Conversation
|
🎉 This PR is included in version 3.2.2 🎉 The release is available on: Your semantic-release bot 📦🚀 |
There was a problem hiding this comment.
Pull request overview
This PR enhances validation error messages by including the attribute name, making errors more informative by showing which specific field failed validation (e.g., "'pk' must be at least 25 characters" instead of "Value must be at least 25 characters").
Key Changes:
- Modified
buildValidationFunctionto accept apropertyNameparameter - Updated all validation error messages to include the property name in single quotes
- Updated test expectations across both test files to match the new error message format
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 11 comments.
| File | Description |
|---|---|
| src/emitter.ts | Added propertyName parameter to buildValidationFunction and updated all 11 validation error messages to include the attribute name |
| test/entities.test.ts | Updated 6 test assertions to expect error messages with attribute names ('pk', 'firstName', 'age', 'birthDate') |
| test/electrodb.test.ts | Updated 3 test assertions to expect error messages with attribute names ('pk', 'count') |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (constraints.isInteger) { | ||
| checks.push( | ||
| `if (typeof value === "number" && !Number.isInteger(value)) return "Value must be an integer"`, | ||
| `if (typeof value === "number" && !Number.isInteger(value)) return "'${propertyName}' must be an integer"`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| case "utcDateTime": | ||
| checks.push( | ||
| `if (typeof value === "string") { const d = new Date(value); if (isNaN(d.getTime())) return "Value must be a valid UTC date-time string"; }`, | ||
| `if (typeof value === "string") { const d = new Date(value); if (isNaN(d.getTime())) return "'${propertyName}' must be a valid UTC date-time string"; }`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| case "plainTime": | ||
| checks.push( | ||
| `if (typeof value === "string" && !/^\\d{2}:\\d{2}(:\\d{2})?(\\.\\d+)?$/.test(value)) return "Value must be a valid time (HH:MM:SS)"`, | ||
| `if (typeof value === "string" && !/^\\d{2}:\\d{2}(:\\d{2})?(\\.\\d+)?$/.test(value)) return "'${propertyName}' must be a valid time (HH:MM:SS)"`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| if (constraints.minLength !== undefined) { | ||
| checks.push( | ||
| `if (typeof value === "string" && value.length < ${constraints.minLength}) return "Value must be at least ${constraints.minLength} characters"`, | ||
| `if (typeof value === "string" && value.length < ${constraints.minLength}) return "'${propertyName}' must be at least ${constraints.minLength} characters"`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| if (constraints.maxLength !== undefined) { | ||
| checks.push( | ||
| `if (typeof value === "string" && value.length > ${constraints.maxLength}) return "Value must be at most ${constraints.maxLength} characters"`, | ||
| `if (typeof value === "string" && value.length > ${constraints.maxLength}) return "'${propertyName}' must be at most ${constraints.maxLength} characters"`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| if (constraints.maxValue !== undefined) { | ||
| checks.push( | ||
| `if (typeof value === "number" && value > ${constraints.maxValue}) return "Value must be at most ${constraints.maxValue}"`, | ||
| `if (typeof value === "number" && value > ${constraints.maxValue}) return "'${propertyName}' must be at most ${constraints.maxValue}"`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| if (constraints.isFloat) { | ||
| checks.push( | ||
| `if (typeof value === "number" && !Number.isFinite(value)) return "Value must be a finite number"`, | ||
| `if (typeof value === "number" && !Number.isFinite(value)) return "'${propertyName}' must be a finite number"`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| const escapedPattern = constraints.pattern.replace(/\\/g, "\\\\"); | ||
| checks.push( | ||
| `if (typeof value === "string" && !new RegExp("${escapedPattern}").test(value)) return "Value must match pattern ${escapedPattern}"`, | ||
| `if (typeof value === "string" && !new RegExp("${escapedPattern}").test(value)) return "'${propertyName}' must match pattern ${escapedPattern}"`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| case "offsetDateTime": | ||
| checks.push( | ||
| `if (typeof value === "string") { const d = new Date(value); if (isNaN(d.getTime())) return "Value must be a valid offset date-time string"; }`, | ||
| `if (typeof value === "string") { const d = new Date(value); if (isNaN(d.getTime())) return "'${propertyName}' must be a valid offset date-time string"; }`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
| case "plainDate": | ||
| checks.push( | ||
| `if (typeof value === "string" && !/^\\d{4}-\\d{2}-\\d{2}$/.test(value)) return "Value must be a valid date (YYYY-MM-DD)"`, | ||
| `if (typeof value === "string" && !/^\\d{4}-\\d{2}-\\d{2}$/.test(value)) return "'${propertyName}' must be a valid date (YYYY-MM-DD)"`, |
There was a problem hiding this comment.
The property name is being directly interpolated into error message strings that are later evaluated using eval(). This creates a potential code injection vulnerability if property names contain single quotes, backslashes, or other special characters. The property name should be escaped before being interpolated into the string to prevent breaking out of the string literal or injecting malicious code.
No description provided.