admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-20 19:32:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Ensure ID is a positive integer when fetching execution (#9629)

Browse Source
This commit is contained in:
Iván Ovejero
2024-06-05 13:05:07 +02:00
committed by GitHub
parent f94090b48c
commit 411ffbda7f
3 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/cli/src/executions/executions.controller.ts
View File

@@ -8,6 +8,8 @@ import { NotFoundError } from '@/errors/response-errors/not-found.error';
import { parseRangeQuery } from './parse-range-query.middleware'; import { parseRangeQuery } from './parse-range-query.middleware';
import type { User } from '@/databases/entities/User'; import type { User } from '@/databases/entities/User';
import type { Scope } from '@n8n/permissions'; import type { Scope } from '@n8n/permissions';
import { isPositiveInteger } from '@/utils';
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
@RestController('/executions') @RestController('/executions')
export class ExecutionsController { export class ExecutionsController {
@@ -59,6 +61,10 @@ export class ExecutionsController {
@Get('/:id') @Get('/:id')
async getOne(req: ExecutionRequest.GetOne) { async getOne(req: ExecutionRequest.GetOne) {
if (!isPositiveInteger(req.params.id)) {
throw new BadRequestError('Execution ID is not a number');
}
const workflowIds = await this.getAccessibleWorkflowIds(req.user, 'workflow:read'); const workflowIds = await this.getAccessibleWorkflowIds(req.user, 'workflow:read');
if (workflowIds.length === 0) throw new NotFoundError('Execution not found'); if (workflowIds.length === 0) throw new NotFoundError('Execution not found');

2
packages/cli/src/utils.ts
View File

@@ -92,3 +92,5 @@ export function rightDiff<T1, T2>(
* in switch statements or if/else chains. * in switch statements or if/else chains.
*/ */
export const assertNever = (_value: never) => {}; export const assertNever = (_value: never) => {};
export const isPositiveInteger = (maybeInt: string) => /^[1-9]\d*$/.test(maybeInt);

9
packages/cli/test/unit/controllers/executions.controller.test.ts
View File

@@ -4,6 +4,7 @@ import { ExecutionsController } from '@/executions/executions.controller';
import type { ExecutionRequest, ExecutionSummaries } from '@/executions/execution.types'; import type { ExecutionRequest, ExecutionSummaries } from '@/executions/execution.types';
import type { ExecutionService } from '@/executions/execution.service'; import type { ExecutionService } from '@/executions/execution.service';
import type { WorkflowSharingService } from '@/workflows/workflowSharing.service'; import type { WorkflowSharingService } from '@/workflows/workflowSharing.service';
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
describe('ExecutionsController', () => { describe('ExecutionsController', () => {
const executionService = mock<ExecutionService>(); const executionService = mock<ExecutionService>();
@@ -20,6 +21,14 @@ describe('ExecutionsController', () => {
jest.clearAllMocks(); jest.clearAllMocks();
}); });
describe('getOne', () => {
it('should 400 when execution is not a number', async () => {
const req = mock<ExecutionRequest.GetOne>({ params: { id: 'test' } });
await expect(executionsController.getOne(req)).rejects.toThrow(BadRequestError);
});
});
describe('getMany', () => { describe('getMany', () => {
const NO_EXECUTIONS = { count: 0, estimated: false, results: [] }; const NO_EXECUTIONS = { count: 0, estimated: false, results: [] };