refactor: Migrate project management to Projen#162
Open
flamingquaks wants to merge 19 commits into
Open
Conversation
…tant files .projenrc.ts ignores lib dir, but lib dir is used differently in this project. So libdir was set to out/. This allowed lib/ to be included again. BREAKING CHANGE: Previous commit fails to build
GitHub Actions failed due to new build workflow requiring config.json file during build and not just during synth
github-actions
Bot
added
dependencies
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| throw new Error('USER_POOL_CLIENT_ID is not set'); | ||
| } | ||
| const regex = new RegExp(VALIDATION_REGEX) | ||
| const regex = new RegExp(VALIDATION_REGEX); |
Check failure
Code scanning / CodeQL
Regular expression injection
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI over 1 year ago
To fix the problem, we need to sanitize the VALIDATION_REGEX environment variable before using it to construct a regular expression. The best way to do this is by using a well-known library like lodash to escape any special characters in the regex pattern. This ensures that any meta-characters in the input are treated as literals, preventing injection attacks.
- Import the
lodashlibrary. - Use the
_.escapeRegExpfunction to sanitizeVALIDATION_REGEXbefore constructing the regular expression.
Suggested changeset
2
lib/authorization/index.action-authorization.ts
| @@ -25,2 +25,3 @@ | ||
| import { queryToActionAuth } from './authorization-helper'; | ||
| import _ from 'lodash'; | ||
|
|
||
| @@ -46,3 +47,4 @@ | ||
| } | ||
| const regex = new RegExp(VALIDATION_REGEX); | ||
| const safeValidationRegex = _.escapeRegExp(VALIDATION_REGEX); | ||
| const regex = new RegExp(safeValidationRegex); | ||
|
|
package.json
Outside changed files
| @@ -114,3 +114,4 @@ | ||
| "typescript": "^5.6.3", | ||
| "uuid": "^10.0.0" | ||
| "uuid": "^10.0.0", | ||
| "lodash": "^4.17.21" | ||
| }, |
This fix introduces these dependencies
| Package | Version | Security advisories |
| lodash (npm) | 4.17.21 | None |
Copilot is powered by AI and may make mistakes. Always verify output.
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Created new npm script "ci:deploy" which runs a cdk deployment with the already synthesized cdk.out without requiring approval. Not recommended for use outside of pre-defined CI use cases.
github-actions
Bot
added
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR refactors the project to be managed using Projen for better long-term maintenance and stability of the project.
Overall, there's no functionality changed.
Many files have linting and import order optimizations.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.