feat: validate query conditions (#10595)
Query conditions can take in arbitrary values, this can cause SQL errors. This PR fixes it
This commit is contained in:
Shivam Mishra
@@ -15,7 +15,7 @@ class AutomationRules::ConditionValidationService
|
||||
|
||||
def perform
|
||||
@rule.conditions.each do |condition|
|
||||
return false unless valid_condition?(condition)
|
||||
return false unless valid_condition?(condition) && valid_query_operator?(condition)
|
||||
end
|
||||
|
||||
true
|
||||
@@ -23,6 +23,15 @@ class AutomationRules::ConditionValidationService
|
||||
|
||||
private
|
||||
|
||||
def valid_query_operator?(condition)
|
||||
query_operator = condition['query_operator']
|
||||
|
||||
return true if query_operator.nil?
|
||||
return true if query_operator.empty?
|
||||
|
||||
%w[AND OR].include?(query_operator.upcase)
|
||||
end
|
||||
|
||||
def valid_condition?(condition)
|
||||
key = condition['attribute_key']
|
||||
|
||||
|
||||
@@ -9,6 +9,7 @@ class Contacts::FilterService < FilterService
|
||||
end
|
||||
|
||||
def perform
|
||||
validate_query_operator
|
||||
@contacts = query_builder(@filters['contacts'])
|
||||
|
||||
{
|
||||
|
||||
@@ -7,6 +7,7 @@ class Conversations::FilterService < FilterService
|
||||
end
|
||||
|
||||
def perform
|
||||
validate_query_operator
|
||||
@conversations = query_builder(@filters['conversations'])
|
||||
mine_count, unassigned_count, all_count, = set_count_for_all_conversations
|
||||
assigned_count = all_count - unassigned_count
|
||||
|
||||
@@ -204,4 +204,10 @@ class FilterService
|
||||
end
|
||||
base_relation.where(@query_string, @filter_values.with_indifferent_access)
|
||||
end
|
||||
|
||||
def validate_query_operator
|
||||
@params[:payload].each do |query_hash|
|
||||
validate_single_condition(query_hash)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user