Conversation
feat: 流程表单画布保存是支持自定义输入数据表表名
refactor: 数据表表名相关问题优化
refactor: 平台和应用在bkflow动态注册空间
refactor: 取应用配置文件修改
refactor: 去掉vue composition-api模块的导入
# Reviewed, transaction id: 30623
# Reviewed, transaction id: 31767
修改AI返回的数据结构
# Reviewed, transaction id: 34704
AI 切换成 hunyuan & 修改sql参数
# Reviewed, transaction id: 34770
修改sql参数的写法
# Reviewed, transaction id: 34780
feat: 生成sql优化 && fix table 多选列时header展示异常
# Reviewed, transaction id: 39942
# Reviewed, transaction id: 39946
# Reviewed, transaction id: 39947
merge develop to nocode
--story=120157583 流程关联表单页、数据管理页、流程管理页
merge develop to nocode
# Reviewed, transaction id: 39958
# Reviewed, transaction id: 39964
# Reviewed, transaction id: 40030
# Reviewed, transaction id: 40039
# Reviewed, transaction id: 40066
# Reviewed, transaction id: 42166
# Reviewed, transaction id: 43042
# Reviewed, transaction id: 44125
# Reviewed, transaction id: 44126
# Reviewed, transaction id: 44131
流程相关代码同步到develop分支
# Reviewed, transaction id: 44475
vue3应用源码属性取值修复
# Reviewed, transaction id: 44577
# Reviewed, transaction id: 44581
vue3 render函数ref属性字符串写法修复
# Reviewed, transaction id: 44698
vue3应用源码人员选择器host值注入时机修改
# Reviewed, transaction id: 44789
fix: 人工节点复用表单模式绑定表单页失败修复
refactor: 上云版、社区版bkflow网关名称区分
# Reviewed, transaction id: 49048
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| newVal = newVal.replaceAll(word, 'xxxxxxxxxxx') | ||
| }) | ||
| if (newVal !== val) { | ||
| console.log('过滤处理字符: ', val) |
Check warning
Code scanning / CodeQL
Log injection Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 months ago
To fix the issue, the val parameter should be sanitized to remove newline characters (\n and \r) before being logged. This can be achieved by using String.prototype.replace to replace newline characters with an empty string. This ensures that user input cannot inject new log entries or disrupt log formatting.
The fix involves modifying the removeIllegalWords function in lib/shared/util.js to include the removal of newline characters. Additionally, the console.log statement on line 45 should log the sanitized value.
| @@ -38,3 +38,3 @@ | ||
| const words = ['Function', 'function', 'mainModule', 'child_process', 'process.', '.exec', 'global', 'fs', 'eval', 'curl', '=>', 'return', 'require(', 'import ', 'var ', '()', 'spawn', 'execFile'] | ||
| let newVal = val | ||
| let newVal = val.replace(/\n|\r/g, '') // Remove newline characters | ||
| words.forEach(word => { | ||
| @@ -44,3 +44,3 @@ | ||
| if (newVal !== val) { | ||
| console.log('过滤处理字符: ', val) | ||
| console.log('过滤处理字符: ', newVal) // Log sanitized value | ||
| } |
| const BLACKLIST = ['process', 'fs', 'child_process', 'eval'] | ||
| if (BLACKLIST.some(kw => code.includes(kw))) throw new Error('禁止操作') | ||
|
|
||
| console.log(code, 'sanbox result', vm.runInContext(code, context)) |
Check failure
Code scanning / CodeQL
Use of externally-controlled format string High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 months ago
To fix the issue, the code variable should be sanitized before being logged using console.log. This can be achieved by explicitly converting the input to a string using a safe method, such as JSON.stringify or a %s format specifier. This ensures that any format specifiers or malicious input are neutralized.
The changes will be made in the sandboxRun function in lib/shared/util.js. Specifically:
- Replace the direct logging of
codewith a sanitized version usingJSON.stringify(code)or a similar approach. - Ensure that the functionality of the
sandboxRunfunction remains unchanged.
| @@ -447,3 +447,3 @@ | ||
|
|
||
| console.log(code, 'sanbox result', vm.runInContext(code, context)) | ||
| console.log(JSON.stringify(code), 'sanbox result', vm.runInContext(code, context)) | ||
| return vm.runInContext(code, context, { |
| const BLACKLIST = ['process', 'fs', 'child_process', 'eval'] | ||
| if (BLACKLIST.some(kw => code.includes(kw))) throw new Error('禁止操作') | ||
|
|
||
| console.log(code, 'sanbox result', vm.runInContext(code, context)) |
Check warning
Code scanning / CodeQL
Log injection Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 months ago
To fix the log injection vulnerability, we need to sanitize the code variable before logging it. Specifically, we should remove any newline characters (\n and \r) from the input to prevent log entry splitting. Additionally, we can encode the input to ensure that it is safely logged.
The fix involves:
- Using
String.prototype.replaceto remove newline characters from thecodevariable. - Updating the
console.logstatement to use the sanitized version ofcode.
| @@ -447,3 +447,4 @@ | ||
|
|
||
| console.log(code, 'sanbox result', vm.runInContext(code, context)) | ||
| const sanitizedCode = code.replace(/\n|\r/g, ""); | ||
| console.log(sanitizedCode, 'sanbox result', vm.runInContext(sanitizedCode, context)) | ||
| return vm.runInContext(code, context, { |
| const BLACKLIST = ['process', 'fs', 'child_process', 'eval'] | ||
| if (BLACKLIST.some(kw => code.includes(kw))) throw new Error('禁止操作') | ||
|
|
||
| console.log(code, 'sanbox result', vm.runInContext(code, context)) |
Check failure
Code scanning / CodeQL
Code injection Critical
| if (BLACKLIST.some(kw => code.includes(kw))) throw new Error('禁止操作') | ||
|
|
||
| console.log(code, 'sanbox result', vm.runInContext(code, context)) | ||
| return vm.runInContext(code, context, { |
Check failure
Code scanning / CodeQL
Code injection Critical
4 participants
No description provided.