rez_core 4.0.61 → 4.0.62

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rez_core",
-  "version": "4.0.61",
+  "version": "4.0.62",
   "description": "",
   "author": "",
   "private": false,

package/src/module/filter/service/filter.service.ts

@@ -28,6 +28,7 @@ export class FilterService {
   private readonly skipAppCodeFilterEntities = ['ORGP'];
   private readonly skipOrgFilterEntities = ['ORGP'];
 
+
   private async gettab_value_counts(
     tableName: string,
     column: string | undefined,
@@ -35,80 +36,54 @@ export class FilterService {
   ) {
     if (!column) return [];
   
-    // ✅ Validate tableName and column to prevent SQL injection
-    if (!/^[a-zA-Z0-9_]+$/.test(tableName) || !/^[a-zA-Z0-9_]+$/.test(column)) {
-      throw new Error('Invalid table or column name');
-    }
-  
     let whereSQL = '';
     const values: any[] = [];
   
     if (whereClauses.length > 0) {
       const clauseParts = whereClauses.map((clause) => {
-        // ✅ Safely remove alias "e." only at word boundaries
-        let parsedQuery = clause.query.replace(/\be\./g, '');
+        let parsedQuery = clause.query.replace(/\be\./g, ''); // remove e.
   
         Object.entries(clause.params).forEach(([key, val]) => {
           if (Array.isArray(val)) {
-            // ✅ Handle both '=' and 'IN' dynamically
-            if (parsedQuery.match(new RegExp(`=\\s*:${key}\\b`))) {
-              parsedQuery = parsedQuery.replace(
-                new RegExp(`=\\s*:${key}\\b`, 'g'),
-                `IN (${val.map(() => '?').join(', ')})`,
-              );
-            } else {
-              parsedQuery = parsedQuery.replace(
-                new RegExp(`:\\b${key}\\b`, 'g'),
-                val.map(() => '?').join(', '),
-              );
-            }
-            values.push(...val);
+            // if it's an array → expand placeholders (?, ?, ?)
+            const placeholders = val.map(() => '?').join(', ');
+            parsedQuery = parsedQuery.replace(new RegExp(`:${key}`, 'g'), `(${placeholders})`);
+            values.push(...val); // flatten values
           } else {
-            parsedQuery = parsedQuery.replace(
-              new RegExp(`:\\b${key}\\b`, 'g'),
-              '?',
-            );
+            parsedQuery = parsedQuery.replace(new RegExp(`:${key}`, 'g'), '?');
             values.push(val);
           }
         });
   
-        // ✅ Enclose each clause in parentheses for proper AND grouping
-        return `(${parsedQuery})`;
+        return parsedQuery;
       });
   
       whereSQL = `WHERE ${clauseParts.join(' AND ')}`;
     }
   
-    // ✅ Wrap identifiers in backticks for MySQL or double quotes for Postgres
     const rawSQL = `
-      SELECT 
-        ${column} AS tab_value, 
-        COUNT(*) AS tab_value_count
+      SELECT ${column} AS tab_value, COUNT(*) AS tab_value_count
       FROM ${tableName}
       ${whereSQL}
       GROUP BY ${column}
-      ORDER BY tab_value_count DESC
     `;
   
     const rows = await this.dataSource.query(rawSQL, values);
   
-    // ✅ Handle total count safely
     const total = rows.reduce(
-      (sum, r) => sum + Number(r.tab_value_count || 0),
+      (sum, r) => sum + parseInt(r.tab_value_count, 10),
       0,
     );
   
-    // ✅ Ensure consistent response
     return [
       { tab_value: 'All', tab_value_count: total },
       ...rows.map((r) => ({
         tab_value: r.tab_value ?? 'UNKNOWN',
-        tab_value_count: Number(r.tab_value_count || 0),
+        tab_value_count: parseInt(r.tab_value_count, 10),
       })),
     ];
   }
   
-  
 
   async applyFilterWrapper(dto: FilterRequestDto) {
     const {