ealmeida/mcp-outline-postgresql
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: corrigir bugs críticos de segurança e memory leaks (v1.2.4)

Browse Source 
- fix(pagination): SQL injection em cursor pagination - validação de nomes de campos
- fix(transaction): substituir Math.random() por crypto.randomBytes() para jitter
- fix(monitoring): memory leak - adicionar .unref() ao setInterval
- docs: adicionar relatório completo de bugs (BUG-REPORT-2026-01-31.md)
- chore: actualizar versão para 1.2.4
This commit is contained in:
Emanuel Almeida
2026-01-31 16:09:25 +00:00
parent 22601e1680
commit 0329a1179a
22 changed files with 2868 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/tools/shares.ts
View File

@@ -4,6 +4,7 @@
*/
import { Pool } from 'pg';
import { randomBytes } from 'crypto';
import { BaseTool, ToolResponse, ShareArgs, GetShareArgs, CreateShareArgs, UpdateShareArgs } from '../types/tools.js';
import { validatePagination, isValidUUID, isValidUrlId } from '../utils/security.js';
@@ -269,8 +270,8 @@ const createShare: BaseTool<CreateShareArgs> = {
const userId = userQuery.rows[0].id;
// Generate urlId if not provided
const urlId = args.url_id || `share-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
// Generate urlId if not provided (using crypto for better uniqueness)
const urlId = args.url_id || `share-${Date.now()}-${randomBytes(6).toString('base64url')}`;
const query = `
INSERT INTO shares (