search

kurierjs / kurier

TypeScript framework to create JSON:API compliant APIs
https://kurier.readthedocs.io/en/latest/
MIT License
61 stars 9 forks source link

Dynamic operator invocation could throw an exception #297

Closed joelalejandro closed 3 years ago

joelalejandro commented 3 years ago

operators[operator] in line 149 could be undefined.

From CodeQL:

Invocation of method with user-controlled name may dispatch to unexpected target and cause an exception.

https://github.com/kurierjs/kurier/blob/0b2e0156fb727fed89da90d6dfff9949bd6c9dbd/src/processors/operation-processor.ts#L145-L155