Skip to content

[WIP] refactor: ts #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
atian25 wants to merge 14 commits into
base: master
Choose a base branch
from
Open

[WIP] refactor: ts #37

atian25 wants to merge 14 commits into from

Conversation

@atian25
Copy link
Member

@atian25 atian25 commented Dec 27, 2022

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 27, 2022
View reviewed changes
test/fixtures/process/long-run.ts
const port = process.env.PORT || 3000;

const app = http.createServer((req, res) => {
console.log(`Receive: ${req.url}`);

Check failure

Code scanning / CodeQL

Log injection

Log entry depends on a [user-provided value](1).
test/fixtures/process/long-run.ts
const app = http.createServer((req, res) => {
console.log(`Receive: ${req.url}`);

if (req.url === '/exit') {

Check failure

Code scanning / CodeQL

User-controlled bypass of security check

This condition guards a sensitive [action](1), but a [user-provided value](2) controls it.
test/fixtures/process/prompt.ts

rl.question('What is your favorite food? ', (answer) => {
console.log(`Oh, so your favorite food is ${answer}`);
let i = 0;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class

Unused variable i.
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 27, 2022
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 27, 2022
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 29, 2022
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 29, 2022
View reviewed changes
src/lib/process.ts
this.proc = execa.node(this.cmd, this.args, this.opts);
} else {
const cmdString = [ this.cmd, ...this.args ].join(' ');
this.proc = execa.command(cmdString, this.opts);

Check warning

Code scanning / CodeQL

Shell command built from environment values

This shell command depends on an uncontrolled [absolute path](1). This shell command depends on an uncontrolled [absolute path](2). This shell command depends on an uncontrolled [absolute path](3).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@atian25