Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#ab55467 #211

Closed
wants to merge 18 commits into from
Closed

#ab55467 #211

wants to merge 18 commits into from

Conversation

spbsoluble
Copy link
Collaborator

No description provided.

Keyfactor and others added 18 commits February 21, 2024 20:02
Update generated README
b3666ee
@spbsoluble
Merge remote-tracking branch 'origin/main' into release-1.4
b70fd4a
@spbsoluble
chore(docs): Update docs
7447624 
Signed-off-by: sbailey <[email protected]>
@spbsoluble
Epic 54795 (#160)
56d0747 
* fix(ci): Add KFC 11.x test labs
* fix(store-types): Store type create omits empty fields.
* fix(pam-types): `types-list` does not crash on nil httpResponse.
* chore: Update license year, and bump AKV runner go version
* fix(tests): Remove "ProviderTypeParams" from pam-types tests for KFC v11.0.0+
* fix(tests): Fix nil pointer issues on tests.
* feat(stores): `stores export` now allows for `--all` and user interactive exports
---------

Signed-off-by: sbailey <[email protected]>
Co-authored-by: Keyfactor <[email protected]>
Bump package version to 1.4.0-rc.23
a80debd
@fiddlermikey
Merge pull request #161 from Keyfactor/epic_54795_squashed
ff0933b 
Release v1.4.0
@spbsoluble
chore(pkg): Bump package version
a74eaad 
Signed-off-by: sbailey <[email protected]>
@spbsoluble
chore(pkg): Bump license year (#166)
34c2d48 
Signed-off-by: sbailey <[email protected]>
@spbsoluble
fix(cli): stores export supports paging.
95f0f86 
Signed-off-by: sbailey <[email protected]>
@spbsoluble
chore(docs): Update CHANGELOG.md
b0f362d 
Signed-off-by: sbailey <[email protected]>
@spbsoluble
fix(login): login tests credentials
7c37cde 
Signed-off-by: sbailey <[email protected]>
@spbsoluble
fix(login): login now passively combines environmental config and c…
693ae72 
…onfig file data.

chore(deps): update `keyfactor-go-client`

Signed-off-by: sbailey <[email protected]>
@spbsoluble
feat(ci): Split tests by Command version
ba12da8 
Signed-off-by: sbailey <[email protected]>
@spbsoluble
fix(ci): Remove templates-fetch tests for now as they're hanging.
20860cc
@spbsoluble
fix(ci): Use v11 labs for v11 tests
eecd92c
@spbsoluble
fix(cli): Implicitly output JSON formatted if the output is a valid J…
ab0cc59 
…SON string.

Signed-off-by: sbailey <[email protected]>
@spbsoluble
fix(cli) stores list if no stores are returned, call that out.
4501be8 
Signed-off-by: sbailey <[email protected]>
@spbsoluble
fix(tests): captureOutput refactored to prevent potential deadlocks
a1a3e84 
Signed-off-by: sbailey <[email protected]>
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 4, 2024
View reviewed changes
cmd/helpers.go
} else {
fmt.Println(fmt.Sprintf("%s", result))
if jerr != nil {
output = fmt.Sprintf("{\"message\": \"%s\"}", result)

Check failure

Code scanning / CodeQL

Potentially unsafe quoting Critical

If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.

Copilot Autofix AI 2 months ago

To fix the problem, we need to ensure that any user-provided data embedded in a JSON string is properly escaped. The best way to fix this is to use a structured API for building JSON strings or to manually escape any quotes in the result variable before embedding it in the JSON string.

In this case, we will use the strconv.Quote function to properly escape the result variable. This function will add double quotes around the string and escape any special characters, including double quotes, within the string.

Suggested changeset 1
cmd/helpers.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/cmd/helpers.go b/cmd/helpers.go
--- a/cmd/helpers.go
+++ b/cmd/helpers.go
@@ -342,3 +342,3 @@
 		if jerr != nil {
-			output = fmt.Sprintf("{\"message\": \"%s\"}", result)
+			output = fmt.Sprintf("{\"message\": %s}", strconv.Quote(fmt.Sprintf("%s", result)))
 			fmt.Println(output)
EOF
@@ -342,3 +342,3 @@
if jerr != nil {
output = fmt.Sprintf("{\"message\": \"%s\"}", result)
output = fmt.Sprintf("{\"message\": %s}", strconv.Quote(fmt.Sprintf("%s", result)))
fmt.Println(output)
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
cmd/helpers.go
jsonOutput, err := json.MarshalIndent(output, "", " ")
if err != nil {
//then output a { "message": "result" } json
output = fmt.Sprintf("{\"message\": \"%s\"}", result)

Check failure

Code scanning / CodeQL

Potentially unsafe quoting Critical

If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.
If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.

Copilot Autofix AI 2 months ago

To fix the problem, we need to ensure that any user-provided data embedded in a JSON string is properly escaped. The best way to achieve this is to use a structured API for building JSON objects or to manually escape special characters in the data.

In this case, we will use the strconv.Quote function to properly escape the result before embedding it in the JSON string. This function will handle escaping special characters and wrapping the string in double quotes.

Suggested changeset 1
cmd/helpers.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/cmd/helpers.go b/cmd/helpers.go
--- a/cmd/helpers.go
+++ b/cmd/helpers.go
@@ -349,3 +349,3 @@
 			//then output a { "message": "result" } json
-			output = fmt.Sprintf("{\"message\": \"%s\"}", result)
+			output = fmt.Sprintf("{\"message\": %s}", strconv.Quote(fmt.Sprintf("%s", result)))
 			fmt.Println(output)
EOF
@@ -349,3 +349,3 @@
//then output a { "message": "result" } json
output = fmt.Sprintf("{\"message\": \"%s\"}", result)
output = fmt.Sprintf("{\"message\": %s}", strconv.Quote(fmt.Sprintf("%s", result)))
fmt.Println(output)
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@spbsoluble spbsoluble changed the base branch from main to release-1.6 November 4, 2024 16:53
@spbsoluble spbsoluble changed the base branch from release-1.6 to ab#55467_sq November 4, 2024 19:39
@spbsoluble spbsoluble deleted the branch ab#55467_sq November 4, 2024 19:48
@spbsoluble spbsoluble closed this Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spbsoluble @fiddlermikey