Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 1.5.10 #293

Merged
merged 158 commits into from
Jan 2, 2025
Merged

Release 1.5.10 #293

merged 158 commits into from
Jan 2, 2025

Conversation

skadefro
Copy link
Contributor

@skadefro skadefro commented Jan 2, 2025

No description provided.

skadefro added 30 commits January 28, 2024 09:28
@skadefro
remove required
3f853e5
@skadefro
up
0f59ca6
@skadefro
fix "agent cleanup" logic. Cleanup settings
b76687d
@skadefro
show invoke errors when process did not start
5807055
@skadefro
work around to avoid double start message
0a0b68c
@skadefro
fix double start message
627c9d6
@skadefro
rewrite as ES module
62c1649
@skadefro
filter packages based on runas
3cd489b
@skadefro
move agent count check to "on start" in the driver
e2ed69a
@skadefro
bump
0f0d95e
@skadefro
allow admins access to formresources
c25f1f0
@skadefro
remove domain/mongodb from db config
95ef8fd
@skadefro
fix "cyclic dependency detected" error for createCollection
4ec79e6
@skadefro
add verbose logging doing docker npm install
f380320
@skadefro
up
30ddc3e
@skadefro
update nodeapi to allow collectionname for download file
61e1264
@skadefro
allow downloading by filename
7b5bbd6
@skadefro
fix download without collectionname
8f9fdda
@skadefro
Preserve objectid on update / clear collectin cache on insert into new
f68f81e
@skadefro
cleanup
646eb91
@skadefro
cleanup
f458f30
@skadefro
add form data post function
9675e0c
@skadefro
add experimental introspection support
17d609a
@skadefro
remove obsolete version information
61c13fa
@skadefro
stop creating obsolete roles doing startup
3eae845
@skadefro
add shutdown as custom command
adb1008
@skadefro
try to recover change streams on error
8e97735
@skadefro
fix if statement
4a940e1
@skadefro
fix saving updates inside textarea, add visual for all updates
eab65da
@skadefro
housekeeping_cleanup_openrpa_instances
cff1e6b
@skadefro
fix building for multiple architectures
ee6d89b
@skadefro
up
3e0f73c
@skadefro
Log info message on failed login
dfc2d18
@skadefro
limit openid response_types
cac1f1c
@skadefro
Fix auth issue in swaggerui / update openapi with distinct and count
3c345cb
@skadefro
bump to 1.5.10.51
8cdd4d2
@skadefro
remove unneeded checks
894ce15
@skadefro
add CRUD interface for entities
ab0dc1f
@skadefro
add oidc_max_roles
4fc0af9
@skadefro
clear cache before refreshing token
cc3c05a
@skadefro
add local version of TokenUser and TokenUser
cd11fad
@skadefro
add local version of GetUniqueIdentifier
aa31ce9
@skadefro
make WellknownIdsArray and WellknownNamesArray, extend them and reuse…
4a69c83 
… them for checks
@skadefro
add defaults for license
47a3c3c
@skadefro
add EnsureUniqueRole and simplify EnsureRole arguments
3fe51f2
@skadefro
update for simplifyes EnsureRole and ignore clients sending watchevent
7b8aa7f
@skadefro
update openflow-api to fix issue with assign adding nodered element o…
0dace3d 
…n users and roles
@skadefro
organize imports
8bc6396
@skadefro
ensure unit tests completes
bd9d889
@skadefro
fix issue when _id is missing from file
682acad
@skadefro
force reloading user on new token
82b2c86
@skadefro
bump for unit and load testing
a120a15
@skadefro
fix path's on watches from jsapi
5c5bdfc
@skadefro
remove redundant user check, add check for existing in InsertOne.
2ccf4dd 
Add check for original in UpdateOne
Remove legacy userid in hasAuthorization
@skadefro
fix remote path, when attaching to process in kubernetes
6fcda27
@skadefro
stop buiding arm for edge, add arm build for latest
d35a708
@skadefro
add first version of workspaces
36552f1
@gitguardian GitGuardian
Copy link

gitguardian bot commented Jan 2, 2025

⚠️ GitGuardian has uncovered 4 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
493645 Triggered Generic High Entropy Secret c02212e test/docker-compose.yml View secret
431268 Triggered Generic Private Key 47a8be7 openflow.env View secret
5877162 Triggered Generic High Entropy Secret 602e0ec OpenFlow/src/OAuthProvider.ts View secret
493644 Triggered Generic Private Key c02212e test/docker-compose.yml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 2, 2025
View reviewed changes
src/Auth.ts
}
throw new Error("Empty token is not valid");
}
if (jwt.indexOf(" ") > 1 && (jwt.toLowerCase().startsWith("bearer") || jwt.toLowerCase().startsWith("jwt"))) {

Check failure

Code scanning / CodeQL

Type confusion through parameter tampering Critical

Potential type confusion as
this HTTP request parameter
Loading
may be either an array or a string.
src/Auth.ts
if (jwt.indexOf(" ") > 1 && (jwt.toLowerCase().startsWith("bearer") || jwt.toLowerCase().startsWith("jwt"))) {
const token = jwt.split(" ")[1].toString();
jwt = token;
} else if(jwt.indexOf(" ") > 1 && jwt.toLowerCase().startsWith("basic")) {

Check failure

Code scanning / CodeQL

Type confusion through parameter tampering Critical

Potential type confusion as
this HTTP request parameter
Loading
may be either an array or a string.
src/Auth.ts
// Valid SAML token ?
if (tuser == null && user == null) {
try {
if (jwt.indexOf("saml") > 0) { // <saml2:Assertion

Check failure

Code scanning / CodeQL

Type confusion through parameter tampering Critical

Potential type confusion as
this HTTP request parameter
Loading
may be either an array or a string.
src/LoginProvider.ts
app.post("/AddTokenRequest", LoginProvider.post_AddTokenRequest.bind(this));
app.get("/GetTokenRequest", LoginProvider.get_GetTokenRequest.bind(this));
app.get("/login", LoginProvider.get_login.bind(this));
app.get("/login/*", LoginProvider.get_login2.bind(this));

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
src/LoginProvider.ts
app.post("/AddTokenRequest", LoginProvider.post_AddTokenRequest.bind(this));
app.get("/GetTokenRequest", LoginProvider.get_GetTokenRequest.bind(this));
app.get("/login", LoginProvider.get_login.bind(this));
app.get("/login/*", LoginProvider.get_login2.bind(this));
app.get("/Login", LoginProvider.get_login.bind(this));

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
src/LoginProvider.ts
app.get("/login/*", LoginProvider.get_login2.bind(this));
app.get("/Login", LoginProvider.get_login.bind(this));
app.get("/Login/*", LoginProvider.get_login2.bind(this));
app.get("/auth/signinwin/main", LoginProvider.get_login3.bind(this));

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
This route handler performs
a file system access
Loading
, but is not rate-limited.
src/LoginProvider.ts
Logger.instanse.debug("return PassiveLogin.html", span, {cls: "LoginProvider", func: "getlogin"});
const localfile = path.join(__dirname, 'public', requestedfile);
const webappfile = path.join(WebServer.webapp_file_path, requestedfile);
if(fs.existsSync(webappfile)) {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
src/LoginProvider.ts
const webappfile = path.join(WebServer.webapp_file_path, requestedfile);
if(fs.existsSync(webappfile)) {
// console.log("serve webapp " + webappfile);
res.sendFile(webappfile);

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
src/LoginProvider.ts
if(fs.existsSync(webappfile)) {
// console.log("serve webapp " + webappfile);
res.sendFile(webappfile);
} else if(fs.existsSync(localfile)) {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
src/LoginProvider.ts
res.sendFile(webappfile);
} else if(fs.existsSync(localfile)) {
// console.log("serve file " + localfile);
res.sendFile(localfile);

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
@skadefro skadefro merged commit 79ac098 into open-rpa:master Jan 2, 2025
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@skadefro