Skip to content

Commit

Permalink
fix: issues with validting "user provided value" beig used in database
Browse files Browse the repository at this point in the history
  • Loading branch information
georgeherby committed Sep 23, 2024
1 parent 195c7ac commit 7ab36e1
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 9 deletions.
8 changes: 4 additions & 4 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 8 additions & 4 deletions packages/ingest/src/repositories/mongodb-repository.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,18 @@ export class MongodbRepository {
});
}

async insertTrace(langscoutData: TraceData): Promise<void> {
async insertTrace(data: TraceData): Promise<void> {
const collection = this.db.collection(this.collectionName);
await collection.insertOne(langscoutData);
await collection.insertOne(data);
}

async updateTrace(langscoutId: string, updateData: TraceData): Promise<UpdateResult> {
async updateTrace(id: string, updateData: TraceData): Promise<UpdateResult> {
if (!/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(id)) {
throw new Error(`Invalid UUID v4 format (${id}) for updateTrace`);
}

const collection = this.db.collection(this.collectionName);
return collection.updateOne({ run_id: { $eq: langscoutId } }, { $set: { ...updateData } });
return collection.updateOne({ run_id: { $eq: id } }, { $set: { ...updateData } });

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources High

This query object depends on a
user-provided value
.
This query object depends on a
user-provided value
.
}

async insertFeedbackOnTraceByRunId(feedback: CreateFeedback) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@ export class LangchainToLangscoutService {
if (!langchainData.id) {
throw new Error('id is required in data');
}



langchainData.run_id = langchainData.id;
delete langchainData.id;

this.convertToDates(langchainData);

const updateResult = await this.repository.updateTrace(traceId, langchainData);
Expand Down

0 comments on commit 7ab36e1

Please sign in to comment.