Merged
Conversation
- Added error handling for JSON response parsing in ApiCall function. - Refactored Apps component to manage apps state separately, preventing interference with other state data. - Updated API calls in Apps component to use isolated state management. - Introduced loading state to provide feedback during data fetching. - Improved error logging and user feedback for data loading issues.
- Updated SheetContent component to accept a size prop for better control over width. - Adjusted instances of SheetContent in NewAgentSheet, CreateAgentSheet, and NewTaskSheet to utilize the new size prop. - Modified styles in the sheet module to define size variants for responsive design.
…ement and loading indicators - Removed hardcoded conversation starters and initialized them based on app data or defaults. - Enhanced agent selection logic to handle loading states and ensure correct agent data is displayed. - Updated API calls in the Apps component to filter out embedding models and ensure proper state management. - Improved loading feedback for selected agent details in the AgentCreatedDisplay component.
- Introduced state management for agent tools and datasources in ChatAppForm2. - Added callbacks for creating and updating tools and datasources. - Implemented UI components for selecting and managing agent tools and connections. - Removed deprecated UI elements from AgentCreatedDisplay for a cleaner interface. - Updated CreateAgentSheet to streamline the agent creation process.
- Added functionality to update agent tools and datasources when submitting the form. - Removed the previous updateAgentTools function and integrated its logic directly into the appPost function for better flow. - Enhanced error handling and user feedback during the agent update process.
…ate management - Added debug logging for selected agent, tools, and states in ChatAppForm2 to aid in troubleshooting. - Updated state management to reset agent tool and datasource states when no agent is selected. - Improved handling of tool and datasource options in MultiSelect components to ensure proper rendering. - Enhanced API response handling in Apps component to prioritize tools data for setting tool choices.
…state management - Removed debug logging from ChatAppForm2 to clean up the console output. - Updated MultiSelect component to handle options changes more effectively and improved popover styling for better visibility. - Enhanced Apps component layout by adjusting overflow properties for better content display. - Streamlined the handling of tool and datasource options in the UI for a more intuitive user experience.
… management and UI updates - Added React import to ChatAppForm2 for better compatibility. - Updated state management for agent tools and datasources to use string arrays for consistency. - Implemented useMemo for optimized filtering of selected agent tools in ChatAppForm2. - Enhanced NewAgentSheet by adding MultiSelect components for tools and connections, improving user guidance and interaction. - Removed deprecated UI elements in NewAgentSheet for a cleaner interface.
- Upgraded Next.js from version 13.5.6 to 14.2.5 for improved performance and features. - Updated TypeScript configuration reference link in next-env.d.ts for better guidance. - Adjusted pnpm-lock.yaml to reflect the new Next.js version and its dependencies. - Refactored AgentSelectDisplay and SessionTable components for cleaner JSX syntax and improved readability. - Added SheetDescription to Apps component for enhanced user guidance.
…Sheet - Removed the previous EditAppSheet implementation and replaced it with conditional rendering for EditChatAppSheet and EditCrewAppSheet based on the selected app type. - Enhanced data fetching logic to include tasks and variables alongside tools, models, and agents. - Updated state management to accommodate new task and variable choices. - Improved overall structure and readability of the Apps component.
|
Minimum allowed coverage is Generated by 🐒 cobertura-action against 0a83a02 |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| className='cursor-pointer' | ||
| onClick={() => router.push(`/${resourceSlug}/session/${session._id}`)} | ||
| > | ||
| onClick={() => router.push(`/${resourceSlug}/session/${session._id}`)}> |
Check warning
Code scanning / CodeQL
Client-side URL redirect Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 months ago
To fix the issue, we need to validate or sanitize the resourceSlug before using it in the redirection URL. A secure approach would involve maintaining a whitelist of allowed resourceSlug values, and only using the slug if it matches one of the approved values. This ensures that even if an attacker manipulates the query parameters, the application will not redirect to an unapproved or malicious URL.
Steps to implement the fix:
- Define a list of valid
resourceSlugvalues (e.g., in a configuration or constants file). - Before using
resourceSlug, check if it exists in the whitelist. - If
resourceSlugis not valid, handle it appropriately (e.g., redirect to a default safe page or show an error).
Suggested changeset
1
webapp/src/components/sessions/SessionTable.tsx
| @@ -27,6 +27,8 @@ | ||
| export function SessionTable({ sessions, onDelete }: SessionTableProps) { | ||
| const router = useRouter(); | ||
| const resourceSlug = router.query.resourceSlug as string; | ||
| const validResourceSlugs = ['slug1', 'slug2', 'slug3']; // Replace with actual valid slugs | ||
| const sanitizedResourceSlug = validResourceSlugs.includes(resourceSlug) ? resourceSlug : 'defaultSlug'; | ||
| const { isDesktop } = useResponsive(); | ||
| if (!isDesktop) { | ||
| return ( | ||
| @@ -35,7 +37,7 @@ | ||
| <Card | ||
| key={session._id.toString()} | ||
| className='cursor-pointer' | ||
| onClick={() => router.push(`/${resourceSlug}/session/${session._id}`)}> | ||
| onClick={() => router.push(`/${sanitizedResourceSlug}/session/${session._id}`)}> | ||
| <CardContent className='pt-6'> | ||
| <div className='flex items-center justify-between'> | ||
| <div className='flex items-center gap-2'> |
Copilot is powered by AI and may make mistakes. Always verify output.
…r MultiSelect component to comment out unused CommandInput
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sizeprop in SheetContent sheets