hotfix: create organization issue

Signed-off-by: bhavanakarwade <[email protected]>
credebl · Aug 7, 2024 · 834023c · 834023c
1 parent 740146f
commit 834023c
Showing 1 changed file with 27 additions and 20 deletions.
diff --git a/libs/common/src/cast.helper.ts b/libs/common/src/cast.helper.ts
@@ -68,29 +68,36 @@ export function isSafeString(value: string): boolean {
     return safeRegex.test(value);
   }
 
-  export const IsNotSQLInjection = (validationOptions?: ValidationOptions): PropertyDecorator => (object: object, propertyName: string) => {
-      registerDecorator({
-        name: 'isNotSQLInjection',
-        target: object.constructor,
-        propertyName,
-        options: validationOptions,
-        validator: {
-          validate(value) {
-            // Check if the value contains any common SQL injection keywords
-            const sqlKeywords = ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'UNION', 'WHERE', 'AND', 'OR'];
-            for (const keyword of sqlKeywords) {
-              if (value.includes(keyword)) {
-                return false; // Value contains a SQL injection keyword
-              }
+  export const IsNotSQLInjection =
+  (validationOptions?: ValidationOptions): PropertyDecorator => (object: object, propertyName: string) => {
+    registerDecorator({
+      name: 'isNotSQLInjection',
+      target: object.constructor,
+      propertyName,
+      options: validationOptions,
+      validator: {
+        validate(value) {
+          // Check if the value contains any common SQL injection keywords
+          const sqlKeywords = ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'UNION', 'WHERE', 'AND', 'OR'];
+        if ('string' === typeof value) {
+          // Convert the value to upper case for case-insensitive comparison
+          const upperCaseValue = value.toUpperCase();
+          // Use a regular expression to check for whole words
+          for (const keyword of sqlKeywords) {
+            const regex = new RegExp(`\\b${keyword}\\b`, 'i');
+            if (regex.test(upperCaseValue)) {
+              return false; // Value contains a SQL injection keyword
             }
-            return true; // Value does not contain any SQL injection keywords
-          },
-          defaultMessage(args: ValidationArguments) {
-            return `${args.property} contains SQL injection keywords.`;
           }
         }
-      });
-    };
+        return true; // Value does not contain any SQL injection keywords
+      },
+        defaultMessage(args: ValidationArguments) {
+          return `${args.property} contains SQL injection keywords.`;
+        }
+      }
+    });
+  };
 
 @ValidatorConstraint({ name: 'customText', async: false })
 export class ImageBase64Validator implements ValidatorConstraintInterface {