Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2117 vulnerability code 2023 07 24 7 8 10 and 11 #2124

Merged
merged 5 commits into from
Aug 4, 2023
Merged

2117 vulnerability code 2023 07 24 7 8 10 and 11 #2124

merged 5 commits into from
Aug 4, 2023

Conversation

Matthew-Grayson
Copy link
Contributor

Related to issue #2114

🗣 Description

💭 Motivation and context

🧪 Testing

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@Matthew-Grayson Matthew-Grayson linked an issue Aug 3, 2023 that may be closed by this pull request
Vulnerability Code 2023_07_24 #7, # 8, #10, and #11 #2115
Closed
@actualeyes actualeyes merged commit 2ca5057 into master Aug 4, 2023
14 checks passed
@Matthew-Grayson Matthew-Grayson linked an issue Aug 4, 2023 that may be closed by this pull request
Vulnerability Code 2023_07_24 #7, 8, 10, and 11 #2117
Closed
@actualeyes actualeyes deleted the 2117-vulnerability-code-2023_07_24-7-8-10-and-11 branch August 4, 2023 07:48
epicfaace
epicfaace reviewed Aug 4, 2023
View reviewed changes
backend/src/tasks/censysIpv4.ts
const { chunkNumber, organizationId } = commandOptions;

// Sanitizes numChunks to protect against arbitrarily large numbers
const numChucksRawValue = commandOptions.numChunks;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Matthew-Grayson moving forward, for future scans or future sanitization we might need to do, it might be good to refactor this code into a helper function (maybe parseCommandOptions) as opposed to copy and pasting it across different scans (as it's also here -- #2123).

@Matthew-Grayson Matthew-Grayson mentioned this pull request Aug 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@epicfaace epicfaace epicfaace left review comments

@actualeyes actualeyes actualeyes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerability Code 2023_07_24 #7, 8, 10, and 11 Vulnerability Code 2023_07_24 #7, # 8, #10, and #11
3 participants
@Matthew-Grayson @actualeyes @epicfaace