Skip to content

Commit

Permalink
Vulnerability fixes (#447)
Browse files Browse the repository at this point in the history 
* Fixed handling on URI

* Redirection fixes

* Accessibility fixes

* Small fixes

* Accessibility updates

* New error page built

* Eslint fix

* Implemented the new service and fixed redirecton issue

---------

Co-authored-by: BelishtaArjol <[email protected]>
  • Loading branch information
@antoniobenci87 @BelishtaArjol
antoniobenci87 and BelishtaArjol authored Oct 24, 2023
1 parent c3b7e74 commit 7bf4129
Show file tree
Hide file tree
Showing 6 changed files with 141 additions and 96 deletions.
3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,8 @@
},
"resolutions": {
"semver": "7.5.3",
"postcss": "8.4.31"
"postcss": "8.4.31",
"@babel/traverse": "7.23.2"
},
"scripts": {
"start": "./env.sh && move env-config.js ./public/ && set INLINE_RUNTIME_CHUNK=false && node scripts/start.js",
Expand Down
88 changes: 44 additions & 44 deletions src/components/layout/NewErrorPage/NewErrorPage.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@ const NewErrorPage = () => {
rx="5.5"
transform="matrix(-6.79865e-09 -1 -1 6.79865e-09 104 51)"
stroke="#F7B000"
stroke-width="3"
strokeWidth="3"
/>
<path
d="M130 50L115 50C112.239 50 110 47.7614 110 45V45C110 42.2386 112.239 40 115 40L130 40"
stroke="#F7B000"
stroke-width="3"
strokeWidth="3"
/>
<line
x1="1.5"
Expand All @@ -40,8 +40,8 @@ const NewErrorPage = () => {
y2="-1.5"
transform="matrix(-1 6.79865e-09 6.79865e-09 1 116 47)"
stroke="#F7B000"
stroke-width="3"
stroke-linecap="round"
strokeWidth="3"
strokeLinecap="round"
/>
<circle cx="45" cy="45" r="45" fill="#0066CC" />
<path
Expand All @@ -64,15 +64,15 @@ const NewErrorPage = () => {
<path
d="M-7.47852e-08 40L14.5 40C17.5376 40 20 42.4624 20 45.5V45.5C20 48.5376 17.5376 51 14.5 51L0 51"
stroke="#F7B000"
stroke-width="3"
strokeWidth="3"
/>
<rect
width="10"
height="20"
rx="5"
transform="matrix(-6.79865e-09 -1 -1 6.79865e-09 46 50)"
stroke="#F7B000"
stroke-width="3"
strokeWidth="3"
/>
<line
x1="1.5"
Expand All @@ -81,96 +81,96 @@ const NewErrorPage = () => {
y2="-1.5"
transform="matrix(-1 6.79865e-09 6.79865e-09 1 32 47)"
stroke="#F7B000"
stroke-width="3"
stroke-linecap="round"
strokeWidth="3"
strokeLinecap="round"
/>
<path
d="M41 44.9484C40.9949 50.8617 42.1551 56.718 44.4141 62.1833C46.6732 67.6473 49.9868 72.6135 54.1657 76.7977C58.3446 80.9818 63.3072 84.3007 68.7695 86.566C74.2317 88.8314 80.0867 89.9981 86 90.0004C97.9347 90.0004 109.381 85.2595 117.82 76.8196C126.259 68.3809 131 56.934 131 44.9998C131 33.065 126.259 21.6192 117.82 13.1801C109.381 4.74093 97.9347 0 86 0C74.0753 0.00335007 62.6392 4.73839 54.2022 13.1656C45.7653 21.5928 41.0171 33.0236 41 44.9484Z"
fill="#0066CC"
/>
<path
fill-rule="evenodd"
clip-rule="evenodd"
fillRule="evenodd"
clipRule="evenodd"
d="M61 66H113V28H61V66Z"
fill="#0066CC"
/>
<path
fill-rule="evenodd"
clip-rule="evenodd"
fillRule="evenodd"
clipRule="evenodd"
d="M61 66H113V28H61V66Z"
stroke="white"
stroke-width="1.34"
stroke-linecap="round"
stroke-linejoin="round"
strokeWidth="1.34"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
d="M61 39.5H113"
stroke="white"
stroke-width="1.34"
stroke-linecap="round"
stroke-linejoin="round"
strokeWidth="1.34"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
fill-rule="evenodd"
clip-rule="evenodd"
fillRule="evenodd"
clipRule="evenodd"
d="M69 33.5C69 34.3291 68.3288 35 67.4994 35C66.6712 35 66 34.3291 66 33.5C66 32.6709 66.6712 32 67.4994 32C68.3288 32 69 32.6709 69 33.5Z"
fill="white"
/>
<path
fill-rule="evenodd"
clip-rule="evenodd"
fillRule="evenodd"
clipRule="evenodd"
d="M74 33.5C74 34.3291 73.3288 35 72.4994 35C71.6712 35 71 34.3291 71 33.5C71 32.6709 71.6712 32 72.4994 32C73.3288 32 74 32.6709 74 33.5Z"
fill="white"
/>
<path
fill-rule="evenodd"
clip-rule="evenodd"
fillRule="evenodd"
clipRule="evenodd"
d="M78 33.5C78 34.3291 77.3288 35 76.4994 35C75.6712 35 75 34.3291 75 33.5C75 32.6709 75.6712 32 76.4994 32C77.3288 32 78 32.6709 78 33.5Z"
fill="white"
/>
<path
fill-rule="evenodd"
clip-rule="evenodd"
fillRule="evenodd"
clipRule="evenodd"
d="M67 61H108V45H67V61Z"
stroke="white"
stroke-width="1.34"
stroke-linecap="round"
stroke-linejoin="round"
strokeWidth="1.34"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
d="M67 55.5H108"
stroke="white"
stroke-width="1.34"
stroke-linecap="round"
stroke-linejoin="round"
strokeWidth="1.34"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
d="M67 50.5H108"
stroke="white"
stroke-width="1.34"
stroke-linecap="round"
stroke-linejoin="round"
strokeWidth="1.34"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
d="M89.5 45V61"
stroke="white"
stroke-width="1.34"
stroke-linecap="round"
stroke-linejoin="round"
strokeWidth="1.34"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
d="M89.5 45V61"
stroke="white"
stroke-width="1.34"
stroke-linecap="round"
stroke-linejoin="round"
strokeWidth="1.34"
strokeLinecap="round"
strokeLinejoin="round"
/>
<path
d="M73 45V61"
stroke="white"
stroke-width="1.34"
stroke-linecap="round"
stroke-linejoin="round"
strokeWidth="1.34"
strokeLinecap="round"
strokeLinejoin="round"
/>
</svg>
</div>
Expand Down
29 changes: 12 additions & 17 deletions src/components/semantic-assets/AssetDetails/metadata/AssetIriRow.js
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,25 @@
import sprite from "../../../../assets/images/sprite.svg";
import * as PropTypes from "prop-types";
import React from "react";
import { baseUrl } from "../../../../services/fetchUtils";
import rowStyle from "../metadata/MetadataRow.module.css";

const AssetIriRow = (props) => {
const type = props.type;
const url = props.assetIri;
const handleClick = (event) => {
if (type == "ONTOLOGY") {
event.preventDefault();
event.preventDefault();

fetch(`https://schema.gov.it/lode/extract?url=${url}`)
.then((response) => {
if (response.status < 400) {
window.open(url);
} else {
window.open("/error-page", "_self");
}
})
.catch(() => {
fetch(`${baseUrl()}/check-url?url=${url}`)
.then((response) => {
if (response.status < 400) {
window.open(url);
} else {
window.open("/error-page", "_self");
});
} else {
window.open(url);
}
}
})
.catch(() => {
window.open("/error-page", "_self");
});
};

return (
Expand Down Expand Up @@ -66,7 +62,6 @@ const AssetIriRow = (props) => {

AssetIriRow.propTypes = {
assetIri: PropTypes.string.isRequired,
type: PropTypes.string.isRequired,
};

export default AssetIriRow;
3 changes: 2 additions & 1 deletion src/components/semantic-assets/AssetDetails/summary/AssetDetailsButtons.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,13 @@ import {
import * as PropTypes from "prop-types";
import { oneOf } from "prop-types";
import getSparqlEndpoint from "../../../../services/sparql";
import { baseUrl } from "../../../../services/fetchUtils";
import styles from "./AssetDetailsButtons.module.css";

const renderButton = (text, url, className) => {
const handleButtonClick = (event) => {
event.preventDefault();
fetch(url)
fetch(`${baseUrl()}/check-url?url=${url}`)
.then((response) => {
if (response.status < 400) {
window.open(url);
Expand Down
26 changes: 3 additions & 23 deletions src/components/semantic-assets/AssetDetails/summary/AssetDetailsButtons.test.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/* eslint-disable prettier/prettier */
import AssetDetailsButtons from "./AssetDetailsButtons";
import { fireEvent, render, screen } from "@testing-library/react";
import { render, screen } from "@testing-library/react";
import {
AT_ONTOLOGY,
AT_SCHEMA,
Expand All @@ -13,7 +13,6 @@ jest.mock("../../../../services/sparql");
describe("<AssetDetailsButtons/>", () => {
beforeEach(() => {
global.window.open = jest.fn();
//global.window.location.href = "/"; // Set a default value for window.location.href
getSparqlEndpoint.mockReturnValue("http://sparql.example.com");
});

Expand All @@ -32,35 +31,16 @@ describe("<AssetDetailsButtons/>", () => {
});

test("renders buttons for vocab", () => {
const openSpy = jest.spyOn(window, "open");
render(
<AssetDetailsButtons
type={AT_VOCABULARY}
assetIri={"CvIri"}
vocabUrl={"CvUrl"}
accessUrl={"gitUrl"}
/>
);
render(<AssetDetailsButtons type={AT_VOCABULARY} accessUrl={"gitUrl"} />);

const sparqlButton = screen.getByText("sparql");
expect(sparqlButton).toBeInTheDocument();
fireEvent.click(sparqlButton);
// expect(openSpy).toHaveBeenCalledWith(
// "http://sparql.example.com?qtxt=select distinct ?prop ?value where { <CvIri> ?prop ?value}"
// );
openSpy.mockClear();

const apiBtn = screen.getByText("api");
expect(apiBtn).toBeInTheDocument();
fireEvent.click(apiBtn);
// expect(openSpy).toHaveBeenCalledWith("CvUrl");
openSpy.mockClear();

const srcBtn = screen.getByText("Vai al sorgente");
expect(srcBtn).toBeInTheDocument();
fireEvent.click(srcBtn);
// expect(openSpy).toHaveBeenCalledWith("gitUrl");
openSpy.mockClear();
});

test("renders buttons for ontology", () => {
Expand Down Expand Up @@ -88,4 +68,4 @@ describe("<AssetDetailsButtons/>", () => {
const srcBtn = screen.getByText("Vai al sorgente");
expect(srcBtn).toBeInTheDocument();
});
});
});
Loading

0 comments on commit 7bf4129

Please sign in to comment.