Skip to content

semgrep issue #1767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
harshithad0703 wants to merge 1 commit into from
Closed

semgrep issue #1767

harshithad0703 wants to merge 1 commit into from

Conversation

@harshithad0703
Copy link
Contributor

@harshithad0703 harshithad0703 commented Feb 14, 2025

  • refactor: update uid validation to use static regex and switch to HTTPS server

@harshithad0703 harshithad0703 requested a review from a team as a code owner February 14, 2025 15:20
@harshithad0703 harshithad0703 marked this pull request as draft February 14, 2025 15:23
@harshithad0703 harshithad0703 changed the base branch from staging to development February 14, 2025 15:32
aman19K
aman19K reviewed Feb 17, 2025
View reviewed changes
packages/contentstack-utilities/src/auth-handler.ts
return new Promise((resolve, reject) => {
try {
const server = http.createServer((req, res) => {
const server = https.createServer((req, res) => {
Copy link
Contributor

@aman19K aman19K Feb 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@harshithad0703 ,We can't use HTTPS in the CLI because the server is hosted on the client side, so it's not possible. Pls check with @cs-raj regarding this.

aman19K
aman19K reviewed Feb 17, 2025
View reviewed changes
packages/contentstack-import/src/utils/entries-helper.ts
Comment on lines +210 to +212
// Use a static regex for alphanumeric only uids
const uidRegex = /^[a-zA-Z0-9]+$/; // Static regex that matches alphanumeric uids
if (uid.match(uidRegex)) { // Validate against the static regex
Copy link
Contributor

@aman19K aman19K Feb 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@harshithad0703 , pls check with @cs-raj. Both issues we can't fix.

@cs-raj cs-raj force-pushed the fix/dx-2188-sre-semgrep branch from 5566ed6 to f9de428 Compare May 5, 2025 10:05
@harshithad0703 harshithad0703 deleted the fix/dx-2188-sre-semgrep branch January 30, 2026 13:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aman19K aman19K aman19K left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@harshithad0703 @aman19K