Release 5.0.7 #510
Merged
Release 5.0.7 #510
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DIGG-397: Increse facet limit to max
DIGG-422 dataset page test
Digg 424 concept page test
Digg 426 specification page test
Digg 431 Webb Tools and support test
DIGG-471: Updating promos, teasers and result list to be more screen …
DIGG-467: loadOnlyPublicEntries
DIGG-473: Update node version to 22
DIGG-473: Update code formatting
DIGG-473: Update yarn version
DIGG-473: Update yarn.lock
DIGG-473: try setting correct yarn version globally
DIGG-463: Improving search implementation and caching organisation names
DIGG-473: Add skip flag for yarn version
Release 5.0.7 new
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| ); | ||
| const specfications = conformsToEntries.filter((s: any) => s); | ||
| const extractHREF = (s: any) => { | ||
| if (s.getResourceURI().startsWith("https://dataportal.se")) |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 months ago
To fix the problem, we need to ensure that the URL is properly sanitized by checking its host against a whitelist of allowed hosts. This involves parsing the URL to extract its host and then verifying if it matches any of the allowed hosts.
- Parse the URL to extract the host.
- Check if the host is in the list of allowed hosts.
- If the host is allowed, proceed with the existing logic; otherwise, handle the error appropriately.
We will need to import the url module to parse the URL and define a list of allowed hosts.
Suggested changeset
1
providers/EntrystoreProvider/index.tsx
| @@ -1,2 +1,3 @@ | ||
| import useTranslation from "next-translate/useTranslation"; | ||
| import { URL } from "url"; | ||
| import { useRouter } from "next/router"; | ||
| @@ -302,4 +303,7 @@ | ||
| const extractHREF = (s: any) => { | ||
| if (s.getResourceURI().startsWith("https://dataportal.se")) | ||
| const parsedURL = new URL(s.getResourceURI()); | ||
| const allowedHosts = ["dataportal.se"]; | ||
| if (allowedHosts.includes(parsedURL.host)) { | ||
| return s.getResourceURI(); | ||
| } | ||
| return `https://dataportal.se/externalspecification/${s.getResourceURI()}`; |
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Description
Please include a summary of the change and which issue is fixed or added.
Please also include relevant motivation and context.
List any dependencies that are required for this change.
Fixes #(issue)
Checklist