fix: resolved comments on pr

Signed-off-by: bhavanakarwade <[email protected]>

agent.env

@@ -7,10 +7,10 @@ SESSION_LIMIT=2147483647
 INMEMORY_LRU_CACHE_LIMIT=2147483647
 BCOVRIN_REGISTER_URL=http://test.bcovrin.vonx.io/register
 INDICIO_NYM_URL=https://selfserve.indiciotech.io/nym
-# Contract address for Polygon amoy (testnet)
-SCHEMA_MANAGER_CONTRACT_ADDRESS=0x4742d43C2dFCa5a1d4238240Afa8547Daf87Ee7a
-DID_CONTRACT_ADDRESS=0xcB80F37eDD2bE3570c6C9D5B0888614E04E1e49E
-RPC_URL=https://rpc-amoy.polygon.technology
+# Contract address for Polygon (mainnet)
+SCHEMA_MANAGER_CONTRACT_ADDRESS=0x4B16719E73949a62E9A7306F352ec73F1B143c27
+DID_CONTRACT_ADDRESS=0x0C16958c4246271622201101C83B9F0Fc7180d15
+RPC_URL=https://polygon-rpc.com/
 # Add url and token from your file server 
 SERVER_URL=https://schema.credebl.id
 FILE_SERVER_TOKEN=

apps/api-gateway/src/organization/dtos/create-organization-dto.ts

@@ -12,7 +12,7 @@ export class CreateOrganizationDto {
   @MinLength(2, { message: 'Organization name must be at least 2 characters.' })
   @MaxLength(200, { message: 'Organization name must be at most 200 characters.' })
   @IsString({ message: 'Organization name must be in string format.' })
-  @IsNotSQLInjection({ message: 'Organization name is required.' })
+  @IsNotSQLInjection({ message: 'Incorrect pattern for organization name.' })
   name: string;
 
   @ApiProperty()

apps/api-gateway/src/organization/dtos/update-organization-dto.ts

@@ -2,7 +2,7 @@ import { ApiExtraModels, ApiPropertyOptional } from '@nestjs/swagger';
 import { IsNotEmpty, IsOptional, IsString, IsBoolean, MaxLength, MinLength, Validate } from 'class-validator';
 
 import { Transform } from 'class-transformer';
-import { ImageBase64Validator, trim } from '@credebl/common/cast.helper';
+import { ImageBase64Validator, IsNotSQLInjection, trim } from '@credebl/common/cast.helper';
 
 @ApiExtraModels()
 export class UpdateOrganizationDto {
@@ -17,6 +17,7 @@ export class UpdateOrganizationDto {
     @MinLength(2, { message: 'Organization name must be at least 2 characters.' })
     @MaxLength(200, { message: 'Organization name must be at most 200 characters.' })
     @IsString({ message: 'Organization name must be in string format.' })
+    @IsNotSQLInjection({ message: 'Incorrect pattern for organization name.' })
     name: string;
 
     @ApiPropertyOptional()

libs/common/src/cast.helper.ts

@@ -90,16 +90,18 @@ export const IsNotSQLInjection =
       options: validationOptions,
       validator: {
         validate(value) {
-          // Check if the value contains any common SQL injection keywords
-          const sqlKeywords = ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'UNION', 'WHERE', 'AND', 'OR'];
+
+          // Check if the value is a string
           if ('string' === typeof value) {
-            for (const keyword of sqlKeywords) {
-              const regex = new RegExp(`\\b${keyword}\\b`);
-              if (regex.test(value)) {
-                return false; // Value contains a SQL injection keyword
-              }
+            // Regex to check for SQL injection keywords at the start
+            const startInjectionRegex = new RegExp(`^\\b(SELECT|INSERT|UPDATE|DELETE|DROP|UNION|ALTER|CREATE|EXEC|FROM|WHERE|AND|OR|HAVING|LIMIT|OFFSET|JOIN|LIKE|IN|IS|NULL|SET|CASE|WHEN|THEN|ELSE|END)\\b`, 'i');
+
+            // Check if the SQL injection pattern is present at the start
+            if (startInjectionRegex.test(value)) {
+              return false; // SQL keyword present at the start
             }
           }
+
           return true; // Value does not contain any SQL injection keywords
         },
         defaultMessage(args: ValidationArguments) {