From 72a1a62716e551011dd8f539d6ff58ae2f4f1e56 Mon Sep 17 00:00:00 2001 From: jd-apprentice Date: Fri, 28 Feb 2025 01:29:38 -0300 Subject: [PATCH 1/2] style: sonarqube security --- src/image/image-repository.ts | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/image/image-repository.ts b/src/image/image-repository.ts index 1579921..d46676a 100644 --- a/src/image/image-repository.ts +++ b/src/image/image-repository.ts @@ -15,18 +15,22 @@ class ImageRepository { * @return { Promise } - A new image created */ async create(image: ImageProp): Promise { - const sanitizedTagId = image.tag.toString().trim(); - if (!Types.ObjectId.isValid(sanitizedTagId)) { - rollbar.error('Invalid tag id'); + + const sanitizedTagId = image.tag.tag_id?.toString(); + if (!Types.ObjectId.isValid(image.tag.tag_id)) { throw new Error('Invalid tag id'); } - const tagExists = await Tag.findOne({ tag_id: sanitizedTagId }); - const _idTag = tagExists?._id; + const tagExists = await Tag.findById({ tag_id: { $eq: sanitizedTagId } }); + + if (!tagExists) { + rollbar.error('Tag not found'); + throw new Error('Tag not found'); + } return Image.create({ ...image, - tag: _idTag ?? image.tag, // Use validated tag or fallback + tag: tagExists._id, }); } From 0a8dd701f23bf0587571e8f58d61b94f1ff7799e Mon Sep 17 00:00:00 2001 From: jd-apprentice Date: Fri, 28 Feb 2025 01:29:43 -0300 Subject: [PATCH 2/2] style: sonarqube security --- src/image/image-repository.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/image/image-repository.ts b/src/image/image-repository.ts index d46676a..d735b36 100644 --- a/src/image/image-repository.ts +++ b/src/image/image-repository.ts @@ -15,7 +15,6 @@ class ImageRepository { * @return { Promise } - A new image created */ async create(image: ImageProp): Promise { - const sanitizedTagId = image.tag.tag_id?.toString(); if (!Types.ObjectId.isValid(image.tag.tag_id)) { throw new Error('Invalid tag id');