fix: Database query built from user-controlled sources

[JamieSlome]

Potential fix for https://github.com/finos/git-proxy/security/code-scanning/83

To fix the problem, we need to ensure that the user-provided id is treated as a literal value in the MongoDB query. This can be achieved by using the $eq operator, which ensures that the value is interpreted as a literal and not as a query object. Additionally, we should validate that the id is a string before using it in the query.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details

Scanned Files

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	791c5e5
🔍 Latest deploy log	https://app.netlify.com/sites/endearing-brigadeiros-63f9d0/deploys/67b853028a017a0008fb7784

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.20%. Comparing base (ed2cdff) to head (791c5e5).
Report is 7 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #896   +/-   ##
=======================================
  Coverage   63.20%   63.20%           
=======================================
  Files          47       47           
  Lines        1685     1685           
=======================================
  Hits         1065     1065           
  Misses        620      620           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.