Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: codeql fixes #1606

Merged
merged 3 commits into from
Nov 12, 2024
Merged

fix: codeql fixes #1606

merged 3 commits into from
Nov 12, 2024

Conversation

hallvictoria
Copy link
Contributor

@hallvictoria hallvictoria commented Nov 6, 2024
edited
Loading

Description

Fixes #
Made changes in the tests/ folder to address CodeQL errors.

  1. Weak hashes in blob function apps: replaced md5 references with sha256
  2. Reflected server-side cross-site scripting: added sanitization on HTTP request body
  3. URL redirection from remote source: added validation on URL
  4. Usage of unapproved crypto library: updated pyproject.toml to use pycryptodome instead of pycrypto

PR information

  • The title of the PR is clear and informative.
  • There are a small number of commits, each of which has an informative message. This means that previously merged commits do not appear in the history of the PR. For information on cleaning up the commits in your pull request, see this page.
  • If applicable, the PR references the bug/issue that it fixes in the description.
  • New Unit tests were added for the changes made and CI is passing.

Quality of Code and Contribution Guidelines

Victoria Hall added 2 commits November 6, 2024 11:08
@hallvictoria hallvictoria marked this pull request as ready for review November 6, 2024 20:54
gavin-aguiar
gavin-aguiar reviewed Nov 6, 2024
View reviewed changes
pyproject.toml Outdated Show resolved Hide resolved
@hallvictoria hallvictoria merged commit 139af01 into dev Nov 12, 2024
24 of 27 checks passed
@hallvictoria hallvictoria deleted the hallvictoria/codeql-fixes branch November 12, 2024 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gavin-aguiar gavin-aguiar gavin-aguiar approved these changes

@vrdmr vrdmr Awaiting requested review from vrdmr vrdmr is a code owner

@YunchuWang YunchuWang Awaiting requested review from YunchuWang YunchuWang is a code owner

@pdthummar pdthummar Awaiting requested review from pdthummar pdthummar is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hallvictoria @gavin-aguiar