Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/protocol #259

Open
wants to merge 39 commits into
base: next
Choose a base branch
from
Open

Feature/protocol #259

wants to merge 39 commits into from

Conversation

jlacivita
Copy link
Contributor

No description provided.

@rdkcmf-jenkins
Copy link

Coverity detected 6 issues; a security concern.

rdkcmf-jenkins
rdkcmf-jenkins reviewed May 3, 2024
View reviewed changes
src/openrpc/authentication.json
"result": {
"name": "token",
"value": {
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low impact. Security issue.
Sigma. Hard-coded secret.
A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to.

rdkcmf-jenkins
rdkcmf-jenkins reviewed May 3, 2024
View reviewed changes
src/openrpc/authentication.json
"result": {
"name": "token",
"value": {
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low impact. Security issue.
Sigma. Hard-coded secret.
A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to.

rdkcmf-jenkins
rdkcmf-jenkins reviewed May 3, 2024
View reviewed changes
src/openrpc/authentication.json
"result": {
"name": "token",
"value": {
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low impact. Security issue.
Sigma. Hard-coded secret.
A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to.

rdkcmf-jenkins
rdkcmf-jenkins reviewed May 3, 2024
View reviewed changes
src/openrpc/authentication.json
"params": [],
"result": {
"name": "token",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low impact. Security issue.
Sigma. Hard-coded secret.
A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to.

rdkcmf-jenkins
rdkcmf-jenkins reviewed May 3, 2024
View reviewed changes
src/openrpc/authentication.json
"params": [],
"result": {
"name": "token",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low impact. Security issue.
Sigma. Hard-coded secret.
A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to.

rdkcmf-jenkins
rdkcmf-jenkins reviewed May 3, 2024
View reviewed changes
src/openrpc/authentication.json
"params": [],
"result": {
"name": "token",
"value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low impact. Security issue.
Sigma. Hard-coded secret.
A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to.

jlacivita and others added 16 commits June 5, 2024 07:47
@jlacivita
fix: Provider tests
3eef17a
@jlacivita
feat: User Interest (#170)
48a1094 
In additional to traditional discovery APIs such as Watch History and
Watch Next, Firebolt provides a more abstract API that facilitates
impromptu content discovery connections between first-party Aggregated
Experiences and third-party Apps.

The User Interest Capability enables Apps to provide meta-data on
content that the user has expressed an interest in to Aggregated
Experience Apps that have been given access to use this Capability.

This allows for open ended design of Aggregated Experience App features
that present App-specific content to re-engage the user with the content
inside the originating App.

While the functionality and UX is left to the Aggregated Experience App,
typically designed by each Firebolt Distributor, the Firebolt API
enables events to register user interest and pass entity meta-data.

Which generally enables Aggregated Experiences to present that entity
meta-data in some way that leads to re-launching the original App at a
later point, using a `navigateTo` notification.

This is just one example of what an Aggregated Experience App might do
with the User Interest API.

Note that this API **SHOULD NOT** be used to implement Watch History or
Watch Next features. These concepts are much more fundamental to
Firebolt and have explicit APIs so that Firebolt Distributors can keep
track of which apps are using them separately.
@semantic-release-bot
chore(release): 1.2.0-next.3 [skip ci]
e68c061 
# [1.2.0-next.3](v1.2.0-next.2...v1.2.0-next.3) (2024-06-06)

### Features

* User Interest ([#170](#170)) ([48a1094](48a1094))
@jlacivita
feat: Command and Control Intents (#251)
c8f8dae 
* feat: Command and Control Intents

* Addition of the intents to control Firebolt compliant devices.

Control intents are for user intentions that will be needed regardless of whether there are any apps installed such as Power Intents, Volume Intents, Channel Intents, Media Control Intents
@semantic-release-bot
chore(release): 1.2.0-next.4 [skip ci]
5213418 
# [1.2.0-next.4](v1.2.0-next.3...v1.2.0-next.4) (2024-06-06)

### Features

* Command and Control Intents ([#251](#251)) ([c8f8dae](c8f8dae))
@jlacivita
chore: Adding Capabilities Specification (#273)
12628e2 
* chore(capabilities): Adding missing specs
* fix: Cleanup of Capabilities requirements
* Remove dangling requirements or replaced them with "This concept is out of scope for this document"
@jlacivita
chore: Adding spec for existing Language APIs (#167)
fe8a895
@jlacivita
fix: Remove x-alternatives that don't exist (#278)
e38ad5a 
* fix: Remove x-alternatives that don't exist
* fix: Cut ProviderPolicy from App Pass-through
@semantic-release-bot
chore(release): 1.2.0-next.5 [skip ci]
e00a1dd 
# [1.2.0-next.5](v1.2.0-next.4...v1.2.0-next.5) (2024-06-13)

### Bug Fixes

* Remove x-alternatives that don't exist ([#278](#278)) ([e38ad5a](e38ad5a))
@jlacivita
Merge branch 'next' into feature/protocol
bc3e7b9
@jlacivita
fix: CI running w/ 1.x SDK
1a45cbc
@jlacivita
fix: Remove unsupported macros from Lifecycle defaults mock
7d5147d
@jlacivita
fix: Remove union-type for Federated response parameters.
45b80fa 
It's just ["object", "null"] and it's an optional parameter, so we can leave it undefined instead of passing null
@jlacivita
fix: Various examples where malformed
d7fec81
@jlacivita
fix: Point to latest firebolt-openrpc branch
cb21036
@jlacivita
fix: Update SDK task name in yaml
fc1f233
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rdkcmf-jenkins rdkcmf-jenkins rdkcmf-jenkins left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jlacivita @rdkcmf-jenkins @kpears201 @kschrief @semantic-release-bot