Jörmungandrk
Jörmungandrk
https://github.com/lichess-org/lichobile/blob/663e69fab10e4267a9b3369febe85d1363816ba2/scripts/compile-date-locales.js#L17-L17 fix the problem should avoid constructing the shell command as a single string and instead use the `execFile` function from the `child_process` module. This function allows us to pass...
https://github.com/aws/aws-cli/blob/f38990ec8dc5900f17e647764cf3c7d09ac7b249/awscli/customizations/codecommit.py#L99-L99 fix the problem need to parse the URL and check the host value correctly. Instead of checking if "amazonaws.com" is a substring of the host, we should use the...
https://github.com/facebook/rocksdb/blob/2ea356d0bea2e9a847792559498c02571dbf1e53/db/memtable_list.cc#L402-L402 Fix the issue need to ensure that the subtraction does not result in unsigned underflow. The best approach is to cast the result of the subtraction to a signed...
https://github.com/coreybutler/node-windows/blob/54ac1e382f1cf56bc7278672672aba1342c96c01/lib/binaries.js#L2-L2 https://github.com/coreybutler/node-windows/blob/54ac1e382f1cf56bc7278672672aba1342c96c01/lib/binaries.js#L76-L76 fix the issue the dynamically constructed shell command should be replaced with a safer approach that avoids shell interpretation. Specifically: 1. Use `execFile` instead of `exec` to execute...
https://github.com/kubernetes-sigs/headlamp/blob/ff50a9e85855ded3eb476db27487206abfa1936f/app/scripts/esrp.js#L9-L9 https://github.com/kubernetes-sigs/headlamp/blob/ff50a9e85855ded3eb476db27487206abfa1936f/app/scripts/esrp.js#L221-L221 Fix the issue the dynamically constructed shell command should be replaced with a safer approach that avoids shell interpretation. Specifically, the `execSync` call should be replaced with `execFileSync`,...
https://github.com/uber/baseweb/blob/f7b840f829a949b4fdb3fca707c56575b0ffe31b/src/icon/build-icons.js#L34-L35 fix the problem ensure that all instances of the targeted pattern are removed from the input string, even if they appear consecutively or are nested. The best way to...
https://github.com/apache/trafficserver/blob/28710feefbcd5f10ce5def123f6fbd3e09fc1b79/src/mgmt/rpc/server/IPCSocketServer.cc#L416-L416 Fix the issue need to ensure that the comparison logic does not rely on unsigned subtraction, which can underflow. Instead, we can directly compare `bw.stored()` with `_max_req_size` to determine...
https://github.com/apache/trafficserver/blob/28710feefbcd5f10ce5def123f6fbd3e09fc1b79/src/tscore/ink_cap.cc#L407-L410 Fix the TOCTOU race condition, we should replace the `chmod` call with `fchmod`, which operates on a file descriptor rather than a file path. This ensures that the permissions...
https://github.com/bugsnag/bugsnag-js/blob/0c272be56233026c8c0ba6f039359408c1b1789d/scripts/generate-react-native-fixture.js#L137-L137 fix the issue dynamically constructed shell command should be replaced with a safer alternative that avoids interpretation by the shell. Specifically, the `execSync` call should be replaced with `execFileSync`,...
https://github.com/emberjs/ember.js/blob/6c601053dab9c40d900f19d16b08620c5e13f6ba/packages/%40ember/engine/index.ts#L503-L503 fix the issue validate the `bucketName` parameter to ensure it cannot be set to a prototype-polluting value like `__proto__`, `constructor`, or `prototype`. This can be achieved by adding a...