From ce0cf04ad595ae0e2aeee977397d14716cd58dcb Mon Sep 17 00:00:00 2001
From: Matias <83959431+mativm02@users.noreply.github.com>
Date: Thu, 15 Jun 2023 11:43:25 -0300
Subject: [PATCH] safe checking if string is a valid ObjectID

---
 persistent/internal/driver/mgo/query.go   | 4 +++-
 persistent/internal/driver/mongo/query.go | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/persistent/internal/driver/mgo/query.go b/persistent/internal/driver/mgo/query.go
index 646c897b..17afbdf0 100644
--- a/persistent/internal/driver/mgo/query.go
+++ b/persistent/internal/driver/mgo/query.go
@@ -42,7 +42,9 @@ func handleQueryValue(key string, value interface{}, search bson.M) {
 		if isStr && key == "_id" {
 			ObjectIDs := []model.ObjectID{}
 			for _, str := range strSlice {
-				ObjectIDs = append(ObjectIDs, model.ObjectIDHex(str))
+				if bson.IsObjectIdHex(str) {
+					ObjectIDs = append(ObjectIDs, model.ObjectIDHex(str))
+				}
 			}
 
 			search[key] = bson.M{"$in": ObjectIDs}
diff --git a/persistent/internal/driver/mongo/query.go b/persistent/internal/driver/mongo/query.go
index e4b3fd7c..b6d709c9 100644
--- a/persistent/internal/driver/mongo/query.go
+++ b/persistent/internal/driver/mongo/query.go
@@ -59,7 +59,9 @@ func handleQueryValue(key string, value interface{}, search bson.M) {
 		if isStrSlice && key == "_id" {
 			ObjectIDs := []model.ObjectID{}
 			for _, str := range strSlice {
-				ObjectIDs = append(ObjectIDs, model.ObjectIDHex(str))
+				if primitive.IsValidObjectID(str) {
+					ObjectIDs = append(ObjectIDs, model.ObjectIDHex(str))
+				}
 			}
 
 			search[key] = bson.M{"$in": ObjectIDs}