Skip to content

fix(frameworks): reject null fields and empty payload on custom framework update#3323

Merged
tofikwest merged 3 commits into
mainfrom
tofik/cs-edit-custom-framework-validation
Jul 1, 2026
Merged

fix(frameworks): reject null fields and empty payload on custom framework update#3323
tofikwest merged 3 commits into
mainfrom
tofik/cs-edit-custom-framework-validation

Conversation

@tofikwest

@tofikwest tofikwest commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Follow-up to #3319 (now merged) — addresses the two cubic findings on the custom-framework edit endpoint (PATCH /v1/frameworks/:id/custom). Diff is only the 4 fix files.

Fixes

1. null fields bypassed validation → DB error (cubic P2, real bug)
@IsOptional() skips validation for null and undefined, so PATCH { "name": null } passed validation, then input.name !== undefined was true for null, so data.name = null reached Prisma and failed against the non-null column (500).
→ Both fields now use @ValidateIf((_, value) => value !== undefined): an omitted field stays optional, but an explicit null runs @IsString and is rejected with a 400.

2. Empty payload issued a no-op write (cubic P1)
An empty data: {} is a valid Prisma no-op (bumps updatedAt) rather than a runtime error, but issuing a pointless write for a content-free PATCH is wrong.
→ Added an up-front guard: if neither field is provided, throw BadRequestException('No fields to update') before any DB work.

Tests

  • New DTO spec (update-custom-framework.dto.spec.ts): rejects null name/description, non-string, and empty-string name; accepts name-only, description-only, and empty payloads at the field level.
  • Service spec: new empty-payload guard test (400, no DB calls).
  • Service spec 22 passed (only the 2 pre-existing findOne isolation failures remain — unrelated). Typecheck clean for all changed files.

🤖 Generated with Claude Code

https://claude.ai/code/session_019jXBJKNd7CYdUxf44DsKba


Summary by cubic

Fix validation in the custom framework update endpoint. We now reject explicit nulls and empty PATCH payloads with 400 to prevent DB errors and no-op writes.

  • Bug Fixes
    • DTO: replaced @IsOptional with @ValidateIf((_, v) => v !== undefined) on name and description so explicit null values run string/length checks and are rejected.
    • Service: if neither field is provided, throw BadRequestException('No fields to update') before any DB calls on PATCH /v1/frameworks/:id/custom.

Written for commit 26bafcb. Summary will update on new commits.

Review in cubic

…work update

Addresses cubic review on the custom-framework edit endpoint:

- DTO: @IsOptional() also skips validation for null, so PATCH { name: null }
  slipped through and hit the non-null DB column. Use @ValidateIf(value !==
  undefined) so omitted fields stay optional but an explicit null is rejected
  with a 400.
- Service: guard against an empty payload (both fields undefined) up front with
  BadRequestException instead of issuing a no-op customFramework.update.

Tests: new DTO spec (null/non-string/empty-string rejected; name-only,
description-only, empty payloads accepted at field level) + service empty-payload
guard test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019jXBJKNd7CYdUxf44DsKba
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
app Ready Ready Preview, Comment Jul 1, 2026 5:00pm
comp-framework-editor Ready Ready Preview, Comment Jul 1, 2026 5:00pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
portal Skipped Skipped Jul 1, 2026 5:00pm

Request Review

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 4 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@vercel vercel Bot temporarily deployed to Preview – portal July 1, 2026 16:57 Inactive
@tofikwest tofikwest merged commit 8148a9a into main Jul 1, 2026
9 of 11 checks passed
@tofikwest tofikwest deleted the tofik/cs-edit-custom-framework-validation branch July 1, 2026 16:58
@claudfuen

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 3.95.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants