From 7eb6d38cfc2f3cced74c2b4a3277d7c1595b42b7 Mon Sep 17 00:00:00 2001 From: Bradley Matusiak Date: Wed, 17 Jan 2024 13:47:07 -0500 Subject: [PATCH 1/6] quick-fix (#1355) --- browser.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/browser.js b/browser.js index 39553b9f9..d4418a637 100644 --- a/browser.js +++ b/browser.js @@ -1,4 +1,4 @@ -if(!(typeof navigator == "undefined") && navigator.product == "ReactNative"){ - require("./lib/mobile.js"); -} +// if(!(typeof navigator == "undefined") && navigator.product == "ReactNative"){ +// require("./lib/mobile.js"); +// } module.exports = require('./gun.js'); From 61df63c96e457a9b3d8c718dcdd276dc0d8362b0 Mon Sep 17 00:00:00 2001 From: mimiza Date: Mon, 5 Feb 2024 18:01:31 +0700 Subject: [PATCH 2/6] Fix SEA certificate verification, allow multiple pubs (#1358) --- sea.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sea.js b/sea.js index 704cf1b7e..839fb5e2c 100644 --- a/sea.js +++ b/sea.js @@ -1389,7 +1389,7 @@ if (u !== data && u !== data.e && msg.put['>'] && msg.put['>'] > parseFloat(data.e)) return no("Certificate expired.") // certificate expired // "data.c" = a list of certificants/certified users // "data.w" = lex WRITE permission, in the future, there will be "data.r" which means lex READ permission - if (u !== data && data.c && data.w && (data.c === certificant || data.c.indexOf('*' || certificant) > -1)) { + if (u !== data && data.c && data.w && (data.c === certificant || data.c.indexOf('*') > -1 || data.c.indexOf(certificant) > -1)) { // ok, now "certificant" is in the "certificants" list, but is "path" allowed? Check path let path = soul.indexOf('/') > -1 ? soul.replace(soul.substring(0, soul.indexOf('/') + 1), '') : '' String.match = String.match || Gun.text.match From 3bd809818f93f1aade4a4cce30ff9c269e5f85b5 Mon Sep 17 00:00:00 2001 From: Simardeep Singh <1003simar@gmail.com> Date: Mon, 5 Feb 2024 04:05:11 -0700 Subject: [PATCH 3/6] Create SECURITY.md (#1364) --- SECURITY.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..f266c209e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,50 @@ +# Security Policy + +## Introduction + +Security is our top priority. We are committed to ensuring that our project is as secure as possible for everyone who uses it. This document outlines our security policy and procedures for dealing with security issues. + +## Supported Versions + +We provide security updates for the following versions of our project: + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. + +### Report Format + +When reporting vulnerabilities, please include the following details: + +- Description of the vulnerability +- Steps to reproduce the issue +- Potential impact if left unaddressed +- Suggested mitigation or resolution if any + +### Response Time + +We aim to confirm the receipt of your vulnerability report within 48 hours. Depending on the severity and complexity of the issue, we strive to investigate the issue and provide an initial response within a week. + +### Disclosure Policy + +If the vulnerability is confirmed, we will work on a fix and plan a release. We ask that you do not publicly disclose the issue until it has been addressed by us. + +## Security Practices + +We follow industry-standard security practices, including regular audits of the services and features we provide, to maintain the trust of our users. + +## Security Updates + +We will communicate any security updates through our standard communication channels, including our project's release notes and official website. + +## Conclusion + +We greatly value the work of security researchers and believe that responsible disclosure of vulnerabilities is a valuable contribution to the security of the Internet. We encourage users to contribute to the security of our project by reporting any security-related issues to us. + From 3070627c83ea910b1fc2b8c55dce79f324575ace Mon Sep 17 00:00:00 2001 From: Bradley Matusiak Date: Mon, 5 Feb 2024 06:06:38 -0500 Subject: [PATCH 4/6] ... works (#1357) --- rad.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rad.js b/rad.js index 18f6909f3..bdd39a184 100644 --- a/rad.js +++ b/rad.js @@ -3,7 +3,7 @@ var sT = setTimeout, Book = sT.Book || require('gun/src/book'), RAD = sT.RAD || (sT.RAD = function(opt){ opt = opt || {}; opt.file = String(opt.file || 'radata'); - var log = opt.log || nope; + var log = opt.log || console.log var has = (sT.RAD.has || (sT.RAD.has = {}))[opt.file]; if(has){ return has } // TODO: BUG? Not reuses same instance? @@ -115,7 +115,7 @@ sT.each = sT.each || function(l,f){l.forEach(f)}; try { module.exports = RAD } catch (e){ } - +/* // junk below that needs to be cleaned up and corrected for the actual correct RAD API. var env = {}, nope = function(){ }, nah = function(){ return nope }, u; env.require = (typeof require !== '' + u && require) || nope; @@ -141,7 +141,7 @@ stats.memory.used = env.process.memoryUsage().rss / 1024 / 1024; // in MB console.log(stats.memory); }, 9); - +*/ }()); From e584906a653dd6afb1658505e6db311aae234af8 Mon Sep 17 00:00:00 2001 From: Bradley Matusiak Date: Mon, 5 Feb 2024 06:10:35 -0500 Subject: [PATCH 5/6] Loading fix (#1356) * does this load better * check window.Gun too in rfs --- lib/radisk.js | 18 ++++++++---------- lib/radix.js | 11 ++++++----- lib/rfs.js | 4 ++-- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/lib/radisk.js b/lib/radisk.js index cdb8e2d25..fd83fddbf 100644 --- a/lib/radisk.js +++ b/lib/radisk.js @@ -590,17 +590,15 @@ } }()); - if(typeof window !== "undefined"){ - var Gun = window.Gun; - var Radix = window.Radix; - window.Radisk = Radisk; - } else { - var Gun = require('../gun'); - var Radix = require('./radix'); - //var Radix = require('./radix2'); Radisk = require('./radisk2'); - try{ module.exports = Radisk }catch(e){} - } + var Gun = (typeof window !== "undefined" && window.Gun)? window.Gun : require('../gun'); + var Radix = (typeof window !== "undefined" && window.Radix)? window.Radix : require('./radix'); Radisk.Radix = Radix; + ((name, exports) => { + try { module.exports = exports } catch (e) { } + if (typeof window !== "undefined") { + window[name] = window[name]||exports; + } + })("Radisk", Radisk); }()); \ No newline at end of file diff --git a/lib/radix.js b/lib/radix.js index e60789e4a..31bf0b7a2 100644 --- a/lib/radix.js +++ b/lib/radix.js @@ -108,11 +108,12 @@ } catch (e) { console.error(e); } }; - if(typeof window !== "undefined"){ - window.Radix = Radix; - } else { - try{ module.exports = Radix }catch(e){} - } + (function(name, exports){ + if(typeof window !== "undefined"){ + window[name] = window[name]||exports; + } + try{ module.exports = exports }catch(e){} + })("Radix",Radix); var each = Radix.object = function(o, f, r){ for(var k in o){ if(!o.hasOwnProperty(k)){ continue } diff --git a/lib/rfs.js b/lib/rfs.js index 7ab326971..c43b14f80 100644 --- a/lib/rfs.js +++ b/lib/rfs.js @@ -78,12 +78,12 @@ function Store(opt){ return store; } -var Gun = (typeof window !== "undefined")? window.Gun : require('../gun'); +var Gun = (typeof window !== "undefined" && window.Gun) ? window.Gun : require('../gun'); Gun.on('create', function(root){ this.to.next(root); var opt = root.opt; if(opt.rfs === false){ return } - opt.store = opt.store || (!Gun.window && Store(opt)); + opt.store = opt.store || (!Gun.window || opt.rfs === true && Store(opt)); }); module.exports = Store; \ No newline at end of file From c47800f4d84a03636073d76a88084d549435a47b Mon Sep 17 00:00:00 2001 From: Simardeep Singh <1003simar@gmail.com> Date: Tue, 6 Feb 2024 21:21:18 -0700 Subject: [PATCH 6/6] update SECURITY.md file and change the versions to 0.2020.x (#1365) --- SECURITY.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index f266c209e..7a0afd6db 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,10 +10,8 @@ We provide security updates for the following versions of our project: | Version | Supported | | ------- | ------------------ | -| 5.1.x | :white_check_mark: | -| 5.0.x | :x: | -| 4.0.x | :white_check_mark: | -| < 4.0 | :x: | +| 0.2020.x| :white_check_mark: | +| < 0.2020| :x: | ## Reporting a Vulnerability @@ -46,5 +44,4 @@ We will communicate any security updates through our standard communication chan ## Conclusion -We greatly value the work of security researchers and believe that responsible disclosure of vulnerabilities is a valuable contribution to the security of the Internet. We encourage users to contribute to the security of our project by reporting any security-related issues to us. - +We greatly value the work of security researchers and believe that responsible disclosure of vulnerabilities is a valuable contribution to the security of the Internet. We encourage users to contribute to the security of our project by reporting any security-related issues to us. \ No newline at end of file