fix: remaining CodeQL fixes #1612

hallvictoria · 2024-11-19T18:25:19Z

Description

Addresses remaining CodeQL issues:

Usage of unapproved crypto library: converts from using pycryptodome to cryptography
Reflected server-side cross-site scripting: added base64 encoding and stores in an HTML tag
- Note: CodeQL suggests using the escape method, but that isn't supported for images. If this test is still failing, we will need to change the test
URL redirection from remote source: added validation on the URL, ports, and code param

Fixed HTTP console logging tests that were failing due to the recent host logging changes.

Fixes #

The title of the PR is clear and informative.
There are a small number of commits, each of which has an informative message. This means that previously merged commits do not appear in the history of the PR. For information on cleaning up the commits in your pull request, see this page.
If applicable, the PR references the bug/issue that it fixes in the description.
New Unit tests were added for the changes made and CI is passing.

Victoria Hall added 7 commits November 19, 2024 12:24

CodeQL fixes

9bea1e8

asgi function app fixes

1583fea

revert cryptography changes

d5cc3ba

comment out edited tests

36f9358

re-add changes

f80f71d

fix console logging tests

f647385

fix tests

73622f8

hallvictoria marked this pull request as ready for review December 2, 2024 21:02

hallvictoria requested review from vrdmr, gavin-aguiar, YunchuWang and pdthummar as code owners December 2, 2024 21:02

Merge branch 'dev' into hallvictoria/codeql

5b9769d

gavin-aguiar approved these changes Dec 3, 2024

View reviewed changes

hallvictoria merged commit 114be16 into dev Dec 3, 2024
27 checks passed

hallvictoria deleted the hallvictoria/codeql branch December 3, 2024 17:26