-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logger first stage #4
Conversation
AlasDiablo
commented
Feb 9, 2024
- Log http server
- Log cron
- Refactor file tree
- Log general info
app.get('/', function (req, res) { | ||
res.sendFile(path.join(__dirname, 'public', '_next', 'server', 'app', 'index.html')); | ||
}); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
a file system access
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should ask if the reverse-proxy does limit the rate of access.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but I will change this in near future
app.get('/*', function (req, res) { | ||
res.sendFile(path.join(__dirname, 'public')); | ||
}); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
a file system access
`This traitment doesn't exist on current process id=${id}`, | ||
); | ||
logger.error(`This traitment doesn't exist on current process id=${id}`); | ||
res.status(404).send(`This traitment doesn't exist on current process id=${id}`); |
Check failure
Code scanning / CodeQL
Reflected cross-site scripting High
user-provided value
`${environment.fileFolder}${traitment.file}`, | ||
); | ||
const urlEnrichment = traitment.enrichment?.url ? traitment.enrichment?.url : ''; | ||
const fileData = fs.readFileSync(`${environment.fileFolder}${traitment.file}`); |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
user-provided value
const swaggerJsonConfig = JSON.stringify(swaggerSpecConfig, null, 2); | ||
fs.writeFileSync('swagger-config.json', swaggerJsonConfig); | ||
|
||
console.log('Swagger JSON file generated successfully'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note (non-blocking): Check that it's an autonomous script, not a part of the backend.