CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-10-02 18:16:29 +13:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into chore/single-release-pipeline

Browse source
This commit is contained in:
Adria Navarro 2023-10-26 14:44:16 +02:00 committed by GitHub
commit 62cab7e25e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
packages/builder/src/components/integration/RestQueryViewer.svelte
View file

@ -196,8 +196,36 @@
}
}
const validateQuery = async () => {
const forbiddenBindings = /{{\s?user(\.(\w|\$)*\s?|\s?)}}/g
const bindingError = new Error(
"'user' is a protected binding and cannot be used"
)
if (forbiddenBindings.test(url)) {
throw bindingError
}
if (forbiddenBindings.test(query.fields.requestBody ?? "")) {
throw bindingError
}
Object.values(requestBindings).forEach(bindingValue => {
if (forbiddenBindings.test(bindingValue)) {
throw bindingError
}
})
Object.values(query.fields.headers).forEach(headerValue => {
if (forbiddenBindings.test(headerValue)) {
throw bindingError
}
})
}
async function runQuery() {
try {
await validateQuery()
response = await queries.preview(buildQuery())
if (response.rows.length === 0) {
notifications.info("Request did not return any data")