Fix: [igo-db] remove implicit like#49
Merged
mickael-coquer-igocreate merged 3 commits intov5from Mar 31, 2026
Merged
Conversation
Strings with % are no longer auto-converted to LIKE queries.
Use the explicit $like operator instead: { column: { $like: 'value%' } }
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mickael-coquer-igocreate
force-pushed
the
fix/igo-db/remove-implicit-like
branch
from
171d074 to
1816d14
Compare
Contributor
Author
Code reviewFound 4 issues:
igo/test/db/PaginatedOptimizedQueryTest.js Lines 466 to 496 in 1816d14
igo/src/db/PaginatedOptimizedSql.js Lines 908 to 920 in 1816d14
igo/src/db/PaginatedOptimizedSql.js Lines 28 to 38 in 1816d14
🤖 Generated with Claude Code - If this code review was useful, please react with 👍. Otherwise, react with 👎. |
… removal - Use explicit $like in COUNT/IDS optimization tests and assert LIKE in SQL - Update JSDoc examples in PaginatedOptimizedSql to match new behavior Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…eryTest Replace all assert.ok(sql.includes(...)) with assert.strictEqual on the complete generated SQL string. This makes tests more readable and catches any unexpected change in the generated queries. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mickael-coquer-igocreate
added a commit
that referenced
this pull request
Mar 31, 2026
## Summary
- Suppression du LIKE implicite : une string contenant `%` dans un
`where()` n'est plus automatiquement convertie en `LIKE`. Ce
comportement permettait d'injecter des patterns LIKE via des données
utilisateur non sanitizées.
- Pour faire un LIKE, il faut maintenant utiliser l'opérateur explicite
`$like` : `{ column: { $like: 'value%' } }`
- Refacto des assertions dans `PaginatedOptimizedQueryTest.js` :
remplacement de tous les `assert.ok(sql.includes(...))` par des
`assert.strictEqual` sur le SQL complet généré, pour une meilleure
lisibilité et une détection fiable de toute régression.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
%dans unwhere()n'est plus automatiquement convertie enLIKE. Ce comportement permettait d'injecter des patterns LIKE via des données utilisateur non sanitizées.$like:{ column: { $like: 'value%' } }PaginatedOptimizedQueryTest.js: remplacement de tous lesassert.ok(sql.includes(...))par desassert.strictEqualsur le SQL complet généré, pour une meilleure lisibilité et une détection fiable de toute régression.Test plan
where()existant dans les projets ne repose sur le LIKE implicite🤖 Generated with Claude Code