From edb7e2168741cd712938a104268a89d0868b6ac2 Mon Sep 17 00:00:00 2001
From: EhsanParsania <75175231+EhsanParsania@users.noreply.github.com>
Date: Sat, 9 Sep 2023 11:32:03 +0300
Subject: [PATCH 1/4] fix postgres's regex sanitizater

---
 src/Adapters/Storage/Postgres/PostgresStorageAdapter.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
index 3ad59ec77f..efbe985bf9 100644
--- a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
+++ b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
@@ -2656,7 +2656,7 @@ function literalizeRegexPart(s: string) {
     .replace(/([^\\])(\\Q)/, '$1')
     .replace(/^\\E/, '')
     .replace(/^\\Q/, '')
-    .replace(/([^'])'/, `$1''`)
+    .replace(/([^'])'/g, `$1''`)
     .replace(/^'([^'])/, `''$1`);
 }
 

From d997dfc39f5437da61245f7ef50b11f074fd3e01 Mon Sep 17 00:00:00 2001
From: EhsanParsania <75175231+EhsanParsania@users.noreply.github.com>
Date: Sun, 17 Sep 2023 12:56:51 +0300
Subject: [PATCH 2/4] add sql test case

---
 spec/vulnerabilities.spec.js | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/spec/vulnerabilities.spec.js b/spec/vulnerabilities.spec.js
index c499eb015f..4d45464834 100644
--- a/spec/vulnerabilities.spec.js
+++ b/spec/vulnerabilities.spec.js
@@ -459,3 +459,28 @@ describe('Vulnerabilities', () => {
     });
   });
 });
+
+fdescribe('Postgres regex sanitizater', () => {
+  it('sanitizes the regex correctly to prevent Injection', async () => {
+    const user = new Parse.User();
+    user.set('username', 'username');
+    user.set('password', 'password');
+    user.set('email', 'email@example.com');
+    await user.signUp();
+
+    const response = await request({
+      method: 'GET',
+      url:
+        "http://localhost:8378/1/classes/_User?where[username][$regex]=A'B'%3BSELECT+PG_SLEEP(3)%3B--",
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      },
+    });
+
+    expect(response.status).toBe(200);
+    expect(response.data.results).toEqual(jasmine.any(Array));
+    expect(response.data.results.length).toBe(0);
+  });
+});

From f0602bd45df4028032ce484e28b0bf0e12469724 Mon Sep 17 00:00:00 2001
From: EhsanParsania <75175231+EhsanParsania@users.noreply.github.com>
Date: Mon, 18 Sep 2023 09:29:43 +0300
Subject: [PATCH 3/4] remove extra char

---
 spec/vulnerabilities.spec.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/vulnerabilities.spec.js b/spec/vulnerabilities.spec.js
index 4d45464834..d6c7971cad 100644
--- a/spec/vulnerabilities.spec.js
+++ b/spec/vulnerabilities.spec.js
@@ -460,7 +460,7 @@ describe('Vulnerabilities', () => {
   });
 });
 
-fdescribe('Postgres regex sanitizater', () => {
+describe('Postgres regex sanitizater', () => {
   it('sanitizes the regex correctly to prevent Injection', async () => {
     const user = new Parse.User();
     user.set('username', 'username');

From 5f0c28912ff33e317be1a0d3a4ea140f6f04519b Mon Sep 17 00:00:00 2001
From: Manuel Trezza <5673677+mtrezza@users.noreply.github.com>
Date: Fri, 1 Mar 2024 15:27:16 +0100
Subject: [PATCH 4/4] empty