θΏ™ζ˜―indexlocζδΎ›ηš„ζœεŠ‘οΌŒδΈθ¦θΎ“ε…₯任何密码
Skip to content

[FEAT] Prisma injection validation #1874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 16, 2024
Merged

[FEAT] Prisma injection validation #1874

merged 1 commit into from
Jul 16, 2024

Conversation

@shatfield4
Copy link
Collaborator

@shatfield4 shatfield4 commented Jul 16, 2024
edited
Loading

Pull Request Type

  • ✨ feat
  • πŸ› fix
  • ♻️ refactor
  • πŸ’„ style
  • πŸ”¨ chore
  • πŸ“ docs

Relevant Issues

resolves #xxx

What is in this change?

  • Check all server models to ensure anytime there is user input, we do not spread the input values to prevent prisma/sql injection
  • user model was updated to ensure we validate the role and enforce only valid roles

Checked server models for prisma injection:

  • apiKeys
  • cacheData
  • documents
  • documentSyncQueue
  • documentSyncRun
  • embedChats
  • embedConfig
  • eventLogs
  • invite
  • passwordRecovery
  • slashCommandsPresets
  • systemSettings
  • user
  • vectors
  • welcomeMessages
  • workspace
  • workspaceAgentInvocation
  • workspaceChats
  • workspaceSuggestedMessages
  • workspaceThread
  • workspaceUsers

Additional Information

Developer Validations

  • I ran yarn lint from the root of the repo & committed changes
  • Relevant documentation has been updated
  • I have tested my code functionality
  • Docker build succeeds locally

@timothycarambat timothycarambat merged commit e909b25 into master Jul 16, 2024
@timothycarambat timothycarambat deleted the prisma-injection-validation branch July 16, 2024 23:40
CrackerCat pushed a commit to CrackerCat/anything-llm that referenced this pull request Jul 31, 2024
@shatfield4
[FEAT] Prisma injection validation (Mintplex-Labs#1874)
512ec07 
check all prisma models/model usage and patch any potential sql injection vulns
CrackerCat pushed a commit to CrackerCat/anything-llm that referenced this pull request Aug 1, 2024
@shatfield4
[FEAT] Prisma injection validation (Mintplex-Labs#1874)
1c1ee20 
check all prisma models/model usage and patch any potential sql injection vulns
CrackerCat pushed a commit to CrackerCat/anything-llm that referenced this pull request Aug 2, 2024
@shatfield4
[FEAT] Prisma injection validation (Mintplex-Labs#1874)
c9fda20 
check all prisma models/model usage and patch any potential sql injection vulns
CrackerCat pushed a commit to CrackerCat/anything-llm that referenced this pull request Aug 3, 2024
@shatfield4
[FEAT] Prisma injection validation (Mintplex-Labs#1874)
d046534 
check all prisma models/model usage and patch any potential sql injection vulns
cabwds pushed a commit to cabwds/anything-llm that referenced this pull request Jul 3, 2025
@shatfield4
[FEAT] Prisma injection validation (Mintplex-Labs#1874)
48bed36 
check all prisma models/model usage and patch any potential sql injection vulns
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timothycarambat timothycarambat Awaiting requested review from timothycarambat

Assignees

@timothycarambat timothycarambat

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@shatfield4 @timothycarambat