Skip to content

feat: add delete members#256

Open
LoisChen68 wants to merge 1 commit intodevelopfrom
feat/add-delete-members
Open

feat: add delete members#256
LoisChen68 wants to merge 1 commit intodevelopfrom
feat/add-delete-members

Conversation

@LoisChen68
Copy link
Contributor

No description provided.

@LoisChen68 LoisChen68 force-pushed the feat/add-delete-members branch from 9b3ecd1 to c615c67 Compare April 28, 2025 10:47

const CHUNK_SIZE = 500;
const MAX_PARALLEL = 3;
const emailChunks = chunk(emails, CHUNK_SIZE);

Check failure

Code scanning / CodeQL

Loop bound injection High

Iteration over a user-controlled object with a potentially unbounded .length property from a
user-provided value
.

Copilot Autofix

AI 10 months ago

To fix the issue, we need to validate that the emails parameter is a valid array and enforce a reasonable maximum length before using it in the loop. This can be achieved by:

  1. Checking if emails is an instance of Array.
  2. Ensuring that its length does not exceed a predefined maximum (e.g., 10,000).
  3. Throwing a BadRequestException if the validation fails.

The validation should be added at the beginning of the deleteMembers method, before any operations are performed on emails.


Suggested changeset 1
src/member/member.controller.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/member/member.controller.ts b/src/member/member.controller.ts
--- a/src/member/member.controller.ts
+++ b/src/member/member.controller.ts
@@ -254,2 +254,5 @@
   ) {
+    if (!Array.isArray(emails) || emails.length > 10000) {
+      throw new BadRequestException('Invalid emails array. Must be an array with a maximum of 10,000 items.');
+    }
     const { appId, role, memberId } = member;
EOF
@@ -254,2 +254,5 @@
) {
if (!Array.isArray(emails) || emails.length > 10000) {
throw new BadRequestException('Invalid emails array. Must be an array with a maximum of 10,000 items.');
}
const { appId, role, memberId } = member;
Copilot is powered by AI and may make mistakes. Always verify output.
@LoisChen68 LoisChen68 force-pushed the feat/add-delete-members branch from c615c67 to 6ada238 Compare April 28, 2025 11:36
@LoisChen68 LoisChen68 force-pushed the feat/add-delete-members branch from 6ada238 to 9631c6a Compare May 6, 2025 08:13
@LoisChen68 LoisChen68 force-pushed the feat/add-delete-members branch from 9631c6a to 1e6ff32 Compare June 4, 2025 06:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant