Skip to content

fix : replace SELECT * with explicit columns in data-export#834

Open
tmdeveloper007 wants to merge 1 commit into
Priyanshu-byte-coder:mainfrom
tmdeveloper007:#810
Open

fix : replace SELECT * with explicit columns in data-export#834
tmdeveloper007 wants to merge 1 commit into
Priyanshu-byte-coder:mainfrom
tmdeveloper007:#810

Conversation

@tmdeveloper007
Copy link
Copy Markdown
Contributor

@tmdeveloper007 tmdeveloper007 commented May 23, 2026

fix : replace SELECT * with explicit columns in data-export

@vercel
Copy link
Copy Markdown

vercel Bot commented May 23, 2026

@TESTPERSONAL is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added gssoc26 GSSoC 2026 contribution type:bug GSSoC type bonus: bug fix type:devops GSSoC type bonus: devops (+15 pts) type:testing GSSoC type bonus: tests (+10 pts) labels May 23, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

  • level:beginner — 20 pts
  • level:intermediate — 35 pts
  • level:advanced — 55 pts
  • level:critical — 80 pts

Quality (optional):

  • quality:clean — ×1.2 multiplier
  • quality:exceptional — ×1.5 multiplier

Validation (required to score):

  • gssoc:approved — counts for points
  • gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

Priyanshu-byte-coder
Priyanshu-byte-coder requested changes May 23, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@Priyanshu-byte-coder Priyanshu-byte-coder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security issue: The explicit column list for user_github_accounts includes access_token:

.select("id, user_id, github_id, github_login, access_token, created_at")

This exports the plaintext OAuth token in the user data export. Remove access_token from the select list. Only include non-sensitive fields.

@Priyanshu-byte-coder
Copy link
Copy Markdown
Owner

Priyanshu-byte-coder commented May 23, 2026

Security issue blocks this merge:

user_github_accounts select still exposes access_token
Line: .select("id, user_id, github_id, github_login, access_token, created_at")

This was the vulnerability this PR (and our earlier fix in commit 435d85f) was meant to address. The current main branch already has this corrected to:

.select("id, user_id, github_id, github_login, created_at")

Please remove access_token from that select. The rest of the explicit column changes (goals, metric_snapshots, streak_freezes, streak_milestones, local_coding_sessions) are all correct.

Also please rebase on main first — the current data-export/route.ts has already been partially updated.

@Priyanshu-byte-coder Priyanshu-byte-coder added gssoc:approved GSSoC: PR approved for scoring level:intermediate GSSoC: Intermediate difficulty (35 pts) type:security GSSoC type bonus: security (+20 pts) labels May 23, 2026
@tmdeveloper007 tmdeveloper007 force-pushed the #810 branch 2 times, most recently from 0b6eb0f to ffc6955 Compare May 23, 2026 13:52
@vercel
Copy link
Copy Markdown

vercel Bot commented May 23, 2026

Deployment failed with the following error:

The provided GitHub repository does not contain the requested branch or commit reference. Please ensure the repository is not empty.

@tmdeveloper007 tmdeveloper007 force-pushed the #810 branch 2 times, most recently from 422023c to 712ab38 Compare May 23, 2026 15:10
@tmdeveloper007
Copy link
Copy Markdown
Contributor Author

tmdeveloper007 commented May 23, 2026

This pull request is fully up-to-date with the latest upstream merges, all review items are addressed, local tests are passing cleanly, and it is fully ready to be merged! 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Priyanshu-byte-coder Priyanshu-byte-coder Priyanshu-byte-coder requested changes

Assignees

@tmdeveloper007 tmdeveloper007

Labels

gssoc:approved GSSoC: PR approved for scoring gssoc26 GSSoC 2026 contribution level:intermediate GSSoC: Intermediate difficulty (35 pts) type:bug GSSoC type bonus: bug fix type:devops GSSoC type bonus: devops (+15 pts) type:security GSSoC type bonus: security (+20 pts) type:testing GSSoC type bonus: tests (+10 pts)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tmdeveloper007 @Priyanshu-byte-coder