per pod spot int notification #11
Conversation
b_11190-craft
codepipeline_actions.GitHubSourceAction
codepipeline_actions.GitHubSourceAction
Merge pull request #125 from yahavb/master
buildx-craft, codepipeline-lyra
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| #tokenchunk=fulltoken.split('-')[0] | ||
| #print(tokenchunk) | ||
|
|
||
| return HttpResponse(body_unicode) |
Check warning
Code scanning / CodeQL
Reflected server-side cross-site scripting Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix this vulnerability, the user input (body_unicode) must not be reflected directly in the HTTP response as HTML. The best way to fix this is to ensure that the response either escapes any HTML special characters in the user input, or returns the response with a content type that does not allow HTML/script execution (such as text/plain). In Django, the django.utils.html.escape() function can be used to escape HTML special characters, or the HttpResponse can be constructed with content_type="text/plain". The most robust fix is to do both: escape the input and set the content type to text/plain. This change should be made in the validate_identity function, specifically at the return statement on line 41. You will need to import escape from django.utils.html at the top of the file.
| @@ -5,8 +5,8 @@ | ||
| from django.utils import timezone | ||
| from django.http import HttpResponse | ||
| from django.views.decorators.csrf import csrf_exempt | ||
| from django.utils.html import escape | ||
|
|
||
|
|
||
| import uuid | ||
| import json | ||
| from random import randrange | ||
| @@ -38,4 +37,4 @@ | ||
| #tokenchunk=fulltoken.split('-')[0] | ||
| #print(tokenchunk) | ||
|
|
||
| return HttpResponse(body_unicode) | ||
| return HttpResponse(escape(body_unicode), content_type="text/plain") |
| try: | ||
| s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) | ||
| #print("socket created") | ||
| s.bind(('',0)) |
Check warning
Code scanning / CodeQL
Binding a socket to all network interfaces Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix the problem, change the socket binding from ('', 0) to ('127.0.0.1', 0). This binds the socket only to the loopback interface, ensuring that the port is only accessible locally and not from external network interfaces. This change should be made on line 11 of supertuxkart/server/stk-game-server-image-multiarch/get-port.py. No additional imports or code changes are required.
| @@ -8,7 +8,7 @@ | ||
| try: | ||
| s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) | ||
| #print("socket created") | ||
| s.bind(('',0)) | ||
| s.bind(('127.0.0.1',0)) | ||
| except socket.error as msg: | ||
| print("bind failed. Error is %s %s",msg[0],msg[1]) | ||
| #print("socket bind complete") |
| } | ||
| } | ||
|
|
||
| if (!sscanf(version, "%d.%d.%d", major, minor, rev)) |
Check failure
Code scanning / CodeQL
Incorrect return-value check for a 'scanf'-like function High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix the problem, the code should check that the return value of sscanf is exactly 3, which is the number of expected assignments from the format string "%d.%d.%d". This ensures that all three values (major, minor, rev) are successfully parsed. The check should be changed from if (!sscanf(...)) to if (sscanf(...) != 3). Only if all three values are parsed should the function proceed; otherwise, it should handle the error as before. No additional imports or definitions are needed, as all required headers are already included.
| @@ -72,7 +72,7 @@ | ||
| } | ||
| } | ||
|
|
||
| if (!sscanf(version, "%d.%d.%d", major, minor, rev)) | ||
| if (sscanf(version, "%d.%d.%d", major, minor, rev) != 3) | ||
| { | ||
| _glfwInputError(GLFW_PLATFORM_ERROR, | ||
| "No version found in context version string"); |
| { | ||
| case GLFW_KEY_UP: | ||
| { | ||
| if (swap_interval + 1 > swap_interval) |
Check failure
Code scanning / CodeQL
Signed overflow check High test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix the problem, we should avoid performing arithmetic that could cause signed overflow. Instead of checking swap_interval + 1 > swap_interval, we should check whether swap_interval is less than INT_MAX before incrementing. This way, we only increment if it is safe to do so, and no undefined behavior occurs. The fix requires including the limits.h header to access INT_MAX, and updating the conditional on line 89 to if (swap_interval < INT_MAX). Only the region around line 89 needs to be changed, and the header inclusion should be added if not already present.
| @@ -33,7 +33,7 @@ | ||
| #include <stdio.h> | ||
| #include <stdlib.h> | ||
| #include <math.h> | ||
|
|
||
| #include <limits.h> | ||
| #include "getopt.h" | ||
|
|
||
| static GLboolean swap_tear; | ||
| @@ -86,7 +86,7 @@ | ||
| { | ||
| case GLFW_KEY_UP: | ||
| { | ||
| if (swap_interval + 1 > swap_interval) | ||
| if (swap_interval < INT_MAX) | ||
| set_swap_interval(window, swap_interval + 1); | ||
| break; | ||
| } |
| } | ||
| } | ||
|
|
||
| if (!sscanf(version, "%d.%d.%d", major, minor, rev)) |
Check failure
Code scanning / CodeQL
Incorrect return-value check for a 'scanf'-like function High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix the problem, the code should check that the return value of sscanf is exactly 3, which is the number of expected assignments for the format string "%d.%d.%d". This ensures that all three version components (major, minor, rev) are successfully parsed. The change should be made in the parseVersionString function, specifically at the check on line 75. No additional imports or definitions are needed, as all required headers are already included.
| @@ -72,7 +72,7 @@ | ||
| } | ||
| } | ||
|
|
||
| if (!sscanf(version, "%d.%d.%d", major, minor, rev)) | ||
| if (sscanf(version, "%d.%d.%d", major, minor, rev) != 3) | ||
| { | ||
| _glfwInputError(GLFW_PLATFORM_ERROR, | ||
| "No version found in context version string"); |
| { | ||
| case GLFW_KEY_UP: | ||
| { | ||
| if (swap_interval + 1 > swap_interval) |
Check failure
Code scanning / CodeQL
Signed overflow check High test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix the signed overflow check, we should avoid performing arithmetic that could overflow. Instead of checking swap_interval + 1 > swap_interval, we should check whether swap_interval is less than INT_MAX before incrementing. This way, we only increment if it is safe to do so, and we avoid undefined behavior. To do this, we need to include the limits.h header to access INT_MAX. The change should be made in the key_callback function, specifically at line 89 in the file craft/client/craft-client/serverfiles/deps/glfw/tests/tearing.c.
| @@ -33,7 +33,7 @@ | ||
| #include <stdio.h> | ||
| #include <stdlib.h> | ||
| #include <math.h> | ||
|
|
||
| #include <limits.h> | ||
| #include "getopt.h" | ||
|
|
||
| static GLboolean swap_tear; | ||
| @@ -86,7 +86,7 @@ | ||
| { | ||
| case GLFW_KEY_UP: | ||
| { | ||
| if (swap_interval + 1 > swap_interval) | ||
| if (swap_interval < INT_MAX) | ||
| set_swap_interval(window, swap_interval + 1); | ||
| break; | ||
| } |
3 participants
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.