Potential fix for code scanning alert no. 1232

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: austenstone

backend/src/controllers/survey.controller.ts

@@ -9,11 +9,21 @@ class SurveyController {
   async updateSurveyGitHub(req: Request, res: Response): Promise<void> {
     let survey: SurveyType;
     try {
-      const _survey = await surveyService.updateSurvey({
-        ...req.body,
+      const sanitizedBody = {
+        id: req.body.id,
+        userId: req.body.userId,
+        org: req.body.org,
+        repo: req.body.repo,
+        prNumber: req.body.prNumber,
+        usedCopilot: req.body.usedCopilot,
+        percentTimeSaved: req.body.percentTimeSaved,
+        reason: req.body.reason,
+        timeUsedFor: req.body.timeUsedFor,
+        kudos: req.body.kudos,
         hits: 0,
         status: 'completed'
-      });
+      };
+      const _survey = await surveyService.updateSurvey(sanitizedBody);
       if (!_survey) throw new Error('Survey not found');
       survey = _survey;
       res.status(201).json(survey);

backend/src/services/survey.service.ts

@@ -33,7 +33,7 @@ class SurveyService {
       throw new Error('Invalid survey data provided');
     }
     const Survey = mongoose.model('Survey');
-    const result = await Survey.updateOne({ id: survey.id }, { $set: survey });
+    const result = await Survey.updateOne({ id: { $eq: survey.id } }, { $set: survey });
 
     // Check if the update modified any document.
     if (result.modifiedCount === 0) {