fix(vd): add VD cantonal tree types #738
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for VD (Vaud) cantonal-specific tree types by creating separate data tables and export functions for the VD profile. The changes enable the system to handle both national (NAT) and VD cantonal data independently.
Key Changes:
- Modified projection trigger to include profile changes as a trigger condition
- Added dynamic table name resolution for profile-specific indicator and tree type tables
- Created VD-specific data import tables and corresponding export functions
Reviewed Changes
Copilot reviewed 5 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| store/middleware/runProject.ts | Added profile change detection to projection triggers |
| lib/src/TreeClient/locate.ts | Implemented dynamic table name lookup for profile-specific indicator and treetype tables |
| lib/data/sql/import_data.sql | Added staging and final tables for VD cantonal tree data (VD_NAT_BAUM_COLLIN and VD_NAT_NAISTYP_ART) |
| lib/data/sql/export_types.sql | Refactored treetype and indicator creation into reusable functions and added VD-specific exports |
| lib/data/sql/export_recommendations.sql | Refactored recommendations creation into a reusable function and added VD-specific export |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const indicatorTableName = this.executeQuery<{ name: string }>(`SELECT name | ||
| FROM sqlite_master | ||
| WHERE type='table' AND name='${profile}_indicator';`)?.data?.[0]?.name || "indicator"; |
There was a problem hiding this comment.
SQL injection vulnerability: the profile variable is directly interpolated into the SQL query without sanitization. If profile comes from user input, an attacker could inject malicious SQL. Use parameterized queries or validate/sanitize the profile variable before interpolation.
| const treeTypeTableName = this.executeQuery<{ name: string }>(`SELECT name | ||
| FROM sqlite_master | ||
| WHERE type='table' AND name='${profile}_treetype';`)?.data?.[0]?.name || "treetype"; |
There was a problem hiding this comment.
SQL injection vulnerability: the profile variable is directly interpolated into the SQL query without sanitization. If profile comes from user input, an attacker could inject malicious SQL. Use parameterized queries or validate/sanitize the profile variable before interpolation.
| ) | ||
| ) as agg_foresttypes | ||
| from | ||
| %s |
There was a problem hiding this comment.
SQL injection vulnerability: the naistyp_art_table parameter is directly interpolated into the query using format() without validation. This allows arbitrary SQL execution if the parameter is controlled by untrusted input. Validate table names against a whitelist or use quote_ident() to properly escape identifiers.
| select distinct trim(both from naistyp_c) as foresttype, | ||
| sisf_nr::int::text::treetype as treetype, | ||
| vorh::recommendationtype as recommendationtype | ||
| from %s |
There was a problem hiding this comment.
SQL injection vulnerability: the naistyp_art_table and baum_collin_table parameters are directly interpolated into the query using format() without validation. This allows arbitrary SQL execution if these parameters are controlled by untrusted input. Validate table names against a whitelist or use quote_ident() to properly escape identifiers.
No description provided.