From 5b3b0396cbd806a2590d0b90c9c7922615946732 Mon Sep 17 00:00:00 2001
From: jon4hz <me@jon4hz.io>
Date: Sun, 29 Jun 2025 23:08:28 +0200
Subject: [PATCH] fix: sanitize data before db insert

---
 backend/routes/sync.js | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/backend/routes/sync.js b/backend/routes/sync.js
index 4f811ce..b5ab4ae 100644
--- a/backend/routes/sync.js
+++ b/backend/routes/sync.js
@@ -39,13 +39,41 @@ function getErrorLineNumber(error) {
   return lineNumber;
 }
 
+function sanitizeNullBytes(obj) {
+  if (typeof obj === 'string') {
+    // Remove various forms of null bytes and control characters that cause Unicode escape sequence errors
+    return obj
+      .replace(/\u0000/g, '') // Remove null bytes
+      .replace(/\\u0000/g, '') // Remove escaped null bytes
+      .replace(/\x00/g, '') // Remove hex null bytes
+      .replace(/[\u0000-\u001F\u007F-\u009F]/g, '') // Remove all control characters
+      .trim(); // Remove leading/trailing whitespace
+  }
+
+  if (Array.isArray(obj)) {
+    return obj.map(sanitizeNullBytes);
+  }
+
+  if (obj && typeof obj === 'object') {
+    const sanitized = {};
+    for (const [key, value] of Object.entries(obj)) {
+      sanitized[key] = sanitizeNullBytes(value);
+    }
+    return sanitized;
+  }
+
+  return obj;
+}
+
 class sync {
   async getExistingIDsforTable(tablename) {
     return await db.query(`SELECT "Id" FROM ${tablename}`).then((res) => res.rows.map((row) => row.Id));
   }
 
   async insertData(tablename, dataToInsert, column_mappings) {
-    let result = await db.insertBulk(tablename, dataToInsert, column_mappings);
+    const sanitizedData = sanitizeNullBytes(dataToInsert);
+
+    let result = await db.insertBulk(tablename, sanitizedData, column_mappings);
     if (result.Result === "SUCCESS") {
       // syncTask.loggedData.push({ color: "dodgerblue", Message: dataToInsert.length + " Rows Inserted." });
     } else {