Skip to content

feat: new kms api example module branch #6119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 13 commits into from
Closed

feat: new kms api example module branch #6119

wants to merge 13 commits into from

Conversation

mtexeira-simtlix
Copy link
Contributor

Ticket: WP-4379

github-advanced-security[bot]
github-advanced-security bot found potential problems May 21, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems May 22, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2025
View reviewed changes
modules/express-kms-api-example/src/api/handlers/POST.ts

// parse request
try {
console.log('POST /key', req.body);

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.

Copilot Autofix

AI about 1 month ago

To fix the issue, we need to sanitize the user-provided input (req.body) before logging it. Specifically:

  1. Remove any newline (\n) or carriage return (\r) characters from the input to prevent log injection.
  2. Clearly mark the user input in the log entry to distinguish it from other log data.

This can be achieved by using JSON.stringify to serialize the req.body object and then replacing newline and carriage return characters with an empty string. This ensures that the logged data is safe and does not introduce unintended log entries.

Suggested changeset 1
modules/express-kms-api-example/src/api/handlers/POST.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/modules/express-kms-api-example/src/api/handlers/POST.ts b/modules/express-kms-api-example/src/api/handlers/POST.ts
--- a/modules/express-kms-api-example/src/api/handlers/POST.ts
+++ b/modules/express-kms-api-example/src/api/handlers/POST.ts
@@ -88,3 +88,4 @@
   try {
-    console.log('POST /key', req.body);
+    const sanitizedBody = JSON.stringify(req.body).replace(/[\n\r]/g, '');
+    console.log('POST /key', sanitizedBody);
     ZodPostKeySchema.parse(req.body);
EOF
@@ -88,3 +88,4 @@
try {
console.log('POST /key', req.body);
const sanitizedBody = JSON.stringify(req.body).replace(/[\n\r]/g, '');
console.log('POST /key', sanitizedBody);
ZodPostKeySchema.parse(req.body);
Copilot is powered by AI and may make mistakes. Always verify output.
modules/express-kms-api-example/src/api/handlers/POST.ts
return;
}

const { prv, pub, coin, source, type, userKeyProvider, backupKeyProvider } = req.body;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note

Unused variable backupKeyProvider.

Copilot Autofix

AI about 1 month ago

To fix the issue, we should remove the unused variable backupKeyProvider from the destructuring assignment on line 97. This will eliminate the unnecessary variable and improve code clarity and maintainability. No other changes are required, as the removal of this variable does not affect the functionality of the code.

Suggested changeset 1
modules/express-kms-api-example/src/api/handlers/POST.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/modules/express-kms-api-example/src/api/handlers/POST.ts b/modules/express-kms-api-example/src/api/handlers/POST.ts
--- a/modules/express-kms-api-example/src/api/handlers/POST.ts
+++ b/modules/express-kms-api-example/src/api/handlers/POST.ts
@@ -96,3 +96,3 @@
 
-  const { prv, pub, coin, source, type, userKeyProvider, backupKeyProvider } = req.body;
+  const { prv, pub, coin, source, type, userKeyProvider } = req.body;
 
EOF
@@ -96,3 +96,3 @@

const { prv, pub, coin, source, type, userKeyProvider, backupKeyProvider } = req.body;
const { prv, pub, coin, source, type, userKeyProvider } = req.body;

Copilot is powered by AI and may make mistakes. Always verify output.
@mtexeira-simtlix
Copy link
Contributor Author

Closing this branch as all the changes were moved to another repo. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mtexeira-simtlix @alextse-bg