Comments (20)
@kkrypt0nn oh sorry my bad 🙈🙈🙈
from typeorm.
I was able to use your repo and eventually reproduce the error with typeorm alone using this script
const { DataSource } = require("typeorm");
const dataSource = new DataSource({
type: "better-sqlite3",
database: "db.sqlite",
entities: ["./dist/**/*.entity.js"],
synchronize: true,
});
const main = async () => {
await dataSource.initialize();
for (let i = 0; i < 5000; i++) {
const random = Array.from(Array(20), () =>
Math.floor(Math.random() * 36).toString(36)
).join("");
const searchQuery = `${random}') UNION SELECT tbl_name, CAST(1 AS VARCHAR), CAST(1 AS VARCHAR), CAST(1 AS VARCHAR), CAST(1 AS VARCHAR) FROM sqlite_master; --`;
const query = `SELECT *
FROM user_satellites_satellite
FULL JOIN satellite ON user_satellites_satellite.satelliteId = satellite.id
WHERE user_satellites_satellite.userId = '630633ba-030c-4967-acd4-d790bf26cfda'
AND (satellite.name LIKE '%${searchQuery}%' OR satellite.description LIKE '%${searchQuery}%');`;
const result = await dataSource.query(query);
console.log(result);
}
};
main();
This was after running build
so that the dist
had the proper entities in it. I also had to run it a few time to ensure that the error did happen, as you mentioned it is inconsistent. This is the actual error happening
/home/jay/Documents/code/help/nestjs-typeorm-bug/node_modules/.pnpm/[email protected]/node_modules/better-sqlite3/lib/methods/wrappers.js:5
return this[cppdb].prepare(sql, this, false);
^
RangeError: The supplied SQL string contains more than one statement
at Database.prepare (/home/jay/Documents/code/help/nestjs-typeorm-bug/node_modules/.pnpm/[email protected]/node_modules/better-sqlite3/lib/methods/wrappers.js:5:21)
at BetterSqlite3QueryRunner.getStmt (/home/jay/Documents/code/help/nestjs-typeorm-bug/node_modules/.pnpm/[email protected]_cepfjtr3qct7czdnayem4lr57m/node_modules/typeorm/driver/better-sqlite3/BetterSqlite3QueryRunner.js:37:43)
at async BetterSqlite3QueryRunner.query (/home/jay/Documents/code/help/nestjs-typeorm-bug/node_modules/.pnpm/[email protected]_cepfjtr3qct7czdnayem4lr57m/node_modules/typeorm/driver/better-sqlite3/BetterSqlite3QueryRunner.js:74:22)
at async DataSource.query (/home/jay/Documents/code/help/nestjs-typeorm-bug/node_modules/.pnpm/[email protected]_cepfjtr3qct7czdnayem4lr57m/node_modules/typeorm/data-source/DataSource.js:341:20)
at async main (/home/jay/Documents/code/help/nestjs-typeorm-bug/test-db.js:22:20)
As this is reproducable without NestJS, this should be reported to TypeORM or better-sqlite3. Not sure which, but probably better-sqlite3
from typeorm.
my bad, I missed that line. @nestjs/typeorm
changes nothing on how typeorm works
So this is either an issue with typeorm, or with your code or even with nestjs core
from typeorm.
using dataSource
as usual
but you'll create it by yourself instead of relying on @nestjs/typeorm
from typeorm.
we can probably improve the docs to clarify what is the role of @nestjs/typeorm
(or what it does under the hood).
from typeorm.
this is not related with @nestjs/typeorm
Please report this to https://github.com/typeorm/typeorm/ instead
from typeorm.
As written at the bottom, this does not seem related to typeorm itself because when just using typeorm the issue is not present 🤔
Though I can report it there if you get the issue to occur by just using typeorm, I haven't managed to get it to occur with similar code.
from typeorm.
Will make a report at typeorm itself, will see what they say.
Thanks for your time and sorry if this was in the wrong repository ^-^
from typeorm.
Before opening an issue there..
So this is either an issue with typeorm, or with your code or even with nestjs core
I doubt the issue is within the code itself, if you want you can look at it it's super basic and simple.
How would it be known if it's an issue with nestjs/core
?
from typeorm.
@kkrypt0nn the issue is you use the raw query without parameter... also this is a possible sql injection.
Try to use the query builder (https://typeorm.io/select-query-builder) instead of this raw query or add parameters into your raw query.
from typeorm.
The issue is you usage of the raw query without parameter... also this is a possible sql injection.
Try to use the query builder (https://typeorm.io/select-query-builder) instead of this raw query or add parameters into your raw query.
Please take the time to read the PS
at the bottom and how the actual bug occurs ✨
from typeorm.
@kkrypt0nn that's probably an issue with how your test.js
works.
At some iteration, the generated query is probably malformed (from SQL PoV). And since you have no validation on the path param query
, you're suitable to such errors due to how you're using typeorm.
from typeorm.
@micalevisk The attempted queries in the test.js
file is always the same, after failing and trying again exactly the same a few times it succeeds. Logging the queries TypeORM is executing shows it's always the same and not some different malformed query.
from typeorm.
The attempted queries in the
test.js
file is always the same
I didn't get what do you mean. It's pretty clear that each iteration will likely to have its on query
value due to Math.random() * 36
also, that query
variable is probably not URL-safe.
from typeorm.
@kkrypt0nn when trying this without using @nestjs/typeorm
, did you tested the controller->service path as well or just the dataSource.query()
call?
from typeorm.
What I mean is that after the attempts here
If it failed, it will attempt 50 times the exact same request below:
After some random j
, the request succeeds and responds as expected with the result of the SQL query.
from typeorm.
@kkrypt0nn when trying this without using
@nestjs/typeorm
, did you tested the controller->service path as well or just thedataSource.query()
call?
Just the call to the data source
from typeorm.
so my bet is that the query
path parameter isn't what you think it is.
can you can try it out again without @nestjs/typeorm
but making the whole path controller -> service -> db query
from typeorm.
so my bet is that the
query
path parameter isn't what you think it is.
Well by logging it, it shows what I want it to be - especially when repeating the exact same query multiple times leads to a success after some time.
can you try it out again without
@nestjs/typeorm
but making the whole path controller -> service -> db query
So just the query to the database instead of making use of the dataSource
?
from typeorm.
we can probably improve the docs to clarify what is the role of
@nestjs/typeorm
(or what it does under the hood).
I believe that would be awesome indeed - also many thanks @jmcdo29 :D - my attempted code was most likely different and failed to isolate the issue correctly.
Apologies for the wrongly opened issue from my side.
from typeorm.
Related Issues (20)
- '"typeorm"' has no exported member named 'InjectRepository'. Did you mean 'getRepository'? HOT 3
- setting synchronize to true gives me a typeorm error HOT 1
- When a custom converter is used on a column, migration fails.(nestjs+typeorm) HOT 1
- Testing mocker issues HOT 1
- Option to not initialize DataSource in createDataSourceFactory HOT 6
- Many to many relation is finding a column that doesn't exists HOT 1
- Polymorphic association #12750 HOT 1
- createTypeOrmProviders should inject EntityManager instead of Connection HOT 1
- Bring back keepConnectionAlive HOT 1
- auto db connection close problem When Execute Graceful shtudown with pm2 HOT 1
- Every migration:generate creates DROP/CREATES constraints and keys HOT 1
- Inject ConfigService into an Entity or Subscriber HOT 4
- Nestjs warns about "TypeOrmModule" taking a long time to serialize HOT 8
- TypeOrmModule makes @Request() unusable HOT 1
- When connectionstring param used, Hostname and database name are not correctly extracted HOT 2
- perhaps Typeorm module didn't passing request response to controller HOT 2
- Check whether the object passed is an entity HOT 2
- missing connect/error hook/event HOT 1
- Cannot read properties of undefined (reading 'retryAttempts') when start the app on production. HOT 1
- Typeorm prevents Req Res Body decorators from working in version 10.0.2 with typeorm package 0.3.20 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from typeorm.