Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] refactor: ts #37

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

[WIP] refactor: ts #37

wants to merge 14 commits into from

Conversation

atian25
Copy link
Member

@atian25 atian25 commented Dec 27, 2022

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 27, 2022
View reviewed changes
test/fixtures/process/long-run.ts
const port = process.env.PORT || 3000;

const app = http.createServer((req, res) => {
console.log(`Receive: ${req.url}`);

Check failure

Code scanning / CodeQL

Log injection

Log entry depends on a [user-provided value](1).
test/fixtures/process/long-run.ts
const app = http.createServer((req, res) => {
console.log(`Receive: ${req.url}`);

if (req.url === '/exit') {

Check failure

Code scanning / CodeQL

User-controlled bypass of security check

This condition guards a sensitive [action](1), but a [user-provided value](2) controls it.
src/lib/process.ts Fixed Show fixed Hide fixed
src/lib/process.ts Fixed Show fixed Hide fixed
src/runner.ts Fixed Show fixed Hide fixed
test/fixtures/process/prompt.ts

rl.question('What is your favorite food? ', (answer) => {
console.log(`Oh, so your favorite food is ${answer}`);
let i = 0;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class

Unused variable i.
src/lib/process.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 27, 2022
View reviewed changes
src/lib/process.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 27, 2022
View reviewed changes
src/runner.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 29, 2022
View reviewed changes
src/lib/process.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 29, 2022
View reviewed changes
src/lib/process.ts
this.proc = execa.node(this.cmd, this.args, this.opts);
} else {
const cmdString = [ this.cmd, ...this.args ].join(' ');
this.proc = execa.command(cmdString, this.opts);

Check warning

Code scanning / CodeQL

Shell command built from environment values

This shell command depends on an uncontrolled [absolute path](1). This shell command depends on an uncontrolled [absolute path](2). This shell command depends on an uncontrolled [absolute path](3).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@atian25