fix(audit-log): prevent invalid SQL when projectId is undefined

[adionit7]

Context

Fixes #5160

Problem:
When orgId is not provided, the audit log queue service attempts to fetch the project using projectDAL.findById() even when projectId is null or undefined, causing an invalid SQL query error.

Before:

• The code would call projectDAL.findById(projectId as string) without checking if projectId exists
• This resulted in SQL errors when projectId was null or undefined

After:

• Added validation to ensure projectId exists before attempting to fetch the project
• Throws a BadRequestError with proper logging if both orgId and projectId are undefined
• Prevents invalid SQL queries from being executed

Screenshots

N/A - Backend fix only, no UI changes

Steps to verify the change

1. Start the development server: docker compose -f docker-compose.dev.yml up --build --force-recreate
2. Trigger an audit log creation scenario where orgId is missing and projectId is null/undefined
3. Verify that:
   • A BadRequestError is thrown with a clear error message
   • Error is logged for debugging purposes
   • No invalid SQL queries are executed

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed) - No docs update needed for this bug fix
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

Added defensive validation in the audit log queue worker to prevent invalid SQL queries when both orgId and projectId are undefined. The fix adds a check before calling projectDAL.findById() and throws a BadRequestError with proper logging if both identifiers are missing.

Key Changes:

• Imported BadRequestError and logger modules
• Added validation check for projectId before database call at line 52-60
• Removed unsafe type assertion (as string) when calling projectDAL.findById()
• Added error logging with job data context for debugging

Notes:

• The service layer validation at backend/src/ee/services/audit-log/audit-log-service.ts:96-98 already prevents this scenario for most cases (except EventType.LOGIN_IDENTITY_UNIVERSAL_AUTH), making this a defensive check for edge cases
• Consider enhancing the error log with additional context like actor type and event type for easier debugging

Confidence Score: 4/5

• This PR is safe to merge with minimal risk - it adds defensive validation to prevent invalid database queries
• The fix correctly addresses the SQL error by adding proper validation before the database call. The logic is sound and aligns with existing service-layer validation. The only minor improvement would be enhancing the error logging with more contextual data for debugging purposes.
• No files require special attention - the single changed file has a straightforward defensive check

Important Files Changed

Filename	Overview
backend/src/ee/services/audit-log/audit-log-queue.ts	Added validation to prevent invalid SQL when both orgId and projectId are undefined, includes error logging and throws BadRequestError

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}