Merge pull request #7075 from topcoder-platform/develop

Prod release - Security issues - Community App PHASE 2

Author: kkartunov

__tests__/shared/components/TopcoderHeader/desktop/SubMenu/Item.jsx

@@ -1,6 +1,6 @@
 import React from 'react';
 import Renderer from 'react-test-renderer/shallow';
-import Item from 'components/TopcoderHeader/desktop/SubMenu/Item';
+import Item from 'components/SubMenu/Item';
 
 test('Matches shallow shapshot', () => {
   const renderer = new Renderer();

__tests__/shared/components/TopcoderHeader/desktop/SubMenu/__snapshots__/Item.jsx.snap

@@ -2,7 +2,7 @@
 
 exports[`Matches shallow shapshot 1`] = `
 <li
-  className="src-shared-components-TopcoderHeader-desktop-SubMenu-Item-___style__item___2Q-ud src-shared-components-TopcoderHeader-desktop-SubMenu-Item-___style__current___38PHh"
+  className="src-shared-components-SubMenu-Item-___style__item___2U0li src-shared-components-SubMenu-Item-___style__current___3WfNb"
   role="button"
   tabIndex={0}
 >
@@ -21,7 +21,7 @@ exports[`Matches shallow shapshot 1`] = `
 
 exports[`Matches shallow shapshot 2`] = `
 <li
-  className="src-shared-components-TopcoderHeader-desktop-SubMenu-Item-___style__item___2Q-ud"
+  className="src-shared-components-SubMenu-Item-___style__item___2U0li"
   role="button"
   tabIndex={0}
 >

src/server/services/communities.js

@@ -132,7 +132,7 @@ export async function getMetadata(communityId) {
     communityId, 'metadata.json',
   );
   try {
-    metadata = JSON.parse(fs.readFileSync(uri, 'utf8'));
+    metadata = JSON.parse(await promisify(fs.readFile)(uri, 'utf8'));
   } catch (error) {
     const msg = `Failed to get metadata for ${communityId} community`;
     logger.error(msg, error);

src/shared/components/Contentful/Article/Article.jsx

@@ -34,6 +34,7 @@ import IconFacebook from 'assets/images/icon-facebook.svg';
 import IconTwitter from 'assets/images/icon-twitter.svg';
 import IconLinkedIn from 'assets/images/icon-linkedIn.svg';
 import DiscordIconWhite from 'assets/images/tc-edu/discord-icon-white.svg';
+import getSecureRandomIndex from 'utils/secureRandom';
 
 const htmlToText = require('html-to-text');
 
@@ -45,7 +46,7 @@ const LOCAL_STORAGE_KEY = 'VENBcnRpY2xlVm90ZXM=';
 const DEFAULT_BANNER_IMAGE = 'https://images.ctfassets.net/piwi0eufbb2g/7v2hlDsVep7FWufHw0lXpQ/2505e61a880e68fab4e80cd0e8ec1814/0C37CB5E-B253-4804-8935-78E64E67589E.png?w=1200&h=630';
 // random ads banner - left sidebar
 const RANDOM_BANNERS = ['6G8mjiTC1mzeSQ2YoUG1gB', '1DnDD02xX1liHfSTf5Vsn8', 'HQZ3mN0rR92CbNTkKTHJ5', '1OLoX8ZsvjAnn4TdGbZESD', '77jn01UGoQe2gqA7x0coQD'];
-const RANDOM_BANNER = RANDOM_BANNERS[_.random(0, 4)];
+const RANDOM_BANNER = RANDOM_BANNERS[getSecureRandomIndex(RANDOM_BANNERS.length)];
 
 class Article extends React.Component {
   componentDidMount() {

src/shared/components/Contentful/MemberTalkCloud/MemberTalkCloud.jsx

@@ -9,6 +9,7 @@ import PT from 'prop-types';
 import React from 'react';
 import { themr } from 'react-css-super-themr';
 import { fixStyle } from 'utils/contentful';
+import getSecureRandomIndex from 'utils/secureRandom';
 import defaultTheme from './themes/default.scss';
 
 const MAX_MARGIN_TOP = 0;
@@ -17,7 +18,7 @@ const MAX_MARGIN_LEFT = 30;
 
 const getRandomTranslate = () => ({
   y: MAX_MARGIN_TOP,
-  x: _.random(MIN_MARGIN_LEFT, MAX_MARGIN_LEFT, false),
+  x: getSecureRandomIndex(MIN_MARGIN_LEFT, MAX_MARGIN_LEFT),
 });
 
 export class MemberTalkCloud extends React.Component {
@@ -92,7 +93,7 @@ export class MemberTalkCloud extends React.Component {
           <img
             alt={activeBlob.handle}
             src={activeBlob.imageURL}
-            key={Math.random()}
+            key={getSecureRandomIndex(0, 1000)}
           />
           <span className={theme.activeHandle}>{activeBlob.handle}</span>
           <div className={blob}>