From 68fbc037bf999dc0bbca240b7e7cd8b01052314b Mon Sep 17 00:00:00 2001
From: harsh agrawal <102807602+harsh6754@users.noreply.github.com>
Date: Mon, 28 Oct 2024 11:52:08 +0530
Subject: [PATCH] Fix code scanning alert no. 21: Database query built from
 user-controlled sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 server/controllers/listining.controller.js | 21 ++++++++++++++++++++-
 server/package.json                        |  3 ++-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/server/controllers/listining.controller.js b/server/controllers/listining.controller.js
index cce292e..9070e2a 100644
--- a/server/controllers/listining.controller.js
+++ b/server/controllers/listining.controller.js
@@ -1,6 +1,7 @@
 //User Data Listinig Pannel 
 
 import listingData from "../models/listining.model.js";
+import Joi from 'joi';
 
 export const createList = async (req, res, next) => {
     try {
@@ -97,7 +98,25 @@ export const createList = async (req, res, next) => {
   export const updateListing = async (req, res, next) => {
     try {
       const { id } = req.params;
-      const update = req.body;
+      
+      // Define schema for update object
+      const schema = Joi.object({
+        plantCapacity: Joi.number().optional(),
+        email: Joi.string().email().optional(),
+        siteLocation: Joi.string().optional(),
+        siteAddress: Joi.string().optional(),
+        siteContactNumber: Joi.string().optional(),
+        msedclConsumerNumber: Joi.string().optional(),
+        // Add other fields as necessary
+      });
+      
+      // Validate update object
+      const { error, value } = schema.validate(req.body);
+      if (error) {
+        return res.status(400).json({ message: error.details[0].message });
+      }
+      
+      const update = value;
       const options = { new: true };
       const updatedListing = await listingData.findByIdAndUpdate(
         id,
diff --git a/server/package.json b/server/package.json
index 0847461..843de34 100644
--- a/server/package.json
+++ b/server/package.json
@@ -18,7 +18,8 @@
     "jsonwebtoken": "^9.0.2",
     "mongoose": "^8.7.0",
     "nodemon": "^3.1.7",
-    "xlsx": "^0.18.5"
+    "xlsx": "^0.18.5",
+    "joi": "^17.13.3"
   },
   "devDependencies": {
     "@types/bcryptjs": "^2.4.6",