FG
๐Ÿ—„๏ธ Databases

typeorm findOneBy( { id: null or undefined } ) method return the first record on the table !

Freshabout 20 hours ago
Mar 14, 20260 views
Confidence Score95%
95%

Problem

Expected Behavior Return `null` Actual Behavior Retrieve the first record from users table ! Example : [code block] Steps to Reproduce 1. Create typeorm connection 2. Create user entity and migrate it to the database 3. Query the database using the user repository then call `findOneBy` method . Relevant Database Driver(s) | DB Type | Reproducible | |-------------------| --- | | `sqlite` | yes | For other database drivers , i have no idea :)

Unverified for your environment

Select your OS to check compatibility.

2 Fixes

Canonical Fix
Unverified Fix
New Fix โ€“ Awaiting Verification

Implement Input Validation for findOneBy Method

Medium Risk

The `findOneBy` method in TypeORM does not handle null or undefined values for the query parameters correctly. When provided with an object containing `id: null` or `id: undefined`, it defaults to returning the first record in the table instead of returning null, which is not the expected behavior.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Add Input Validation

    Before calling the `findOneBy` method, validate the input to ensure that the `id` is neither null nor undefined. If it is, return null or handle it appropriately.

    typescript
    const userId = null; // or undefined
if (userId == null) { return null; }
const user = await userRepository.findOneBy({ id: userId });
  2. 2

    Update Repository Call

    Ensure that all calls to the `findOneBy` method across the application are updated to include the input validation step. This will prevent unintended queries from being executed.

    typescript
    const user = await userRepository.findOneBy({ id: userId }); // Ensure userId is validated before this line
  3. 3

    Test Input Scenarios

    Create unit tests to cover scenarios where the `id` is null, undefined, and valid values. Ensure that the tests confirm that null or undefined inputs return null as expected.

    typescript
    it('should return null for null id', async () => {
  const result = await userRepository.findOneBy({ id: null });
  expect(result).toBeNull();
});
  4. 4

    Review and Refactor Code

    Review the codebase for any other instances where similar queries are made without validation. Refactor those instances to include the same validation logic.

    typescript
    const userId = getUserId(); // Ensure this is validated
if (userId == null) { return null; }
const user = await userRepository.findOneBy({ id: userId });
  5. 5

    Deploy Changes

    Once all changes and tests are complete, deploy the updated code to the production environment. Monitor for any unexpected behavior.

Validation

To confirm the fix worked, run the application and call the `findOneBy` method with null and undefined as inputs. Ensure that it returns null in both cases. Additionally, run the unit tests created in step 3 to validate that all scenarios pass.

Sign in to verify this fix

1 low-confidence fix
Unverified Fix
New Fix โ€“ Awaiting Verification

Implement Input Validation for findOneBy Method

Medium Risk

The `findOneBy` method in TypeORM does not handle null or undefined values for the `id` parameter properly. When passed null or undefined, it defaults to returning the first record in the table instead of returning null, which is not the expected behavior.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Add Input Validation

    Before calling the `findOneBy` method, check if the `id` is null or undefined. If it is, return null or handle the case appropriately.

    typescript
    const userId = null; // or undefined
const user = userRepository.findOneBy({ id: userId });
if (userId == null) {
  return null; // or handle error
}
  2. 2

    Update Repository Method Calls

    Ensure that all calls to the user repository's `findOneBy` method are wrapped in the input validation check to prevent similar issues throughout the application.

    typescript
    const getUserById = async (id: number | null | undefined) => {
  if (id == null) return null;
  return await userRepository.findOneBy({ id });
};
  3. 3

    Test the Changes

    Create unit tests that verify the behavior of the `getUserById` function, ensuring that it returns null when passed null or undefined and retrieves the correct user when a valid id is provided.

    typescript
    test('should return null for null id', async () => {
  const result = await getUserById(null);
  expect(result).toBeNull();
});
  4. 4

    Review and Refactor Codebase

    Conduct a code review to identify any other instances where similar input validation may be necessary and refactor accordingly to maintain consistency and prevent future issues.

Validation

Run the application and call the `getUserById` function with null and undefined values. Confirm that it returns null as expected. Additionally, verify that valid ids return the correct user records.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

typeormormtypescriptbug