linode
refactor: [M3-7277] - SAST Scan Findings: Path Traversal Vulnerability
Description ๐
This PR resolve path traversal warning vulnerability in below files.
- [x] constants.mjs
- [x] deleteChangeset.mjs
- [x] generate-changelogs.mjs
- [x] package-versions/index.js
Changes ๐
List any change relevant to the reviewer.
- Implemented sanitizeFileName and safeJoinPath in generate-changelog.mjs
- Implemented sanitizeInput, validatePackage, validateFileName and safePathJoin in constants.mjs
- Implemented sanitizeFileName and safeJoinPath in deleteChangeset.mjs
- Implemented sanitizePackageName in deleteChangeset.mjs
Target release date ๐๏ธ
10/16
Verification steps
(How to verify changes)
- No regression in generate changelogs, delete changelogs and package versions
- Verify the branch (develop vs M3-7277) SAST scan job results warnings for the above files got reduced from 33 to 29.
- Reach me incase of any further questions.
As an Author I have considered ๐ค
Check all that apply
- [ ] ๐ Doing a self review
- [ ] โ Our contribution guidelines
- [ ] ๐ค Splitting feature into small PRs
- [ ] โ Adding a changeset
- [ ] ๐งช Providing/Improving test coverage
- [ ] ๐ Removing all sensitive information from the code and PR description
- [ ] ๐ฉ Using a feature flag to protect the release
- [ ] ๐ฃ Providing comprehensive reproduction steps
- [ ] ๐ Providing or updating our documentation
- [ ] ๐ Scheduling a pair reviewing session
- [ ] ๐ฑ Providing mobile support
- [ ] โฟ Providing accessibility support
Coverage Report: โ
Base Coverage: 87.12%
Current Coverage: 87.12%
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR is stale because it has been open 15 days with no activity. Please attend to this PR or it will be closed in 5 days
This PR is stale because it has been open 15 days with no activity. Please attend to this PR or it will be closed in 5 days
Cloud Manager UI test results
:small_red_triangle: 1 failing test on test run #11 โ๏ธ
| :x: Failing | :white_check_mark: Passing | :arrow_right_hook: Skipped | :clock1: Duration |
1 Failing | 451 Passing | 2 Skipped | 94m 36s |
Details
| Failing Tests | ||
|---|---|---|
| Spec | Test | |
| :x: | migrate-linode.spec.ts | Migrate linodes ยป shows DC-specific pricing information when migrating linodes to similarly priced DCs |
Troubleshooting
Use this command to re-run the failing tests:
yarn cy:run -s "cypress/e2e/core/linodes/migrate-linode.spec.ts"
This PR is stale because it has been open 15 days with no activity. Please attend to this PR or it will be closed in 5 days