# TypeORM Entity Missing Validation

- ID: typeorm-entity-validation-missing
- Severity: HIGH
- CWE: Improper Input Validation (CWE-20)
- Languages: JavaScript, TypeScript
- Frameworks: typeorm

## Description

TypeORM entities without class-validator decorators accept any data, enabling
injection attacks and data integrity violations.

## Detection Message

Entity '{entity}' accepts user input but lacks class-validator decorators. Add validation to prevent invalid data.

## Remediation

Add class-validator decorators to all entity properties.

```typescript
import { IsEmail, IsString, MinLength, Max } from 'class-validator';

@Entity()
export class User {
  @Column()
  @IsEmail()
  email: string;

  @Column()
  @IsString()
  @MinLength(3)
  username: string;
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-20/entity-validation-missing

## Documentation

[object Object]

## Related Rules

- **FastAPI Missing Request Validation** [MEDIUM]: 
- **Business Logic Input Validation** [MEDIUM]: 
- **Echo Missing Input Validation** [MEDIUM]: 
- **Fiber Missing Input Validation** [MEDIUM]: 
- **Gin Missing Input Validation** [MEDIUM]: