File tree Expand file tree Collapse file tree 1 file changed +7
-0
lines changed
Expand file tree Collapse file tree 1 file changed +7
-0
lines changed Original file line number Diff line number Diff line change @@ -1769,6 +1769,13 @@ describe('(GHSA-j7mm-f4rv-6q6q) Protected fields bypass via LiveQuery dot-notati
17691769 await expectAsync ( query . subscribe ( ) ) . toBeRejected ( ) ;
17701770 } ) ;
17711771
1772+ it ( 'should reject LiveQuery subscription with protected field in $nor' , async ( ) => {
1773+ // Build $nor manually since Parse SDK doesn't expose it directly
1774+ const query = new Parse . Query ( 'SecretClass' ) ;
1775+ query . _where = { $nor : [ { 'secretObj.apiKey' : 'SENSITIVE_KEY_123' } ] } ;
1776+ await expectAsync ( query . subscribe ( ) ) . toBeRejected ( ) ;
1777+ } ) ;
1778+
17721779 it ( 'should reject LiveQuery subscription with $regex on protected field (boolean oracle)' , async ( ) => {
17731780 const query = new Parse . Query ( 'SecretClass' ) ;
17741781 query . _addCondition ( 'secretObj.apiKey' , '$regex' , '^S' ) ;
You can’t perform that action at this time.
0 commit comments