Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix code scan issue with ALLOWED_DOMAIN_PATTERN regex #1687

Merged
merged 1 commit into from
Jan 13, 2025
Merged

Fix code scan issue with ALLOWED_DOMAIN_PATTERN regex #1687

merged 1 commit into from
Jan 13, 2025

Conversation

krzysztofzuraw
Copy link
Member

Scope of the PR

Escape ALLOWED_DOMAIN_PATTERN regex. It ensures that regex constructed from env variable is sanitized and can't be used to Denial of Service attack.

Related issues

Checklist

@krzysztofzuraw krzysztofzuraw requested review from a team as code owners January 13, 2025 11:44
@krzysztofzuraw krzysztofzuraw requested review from a team and witoszekdev January 13, 2025 11:44
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 13, 2025

🦋 Changeset detected

Latest commit: 534f59a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages
Name Type
products-feed Patch
klaviyo Patch
app-avatax Patch
cms-v2 Patch
search Patch
smtp Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel Vercel
Copy link

vercel bot commented Jan 13, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
saleor-app-avatax ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 13, 2025 11:49am
saleor-app-cms ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 13, 2025 11:49am
saleor-app-klaviyo ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 13, 2025 11:49am
saleor-app-products-feed ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 13, 2025 11:49am
saleor-app-search ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 13, 2025 11:49am
saleor-app-segment ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 13, 2025 11:49am
saleor-app-smtp ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 13, 2025 11:49am

@krzysztofzuraw krzysztofzuraw changed the title Fix code scan issue with ALLOWED_DOMAIN_PATTERN regex Fix code scan issue with ALLOWED_DOMAIN_PATTERN regex Jan 13, 2025
@krzysztofzuraw krzysztofzuraw merged commit 9649b78 into canary Jan 13, 2025
19 checks passed
@krzysztofzuraw krzysztofzuraw deleted the fix-code-scan-issue branch January 13, 2025 11:54
lkostrowski added a commit that referenced this pull request Jan 13, 2025
@krzysztofzuraw @lkostrowski @poulch
Merge canary to main (#1686)
9bbf9ee 
* log suspicious taxes calculation (#1658)

* fix log (#1660)

* Use vercel log drain in merchant apps (#1657)

* Use vercel log drain

* Add changeset

* improve log for non zero line (#1663)

* Bring back Segment app to monorepo (#1665)

* Fix deployment of Segment app (#1666)

* Add setup node to GHA workflow (#1673)

* Add Sentry to Segment app (#1671)

* Add OTEL & improve logs in Segment app (#1675)

* Fixed app version send to Segment & how we send events (#1676)

* Add use-case to Segment app (#1677)

* Initially disable Segment app webhooks (#1678)

* Add README to Segment app (#1683)

* Improve Segment app logo (#1682)

* Fix missing cache for test workflow (#1685)

* Add new Vercel log limit (#1684)

* Run autofix for monorepo (#1681)

* Fix code scan issue with ALLOWED_DOMAIN_PATTERN regex (#1687)

---------

Co-authored-by: Lukasz Ostrowski <[email protected]>
Co-authored-by: Paweł Chyła <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@poulch poulch poulch approved these changes

@lkostrowski lkostrowski lkostrowski approved these changes

@witoszekdev witoszekdev Awaiting requested review from witoszekdev

Assignees

@krzysztofzuraw krzysztofzuraw

Labels
App: AvaTax App: CMS App: Klaviyo App: Product Feed App: Search App: SMTP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@krzysztofzuraw @lkostrowski @poulch