Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add version check for firstnode in restore network #62
base: dev
Are you sure you want to change the base?
Add version check for firstnode in restore network #62
Changes from all commits
87ba1c7
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
Check warning
Code scanning / CodeQL
Log injection Medium
Copilot Autofix AI about 2 months ago
To fix the log injection issue, we need to sanitize the user-provided input before logging it. Specifically, we should remove any newline characters from the
requestBody
to prevent log injection. This can be done usingString.prototype.replace
to ensure no line endings are present in the user input.Check warning
Code scanning / CodeQL
Log injection Medium
Copilot Autofix AI 3 months ago
To fix the log injection issue, we need to sanitize the user-provided input before logging it. Specifically, we should remove any newline characters from the
requestBody
to prevent log injection. This can be done usingString.prototype.replace
to ensure no line endings are present in the user input.Check warning
Code scanning / CodeQL
Log injection Medium
Copilot Autofix AI about 2 months ago
To fix the log injection issue, we need to sanitize the
appJoinData
before logging it. Specifically, we should remove any newline characters from the user input to prevent log injection. This can be done using theString.prototype.replace
method to replace newline characters with an empty string.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be good if this
if
check can be simplified for better readabilityThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How will the archiver knows the data type and format of the global/network account from the Shardeum? For instance, if archiver is used other app layers (other than Shardeum) that use different format for network account, this will fail.
Check warning
Code scanning / CodeQL
Log injection Medium
Copilot Autofix AI 3 months ago
To fix the log injection issue, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the
appJoinData.shardeumVersion
value to prevent log injection. This can be done using theString.prototype.replace
method to strip out newline characters.Check warning
Code scanning / CodeQL
Log injection Medium
Copilot Autofix AI about 2 months ago
To fix the log injection issue, we need to sanitize the
nodeVersion
before logging it. Specifically, we should remove any newline characters from thenodeVersion
string to prevent log injection attacks. This can be done usingString.prototype.replace
to remove newline characters.