Skip to content

feat: new kms api example module branch#6119

Closed
mtexeira-simtlix wants to merge 13 commits intomasterfrom
WP-4379
Closed

feat: new kms api example module branch#6119
mtexeira-simtlix wants to merge 13 commits intomasterfrom
WP-4379

Conversation

@mtexeira-simtlix
Copy link
Contributor

@mtexeira-simtlix mtexeira-simtlix commented May 13, 2025

Ticket: WP-4379

github-advanced-security[bot]
github-advanced-security bot found potential problems May 21, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems May 22, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2025
View reviewed changes
modules/express-kms-api-example/src/api/handlers/POST.ts

// parse request
try {
console.log('POST /key', req.body);

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.

Copilot Autofix

AI 10 months ago

To fix the issue, we need to sanitize the user-provided input (req.body) before logging it. Specifically:

  1. Remove any newline (\n) or carriage return (\r) characters from the input to prevent log injection.
  2. Clearly mark the user input in the log entry to distinguish it from other log data.

This can be achieved by using JSON.stringify to serialize the req.body object and then replacing newline and carriage return characters with an empty string. This ensures that the logged data is safe and does not introduce unintended log entries.

Suggested changeset 1
modules/express-kms-api-example/src/api/handlers/POST.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/modules/express-kms-api-example/src/api/handlers/POST.ts b/modules/express-kms-api-example/src/api/handlers/POST.ts
--- a/modules/express-kms-api-example/src/api/handlers/POST.ts
+++ b/modules/express-kms-api-example/src/api/handlers/POST.ts
@@ -88,3 +88,4 @@
   try {
-    console.log('POST /key', req.body);
+    const sanitizedBody = JSON.stringify(req.body).replace(/[\n\r]/g, '');
+    console.log('POST /key', sanitizedBody);
     ZodPostKeySchema.parse(req.body);
EOF
@@ -88,3 +88,4 @@
try {
console.log('POST /key', req.body);
const sanitizedBody = JSON.stringify(req.body).replace(/[\n\r]/g, '');
console.log('POST /key', sanitizedBody);
ZodPostKeySchema.parse(req.body);
Copilot is powered by AI and may make mistakes. Always verify output.
modules/express-kms-api-example/src/api/handlers/POST.ts
return;
}

const { prv, pub, coin, source, type, userKeyProvider, backupKeyProvider } = req.body;

Check notice

Code scanning / CodeQL

Unused variable, import, function or class Note

Unused variable backupKeyProvider.

Copilot Autofix

AI 10 months ago

To fix the issue, we should remove the unused variable backupKeyProvider from the destructuring assignment on line 97. This will eliminate the unnecessary variable and improve code clarity and maintainability. No other changes are required, as the removal of this variable does not affect the functionality of the code.

Suggested changeset 1
modules/express-kms-api-example/src/api/handlers/POST.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/modules/express-kms-api-example/src/api/handlers/POST.ts b/modules/express-kms-api-example/src/api/handlers/POST.ts
--- a/modules/express-kms-api-example/src/api/handlers/POST.ts
+++ b/modules/express-kms-api-example/src/api/handlers/POST.ts
@@ -96,3 +96,3 @@
 
-  const { prv, pub, coin, source, type, userKeyProvider, backupKeyProvider } = req.body;
+  const { prv, pub, coin, source, type, userKeyProvider } = req.body;
 
EOF
@@ -96,3 +96,3 @@

const { prv, pub, coin, source, type, userKeyProvider, backupKeyProvider } = req.body;
const { prv, pub, coin, source, type, userKeyProvider } = req.body;

Copilot is powered by AI and may make mistakes. Always verify output.
@mtexeira-simtlix
Copy link
Contributor Author

mtexeira-simtlix commented Jun 3, 2025

Closing this branch as all the changes were moved to another repo. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mtexeira-simtlix @alextse-bg