ignore security warning where not applicable or unfixable for now

2025-12-13 07:45:54 +00:00 · 2023-05-10 12:15:12 +02:00 · 2023-05-10 12:15:12 +02:00 · e01ef9ad10
commit e01ef9ad10
parent a319bc2f03
4 changed files with 7 additions and 0 deletions
--- a/backend/src/graphql/resolver/TransactionLinkResolver.test.ts
+++ b/backend/src/graphql/resolver/TransactionLinkResolver.test.ts
@ -1040,6 +1040,7 @@ describe('TransactionLinkResolver', () => {
    })

    it('returns a string that ends with the hex value of date', () => {
+      // eslint-disable-next-line security/detect-non-literal-regexp
      const regexp = new RegExp(date.getTime().toString(16) + '$')
      expect(transactionLinkCode(date)).toEqual(expect.stringMatching(regexp))
    })
--- a/backend/src/graphql/resolver/util/creations.ts
+++ b/backend/src/graphql/resolver/util/creations.ts
@ -29,10 +29,12 @@ export const validateContribution = (
    throw new LogError('No information for available creations for the given date', creationDate)
  }

+  // eslint-disable-next-line security/detect-object-injection
  if (amount.greaterThan(creations[index].toString())) {
    throw new LogError(
      'The amount to be created exceeds the amount still available for this month',
      amount,
+      // eslint-disable-next-line security/detect-object-injection
      creations[index],
    )
  }
@ -151,6 +153,7 @@ export const updateCreations = (
  if (index < 0) {
    throw new LogError('You cannot create GDD for a month older than the last three months')
  }
+  // eslint-disable-next-line security/detect-object-injection
  creations[index] = creations[index].plus(contribution.amount.toString())
  return creations
 }
@ -169,6 +172,7 @@ export const getOpenCreations = async (
    return {
      month: date.getMonth(),
      year: date.getFullYear(),
+      // eslint-disable-next-line security/detect-object-injection
      amount: creations[index],
    }
  })
--- a/backend/src/server/logger.ts
+++ b/backend/src/server/logger.ts
@ -7,6 +7,7 @@ import { configure, getLogger } from 'log4js'

 import { CONFIG } from '@/config'

+// eslint-disable-next-line security/detect-non-literal-fs-filename
 const options = JSON.parse(readFileSync(CONFIG.LOG4JS_CONFIG, 'utf-8'))

 options.categories.backend.level = CONFIG.LOG_LEVEL
--- a/backend/src/webhook/elopage.ts
+++ b/backend/src/webhook/elopage.ts
@ -115,6 +115,7 @@ export const elopageWebhook = async (req: any, res: any): Promise<void> => {
  ) {
    const email = loginElopageBuy.payerEmail

+    // eslint-disable-next-line security/detect-unsafe-regex
    const VALIDATE_EMAIL = /^[a-zA-Z0-9.!#$%&?*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/
    const VALIDATE_NAME = /^<>&;]{2,}$/