validator"; | ||
|
||
export class CreateSigFoxGroupRequestDto { | ||
@ApiProperty({ required: true }) | ||
@IsNumber() | ||
organizationId: number; | ||
|
||
@ApiProperty({ required: true }) | ||
@IsString() | ||
username: string; | ||
|
||
@ApiProperty({ required: true }) | ||
@IsString() | ||
password: string; | ||
} |
3 changes: 3 additions & 0 deletions
3
src/entities/dto/sigfox/internal/sigfox-get-all-request.dto.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
import { StringToNumber } from "@helpers/string-to-number-validator"; | ||
|
||
export class SigFoxGetAllRequestDto { | ||
@StringToNumber() | ||
organizationId: number; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,37 @@ | ||
import { IsNumber, IsOptional, IsString } from "class-validator"; | ||
|
||
/** | ||
* Callback as expected from SigFox | ||
* Docs: https://support.sigfox.com/docs/uplink | ||
*/ | ||
export class SigFoxCallbackDto { | ||
@IsNumber() | ||
time: number; | ||
@IsString() | ||
deviceTypeId: string; | ||
@IsString() | ||
deviceId: string; | ||
@IsString() | ||
data: string; | ||
@IsNumber() | ||
seqNumber: number; | ||
// If true, then the device expects a downlink | ||
ack: boolean; | ||
|
||
// Only included in BIDIR | ||
@IsOptional() | ||
longPolling?: boolean; | ||
|
||
// these are not available for all contracts "Condition: for devices with contract option NETWORK METADATA" | ||
// https://support.sigfox.com/docs/bidir | ||
// We cannot assume they'll exists | ||
@IsOptional() | ||
@IsNumber() | ||
snr?: number; | ||
@IsOptional() | ||
@IsNumber() | ||
rssi?: number; | ||
@IsOptional() | ||
@IsString() | ||
station?: string; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,10 @@ | ||
import { IsString } from "class-validator"; | ||
|
||
export class TestPayloadDecoderDto { | ||
@IsString() | ||
code: string; | ||
@IsString() | ||
iotDeviceJsonString: string; | ||
@IsString() | ||
rawPayloadJsonString: string; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
import { IsString } from "class-validator"; | ||
|
||
export class CreateOrganizationDto { | ||
@IsString() | ||
name: string; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
import { ApiPropertyOptional, ApiPropertyOptions } from "@nestjs/swagger"; | ||
import { IsOptional } from "class-validator"; | ||
|
||
/** | ||
* Sets a property as optional on the swagger and controller level | ||
*/ | ||
export const IsSwaggerOptional = (swaggerOptions?: ApiPropertyOptions): PropertyDecorator => { | ||
return (propertyValue: unknown, propertyName: string): void => { | ||
// Set as optional in the swagger document | ||
ApiPropertyOptional(swaggerOptions)(propertyValue, propertyName); | ||
// If no value is passed, then ignore all validators | ||
IsOptional()(propertyValue, propertyName); | ||
}; | ||
}; |
Oops, something went wrong.