From 781a4b0d313dabf28040b270dbd94867b206033f Mon Sep 17 00:00:00 2001
From: James Mortemore <jamesmortemore@gmail.com>
Date: Sat, 23 Jul 2022 11:40:53 +0100
Subject: [PATCH] fix: validate UUID on setup before parsing

---
 cli/commands/setup.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cli/commands/setup.js b/cli/commands/setup.js
index 89fc97c5c..a674375d7 100644
--- a/cli/commands/setup.js
+++ b/cli/commands/setup.js
@@ -3,7 +3,7 @@ const inquirer = require('inquirer')
 const editDotenv = require('edit-dotenv')
 const DBMigrate = require('db-migrate')
 const { Command, flags } = require('@oclif/command')
-const { isAlphanumeric, isEmail, isLength } = require('validator')
+const { isAlphanumeric, isEmail, isLength, isUUID } = require('validator')
 const { generateVAPIDKeys } = require('web-push')
 const { merge } = require('lodash')
 const { parse } = require('uuid-parse')
@@ -273,6 +273,12 @@ class SetupCommand extends Command {
     const askPlayer = async (question, conn, table) => {
       const questions = [{ name: 'id', message: question }]
       const { id } = await inquirer.prompt(questions)
+
+      if (!isUUID(id, 4)) {
+        this.log(`Invalid UUID format ${id}`)
+        return askPlayer(question, conn, table)
+      }
+
       const parsedId = parse(id, Buffer.alloc(16))
       const player = await playerExists(conn, table, parsedId)