Skip to content

fix: fix security vulnerabilities reported by CodeQL#5467

Merged
deansheather merged 2 commits into
mainfrom
dean/fix-codeql-fixes
Dec 19, 2022
Merged

fix: fix security vulnerabilities reported by CodeQL#5467
deansheather merged 2 commits into
mainfrom
dean/fix-codeql-fixes

Conversation

@deansheather
Copy link
Copy Markdown
Member

@deansheather deansheather commented Dec 19, 2022

Fixes the vulnerabilities reported by CodeQL in #5279.

@deansheather deansheather added the security Area: security label Dec 19, 2022
@deansheather deansheather requested a review from a team as a code owner December 19, 2022 18:31
@deansheather deansheather requested review from jsjoeio and removed request for a team and jsjoeio December 19, 2022 18:31
mafredri
mafredri approved these changes Dec 19, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@mafredri mafredri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had two questions but otherwise looks good! 👍

Comment thread coderd/gitauth/oauth.go Outdated
codersdk.GitProviderBitBucket: regexp.MustCompile(`bitbucket\.org`),
codersdk.GitProviderGitLab: regexp.MustCompile(`gitlab\.com`),
codersdk.GitProviderGitHub: regexp.MustCompile(`github\.com`),
codersdk.GitProviderAzureDevops: regexp.MustCompile(`^(https?:\/\/)?dev\.azure\.com(\/.*)?$`),
Copy link
Copy Markdown
Member

@mafredri mafredri Dec 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does forward slash need to be escaped here? It’s often a separator in regexes, requiring the escape, but unsure if needed here.

Copy link
Copy Markdown
Member Author

@deansheather deansheather Dec 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you're right, I'll remove the slashes

Comment thread cli/server.go
deansheather
deansheather commented Dec 19, 2022
View reviewed changes
Comment thread coderd/gitauth/oauth.go Outdated
@deansheather deansheather enabled auto-merge (squash) December 19, 2022 19:23
@deansheather deansheather merged commit 1bc4eb5 into main Dec 19, 2022
@deansheather deansheather deleted the dean/fix-codeql-fixes branch December 19, 2022 19:26
@github-actions github-actions Bot locked and limited conversation to collaborators Dec 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mafredri mafredri mafredri approved these changes

Assignees

No one assigned

Labels

security Area: security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deansheather @mafredri