Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logger first stage #4

Merged
merged 8 commits into from
Feb 12, 2024
Merged

Logger first stage #4

merged 8 commits into from
Feb 12, 2024

Conversation

AlasDiablo
Copy link
Collaborator

  • Log http server
  • Log cron
  • Refactor file tree
  • Log general info

@AlasDiablo AlasDiablo added the enhancement New feature or request label Feb 9, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 9, 2024
View reviewed changes
tdm-be/src/app.ts
Comment on lines +55 to +57
app.get('/', function (req, res) {
res.sendFile(path.join(__dirname, 'public', '_next', 'server', 'app', 'index.html'));
});

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a file system access
Loading
, but is not rate-limited.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should ask if the reverse-proxy does limit the rate of access.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but I will change this in near future

tdm-be/src/app.ts
Comment on lines +60 to +62
app.get('/*', function (req, res) {
res.sendFile(path.join(__dirname, 'public'));
});

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a file system access
Loading
, but is not rate-limited.
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 9, 2024
View reviewed changes
tdm-be/src/controller/webhook.ts
`This traitment doesn't exist on current process id=${id}`,
);
logger.error(`This traitment doesn't exist on current process id=${id}`);
res.status(404).send(`This traitment doesn't exist on current process id=${id}`);

Check failure

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
Loading
.
tdm-be/src/controller/traitment.ts
`${environment.fileFolder}${traitment.file}`,
);
const urlEnrichment = traitment.enrichment?.url ? traitment.enrichment?.url : '';
const fileData = fs.readFileSync(`${environment.fileFolder}${traitment.file}`);

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
parmentf
parmentf requested changes Feb 12, 2024
View reviewed changes
tdm-be/tsconfig.json Outdated Show resolved Hide resolved
tdm-be/src/swagger/swagger.js
const swaggerJsonConfig = JSON.stringify(swaggerSpecConfig, null, 2);
fs.writeFileSync('swagger-config.json', swaggerJsonConfig);

console.log('Swagger JSON file generated successfully');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note (non-blocking): ‏Check that it's an autonomous script, not a part of the backend.

@parmentf parmentf merged commit 80e33d4 into main Feb 12, 2024
1 of 2 checks passed
@parmentf parmentf deleted the feat/logger-first-stage branch February 12, 2024 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@parmentf parmentf parmentf approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlasDiablo @parmentf