chore(medusa): Validate required id before retrieving #2738
Conversation
🦋 Changeset detectedLatest commit: 7c494a4 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
…sajs/medusa into chore/validate_required_id_retrieve
olivermrbl
changed the title
|
| GitGuardian id | Secret | Commit | Filename | |
|---|---|---|---|---|
| 5165075 | Company Email Password | 5acb9f7 | packages/medusa/src/api/routes/store/customers/tests/reset-password.js | View secret |
| 5067995 | Company Email Password | 5acb9f7 | packages/medusa/src/services/tests/customer.js | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
what:
Validate if the required ids are defined before retriving entities from the database.
Currently in case they are
undefinedthe methods.find/findOneare called with an empty object resulting in a "random" entry returned.