Summary
Services server assumes database queries always return results, crashes when they don't.
Affected Areas
Throughout server-services/src/data_management/:
accountManagement.js - user.ownedItemIds, user.loadout assumed non-null after getOnerecordsManagement.js - code.used_by, code.item_ids, item.item_data assumed non-null- Map/item data processing assumes arrays exist
Vulnerability
If database returns null or query fails silently, subsequent property access crashes.
Impact
- Services server crash on data access
- Authentication failures
- Game state corruption
Recommended Fix
Add null checks after all database queries:
const user = await ss.getOne('SELECT * FROM users WHERE username = ?', [username]);
if (!user) return null;
// Now safe to access user.loadout, etc.Use optional chaining for nested accesses:
user.ownedItemIds = JSON.parse(user.ownedItemIds || '[]');
user.loadout = JSON.parse(user.loadout || '{}');References
Summary
Services server assumes database queries always return results, crashes when they don't.
Affected Areas
Throughout
server-services/src/data_management/:accountManagement.js-user.ownedItemIds,user.loadoutassumed non-null aftergetOnerecordsManagement.js-code.used_by,code.item_ids,item.item_dataassumed non-nullVulnerability
If database returns
nullor query fails silently, subsequent property access crashes.Impact
Recommended Fix
Add null checks after all database queries:
Use optional chaining for nested accesses:
References