From 5cf92fab1ba7873002bd0f49b044d7ba4a25e742 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Fortin?= <c.fortin@sncf.fr>
Date: Fri, 9 Apr 2021 14:00:21 +0200
Subject: [PATCH] fix(crud-typeorm): fix sql injection check looping on the
 first regex only

---
 packages/crud-typeorm/src/typeorm-crud.service.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/crud-typeorm/src/typeorm-crud.service.ts b/packages/crud-typeorm/src/typeorm-crud.service.ts
index 32a9d9f1..53187f5e 100644
--- a/packages/crud-typeorm/src/typeorm-crud.service.ts
+++ b/packages/crud-typeorm/src/typeorm-crud.service.ts
@@ -1043,7 +1043,7 @@ export class TypeOrmCrudService<T> extends CrudService<T> {
     return { str, params };
   }
 
-  private checkFilterIsArray(cond: QueryFilter, withLength?: boolean) {
+  protected checkFilterIsArray(cond: QueryFilter, withLength?: boolean) {
     /* istanbul ignore if */
     if (
       !Array.isArray(cond.value) ||
@@ -1054,12 +1054,12 @@ export class TypeOrmCrudService<T> extends CrudService<T> {
     }
   }
 
-  private checkSqlInjection(field: string): string {
+  protected checkSqlInjection(field: string): string {
     /* istanbul ignore else */
     if (this.sqlInjectionRegEx.length) {
       for (let i = 0; i < this.sqlInjectionRegEx.length; i++) {
         /* istanbul ignore else */
-        if (this.sqlInjectionRegEx[0].test(field)) {
+        if (this.sqlInjectionRegEx[i].test(field)) {
           this.throwBadRequestException(`SQL injection detected: "${field}"`);
         }
       }