Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sync / Gateway development -> staging #373

Open
wants to merge 41 commits into
base: staging
Choose a base branch
from
Open

sync / Gateway development -> staging #373

wants to merge 41 commits into from

Conversation

nikspz
Copy link
Contributor

@nikspz nikspz commented Dec 10, 2024

Before submitting this PR, please make sure:

  • Your code builds clean without any errors or warnings
  • You are using approved title ("feat/", "fix/", "docs/", "refactor/")

A description of the changes proposed in the pull request:

Tests performed by the developer:

Tips for QA testing:

fengtality and others added 30 commits July 25, 2024 18:34
(fix) fix poll route for base approvals
(fix) change how PancakeSwap fetches V2 pools
Feat: Add sepolia values to uniswap tests
const path = `${walletPath}/solana`;

const encryptedPrivateKey: string = await fse.readFile(
`${path}/${address}.json`,

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.

Copilot Autofix AI 6 days ago

To fix the problem, we need to validate the address parameter before using it to construct a file path. We can use the path module to ensure the constructed path is within a safe root directory. Specifically, we will:

  1. Normalize the constructed file path using path.resolve.
  2. Check that the normalized path starts with the root directory (walletPath/solana).
Suggested changeset 1
src/chains/solana/solana.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/chains/solana/solana.ts b/src/chains/solana/solana.ts
--- a/src/chains/solana/solana.ts
+++ b/src/chains/solana/solana.ts
@@ -283,5 +283,9 @@
     const path = `${walletPath}/solana`;
+    const filePath = path.resolve(path, `${address}.json`);
+    if (!filePath.startsWith(path)) {
+      throw new Error('Invalid address path');
+    }
 
     const encryptedPrivateKey: string = await fse.readFile(
-      `${path}/${address}.json`,
+      filePath,
       'utf8'
EOF
@@ -283,5 +283,9 @@
const path = `${walletPath}/solana`;
const filePath = path.resolve(path, `${address}.json`);
if (!filePath.startsWith(path)) {
throw new Error('Invalid address path');
}

const encryptedPrivateKey: string = await fse.readFile(
`${path}/${address}.json`,
filePath,
'utf8'
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants