Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(jans-cli-tui): remove filePath when putting asset #10107

Merged
merged 1 commit into from
Nov 11, 2024
Merged

fix(jans-cli-tui): remove filePath when putting asset #10107

merged 1 commit into from
Nov 11, 2024

Conversation

devrimyatar
Copy link
Contributor

Closes #10074

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@devrimyatar
fix(jans-cli-tui): remove filePath when putting asset
ad6f391 
Signed-off-by: Mustafa Baser <mbaser@mail.com>
@devrimyatar devrimyatar added kind-bug Issue or PR is a bug in existing functionality comp-jans-cli-tui Component affected by issue or PR labels Nov 11, 2024
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request focuses on improving the security and reliability of the asset management functionality in the Jans CLI TUI application by removing potentially sensitive information, implementing additional checks and validations, and adding a confirmation dialog for deleting assets.

Expand for full summary

Summary:

The changes in this pull request are focused on improving the security and reliability of the asset management functionality in the Jans CLI TUI (Text-based User Interface) application. The key changes include:

  1. Removing potentially sensitive information, such as the 'document' and 'filePath' keys, from the form data before creating the form_data dictionary. This is a good security practice to minimize the risk of inadvertently exposing sensitive data.

  2. Implementing additional checks and validations in the edit_asset function to ensure that the file type is supported by the configured asset directory mappings and that the "Description" and "File Name" fields are not empty. These checks help to prevent the introduction of unsupported file types or incomplete asset information, which could potentially lead to security issues.

  3. Adding a delete_asset function that includes a confirmation dialog to ensure that the user intends to delete the asset. This is a good security practice to prevent accidental or unauthorized deletion of assets, which could lead to data loss or other security issues.

Files Changed:

  • jans-cli-tui/cli_tui/plugins/130_assets/main.py: This file contains the changes related to the asset management functionality in the Jans CLI TUI application. The changes include the removal of potentially sensitive information from the form data, the addition of checks and validations in the edit_asset function, and the implementation of a confirmation dialog in the delete_asset function.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 11, 2024

Quality Gate Passed Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@yuriyz yuriyz enabled auto-merge (squash) November 11, 2024 11:43
@yuriyz yuriyz merged commit 7083a5e into main Nov 11, 2024
33 checks passed
@yuriyz yuriyz deleted the jans-cli-tui-remove-filepath-put-asset-10074 branch November 11, 2024 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyzz yuriyzz yuriyzz approved these changes

@yuriyz yuriyz yuriyz approved these changes

@pujavs pujavs Awaiting requested review from pujavs

Assignees
No one assigned
Labels
comp-jans-cli-tui Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(jans-cli-tui): asset upload showing path error
3 participants
@devrimyatar @yuriyz @yuriyzz