Skip to content

Fix/filter plugins #4711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fangsmile merged 13 commits into from
Nov 18, 2025
Merged

Fix/filter plugins #4711

fangsmile merged 13 commits into from
Nov 18, 2025

Conversation

@fangsmile
Copy link
Contributor

@fangsmile fangsmile commented Nov 13, 2025

[中文版模板 / Chinese template]

🤔 This is a ...

  • New feature
  • Bug fix
  • TypeScript definition update
  • Bundle size optimization
  • Performance optimization
  • Enhancement feature
  • Refactoring
  • Update dependency
  • Code style optimization
  • Test Case
  • Branch merge
  • Site / documentation update
  • Demo update
  • Workflow
  • Chore
  • Release
  • Other (about what?)

🔗 Related issue link

💡 Background and solution

📝 Changelog

Language Changelog
🇺🇸 English
🇨🇳 Chinese

☑️ Self-Check before Merge

⚠️ Please check all items below before requesting a reviewing. ⚠️

  • Doc is updated/provided or not needed
  • Demo is updated/provided or not needed
  • TypeScript definition is updated/provided or not needed
  • Changelog is provided or not needed

🚀 Summary

copilot:summary

🔍 Walkthrough

copilot:walkthrough

PoorShawn and others added 11 commits July 16, 2025 14:07
@PoorShawn
Merge branch 'develop' of https://github.com/VisActor/VTable into dev…
96a2b99 
…elop
@PoorShawn
Merge branch 'develop' of https://github.com/VisActor/VTable into dev…
5b4c605 
…elop
@PoorShawn
Merge branch 'develop' of https://github.com/VisActor/VTable into dev…
69d29e5 
…elop
@PoorShawn
Merge branch 'develop' of https://github.com/VisActor/VTable into dev…
14a41e9 
…elop
@PoorShawn
Merge branch 'develop' of https://github.com/VisActor/VTable into dev…
f8c27de 
…elop
@PoorShawn
fix: prevent filter plugin crash when input data is missing
15c95d7
@PoorShawn
fix: reset filter when setFilterState receives empty params
cf11476
@PoorShawn
fix: adjust filter menu to correct position
d99c575
@fangsmile
Merge pull request #4702 from PoorShawn/fix/initialize-failure
1d3ef4a 
fix: prevent filter plugin crash when input data is missing
@fangsmile
Merge pull request #4706 from PoorShawn/fix/filter-ui-position
4a99114 
fix: adjust filter menu to correct position
@fangsmile
Merge pull request #4704 from PoorShawn/fix/filter-reset-with-empty-i…
b2d17e0 
…nput

fix: reset filter when setFilterState receives empty params
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 13, 2025
View reviewed changes
packages/vtable-plugins/demo/filter/bug.ts
const departments = ['研发部', '市场部', '销售部', '人事部', '财务部', '设计部', '客服部', '运营部'];

return Array.from(new Array(count)).map((_, i) => {
const salary = Math.floor(5000 + Math.random() * 15000);

Check failure

Code scanning / CodeQL

Insecure randomness High

This uses a cryptographically insecure random number generated at
Math.random()
Loading
in a security context.

Copilot Autofix

AI 2 months ago

To fix the issue, we should replace the use of Math.random() with a cryptographically secure random number generator when generating demo data. In Node.js, we use the crypto module—specifically, crypto.randomInt for generating secure random integers. For lines in generateDemoData—specifically line 15, line 16, and line 26—replace Math.random-based expressions with calls to crypto.randomInt. We need to import the crypto module in the file. Convert usages as:

  • Math.floor(5000 + Math.random() * 15000)crypto.randomInt(5000, 20000)
  • Math.floor(10000 + Math.random() * 90000)crypto.randomInt(10000, 100000)
  • Math.floor(Math.random() * (10 - 5 + 1)) + 5crypto.randomInt(5, 11)

Edit the demo data generation function accordingly and add the required import for crypto.

Suggested changeset 1
packages/vtable-plugins/demo/filter/bug.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/vtable-plugins/demo/filter/bug.ts b/packages/vtable-plugins/demo/filter/bug.ts
--- a/packages/vtable-plugins/demo/filter/bug.ts
+++ b/packages/vtable-plugins/demo/filter/bug.ts
@@ -1,6 +1,7 @@
 import * as VTable from '@visactor/vtable';
 import { bindDebugTool } from '@visactor/vtable/es/scenegraph/debug-tool';
 import { FilterPlugin } from '../../src/filter';
+import * as crypto from 'crypto';
 const CONTAINER_ID = 'vTable';
 
 /**
@@ -12,8 +13,8 @@
   const departments = ['研发部', '市场部', '销售部', '人事部', '财务部', '设计部', '客服部', '运营部'];
 
   return Array.from(new Array(count)).map((_, i) => {
-    const salary = Math.floor(5000 + Math.random() * 15000);
-    const sales = Math.floor(10000 + Math.random() * 90000);
+    const salary = crypto.randomInt(5000, 20000);
+    const sales = crypto.randomInt(10000, 100000);
     const isSelected = i % 3 === 0;
     const option = i === 1;
 
@@ -23,7 +24,7 @@
       gender: i % 2 === 0 ? '男' : '女',
       salary,
       sales,
-      seniority: Math.floor(Math.random() * (10 - 5 + 1)) + 5,
+      seniority: crypto.randomInt(5, 11), // 5 to 10 inclusive
       isFullTime: i % 5 !== 0,
       department: departments[i % departments.length],
       favoriteColor: colors[i % colors.length],
EOF
@@ -1,6 +1,7 @@
import * as VTable from '@visactor/vtable';
import { bindDebugTool } from '@visactor/vtable/es/scenegraph/debug-tool';
import { FilterPlugin } from '../../src/filter';
import * as crypto from 'crypto';
const CONTAINER_ID = 'vTable';

/**
@@ -12,8 +13,8 @@
const departments = ['研发部', '市场部', '销售部', '人事部', '财务部', '设计部', '客服部', '运营部'];

return Array.from(new Array(count)).map((_, i) => {
const salary = Math.floor(5000 + Math.random() * 15000);
const sales = Math.floor(10000 + Math.random() * 90000);
const salary = crypto.randomInt(5000, 20000);
const sales = crypto.randomInt(10000, 100000);
const isSelected = i % 3 === 0;
const option = i === 1;

@@ -23,7 +24,7 @@
gender: i % 2 === 0 ? '男' : '女',
salary,
sales,
seniority: Math.floor(Math.random() * (10 - 5 + 1)) + 5,
seniority: crypto.randomInt(5, 11), // 5 to 10 inclusive
isFullTime: i % 5 !== 0,
department: departments[i % departments.length],
favoriteColor: colors[i % colors.length],
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions github-actions bot added the chore label Nov 13, 2025
@fangsmile fangsmile merged commit 02fe69c into develop Nov 18, 2025
6 of 8 checks passed
@fangsmile fangsmile deleted the fix/filter-plugins branch November 18, 2025 03:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Rui-Sun Rui-Sun Rui-Sun approved these changes

Assignees

No one assigned

Labels

chore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fangsmile @Rui-Sun @PoorShawn