Skip to content

fix code scanning alerts #669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Aug 30, 2024
Merged

fix code scanning alerts #669

merged 7 commits into from
Aug 30, 2024

Conversation

@decyjphr
Copy link
Collaborator

@decyjphr decyjphr commented Aug 27, 2024

Fixes #668

@decyjphr decyjphr linked an issue Aug 27, 2024 that may be closed by this pull request
Fix code scanning alerts #668
Closed
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 27, 2024
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 27, 2024
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 27, 2024
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 30, 2024
View reviewed changes
lib/glob.js

// If not a glob pattern then just match the string.
if (!this.glob.includes('*')) {
this.regexp = new RegExp(`.*${this.glob}.*`, 'u')

Check failure

Code scanning / CodeQL

Regular expression injection

This regular expression is constructed from a [environment variable](1).
lib/glob.js
return
}
this.regexptText = this.globize(this.glob)
this.regexp = new RegExp(`^${this.regexptText}$`, 'u')

Check failure

Code scanning / CodeQL

Regular expression injection

This regular expression is constructed from a [environment variable](1).
@decyjphr decyjphr merged commit c9247f5 into main-enterprise Aug 30, 2024
admtorgst pushed a commit to helse-sorost/safe-settings that referenced this pull request Sep 14, 2024
@decyjphr @admtorgst
fix code scanning alerts (github#669)
6f295d3 
* fix alerts

* fix alerts

* fix alerts

* fix alerts

* add tests and simplify Glob

* fix import to lowercase file

* removed debugging code
@luvsaxena1
Copy link
Contributor

luvsaxena1 commented Sep 24, 2024

@decyjphr These changes are making safe setting to malfunction and are implementing settings to the repos which are not configured via safe settings by reading from some file (in our case it picked one) from the suborg configuration.

It has impacted 81 repos in our org. We have reverted these changes in our local version of safe settings for now. We had plans to invest time in fixing this. But just letting you know that this is not working as expected.

@lindluni lindluni deleted the fix-code-scanning-alerts branch December 26, 2024 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix code scanning alerts

3 participants

@decyjphr @luvsaxena1