Feat cerfa dates #3600

pYassine · 2024-12-18T08:38:02Z

No description provided.

sonarqubecloud · 2024-12-18T08:39:15Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
7.1% Duplication on New Code

packages/backend/src/auth/guards/structure-access.guard.ts

+  public async canActivate(context: ExecutionContext) {
+    const r = context.switchToHttp().getRequest();
+
+    console.log(r?.params?.structureId);


To fix the problem, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the structureId parameter to prevent log injection attacks. This can be done using the String.prototype.replace method to strip out newline characters.

We will modify the code to sanitize r?.params?.structureId before logging it. This involves creating a sanitized version of structureId and then logging the sanitized value.

github-actions · 2024-12-18T08:43:29Z

🎉 Deployment for commit 0641292 :

Ingresses

Docker images

📦 docker pull harbor.fabrique.social.gouv.fr/domifa/domifa/backend:sha-0641292f1e9fe0dda861e0be4c7d61834720e2fe
📦 docker pull harbor.fabrique.social.gouv.fr/domifa/domifa/frontend:sha-0641292f1e9fe0dda861e0be4c7d61834720e2fe
📦 docker pull harbor.fabrique.social.gouv.fr/domifa/domifa/portail-admins:sha-0641292f1e9fe0dda861e0be4c7d61834720e2fe
📦 docker pull harbor.fabrique.social.gouv.fr/domifa/domifa/portail-usagers:sha-0641292f1e9fe0dda861e0be4c7d61834720e2fe

Debug

codecov-commenter · 2024-12-18T08:44:14Z

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 54.54545% with 20 lines in your changes missing coverage. Please review.

Project coverage is 66.48%. Comparing base (ff0e7fb) to head (0641292).
Report is 2 commits behind head on master.

Files with missing lines	Patch %	Lines
.../backend/src/auth/guards/structure-access.guard.ts	22.22%	14 Missing ⚠️
...src/auth/decorators/current-structure.decorator.ts	40.00%	3 Missing ⚠️
...rs/admin-structures/admin-structures.controller.ts	40.00%	3 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3600      +/-   ##
==========================================
- Coverage   66.56%   66.48%   -0.09%     
==========================================
  Files         910      912       +2     
  Lines       14913    14942      +29     
  Branches     2065     2074       +9     
==========================================
+ Hits         9927     9934       +7     
- Misses       4678     4699      +21     
- Partials      308      309       +1

Files with missing lines	Coverage Δ
...s/_init-db/1603812391580-pr-env-create-database.ts	`17.39% <ø> (ø)`
packages/backend/src/auth/decorators/index.ts	`100.00% <100.00%> (ø)`
.../auth/decorators/is-social-gouv-email.decorator.ts	`83.33% <ø> (ø)`
packages/backend/src/auth/guards/index.ts	`100.00% <100.00%> (ø)`
...abase/entities/structure/StructureTable.typeorm.ts	`90.69% <ø> (-0.22%)`	⬇️
.../services/structure/structureRepository.service.ts	`100.00% <100.00%> (ø)`
.../modules/general/components/faq/faq.component.html	`100.00% <ø> (ø)`
...nage-usagers-page/manage-usagers-page.component.ts	`24.19% <ø> (ø)`
...ts/usager-filter/services/usagersSorter.service.ts	`97.14% <100.00%> (+0.47%)`	⬆️
...src/auth/decorators/current-structure.decorator.ts	`40.00% <40.00%> (ø)`
... and 2 more

... and 3 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ff0e7fb...0641292. Read the comment docs.

SocialGroovyBot · 2024-12-18T08:48:49Z

🎉 This PR is included in version 2.188.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

fix(backend): add routes for admin

0641292

pYassine force-pushed the feat-cerfa-dates branch from 51f83ed to 0641292 Compare December 18, 2024 08:38

pYassine marked this pull request as ready for review December 18, 2024 08:38

pYassine temporarily deployed to review-auto December 18, 2024 08:38 — with GitHub Actions Inactive

github-advanced-security bot found potential problems Dec 18, 2024

View reviewed changes

pYassine merged commit 8e8453c into master Dec 18, 2024
14 checks passed

pYassine deleted the feat-cerfa-dates branch December 18, 2024 08:48

SocialGroovyBot added the released label Dec 18, 2024

@@ -16,3 +16,4 @@
-                console.log(r?.params?.structureId);
+                const sanitizedStructureId = r?.params?.structureId?.replace(/\n|\r/g, "");
+                console.log(sanitizedStructureId);
                 console.log(r?.user?.isSuperAdminDomifa);

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feat cerfa dates #3600

Feat cerfa dates #3600

pYassine commented Dec 18, 2024

sonarqubecloud bot commented Dec 18, 2024

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

github-actions bot commented Dec 18, 2024

codecov-commenter commented Dec 18, 2024 •

edited

Loading

SocialGroovyBot commented Dec 18, 2024

Feat cerfa dates #3600

Feat cerfa dates #3600

Conversation

pYassine commented Dec 18, 2024

sonarqubecloud bot commented Dec 18, 2024

Quality Gate passed

github-actions bot commented Dec 18, 2024

codecov-commenter commented Dec 18, 2024 • edited Loading

Codecov Report

SocialGroovyBot commented Dec 18, 2024

codecov-commenter commented Dec 18, 2024 •

edited

Loading