From e01ef9ad100f82f67d3448f34d1d8f050aad238b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 10 May 2023 12:15:12 +0200 Subject: [PATCH] ignore security warning where not applicable or unfixable for now --- backend/src/graphql/resolver/TransactionLinkResolver.test.ts | 1 + backend/src/graphql/resolver/util/creations.ts | 4 ++++ backend/src/server/logger.ts | 1 + backend/src/webhook/elopage.ts | 1 + 4 files changed, 7 insertions(+) diff --git a/backend/src/graphql/resolver/TransactionLinkResolver.test.ts b/backend/src/graphql/resolver/TransactionLinkResolver.test.ts index 9d39a80ae..3c6ba31ab 100644 --- a/backend/src/graphql/resolver/TransactionLinkResolver.test.ts +++ b/backend/src/graphql/resolver/TransactionLinkResolver.test.ts @@ -1040,6 +1040,7 @@ describe('TransactionLinkResolver', () => { }) it('returns a string that ends with the hex value of date', () => { + // eslint-disable-next-line security/detect-non-literal-regexp const regexp = new RegExp(date.getTime().toString(16) + '$') expect(transactionLinkCode(date)).toEqual(expect.stringMatching(regexp)) }) diff --git a/backend/src/graphql/resolver/util/creations.ts b/backend/src/graphql/resolver/util/creations.ts index 1c0c0735e..d6f0e9af4 100644 --- a/backend/src/graphql/resolver/util/creations.ts +++ b/backend/src/graphql/resolver/util/creations.ts @@ -29,10 +29,12 @@ export const validateContribution = ( throw new LogError('No information for available creations for the given date', creationDate) } + // eslint-disable-next-line security/detect-object-injection if (amount.greaterThan(creations[index].toString())) { throw new LogError( 'The amount to be created exceeds the amount still available for this month', amount, + // eslint-disable-next-line security/detect-object-injection creations[index], ) } @@ -151,6 +153,7 @@ export const updateCreations = ( if (index < 0) { throw new LogError('You cannot create GDD for a month older than the last three months') } + // eslint-disable-next-line security/detect-object-injection creations[index] = creations[index].plus(contribution.amount.toString()) return creations } @@ -169,6 +172,7 @@ export const getOpenCreations = async ( return { month: date.getMonth(), year: date.getFullYear(), + // eslint-disable-next-line security/detect-object-injection amount: creations[index], } }) diff --git a/backend/src/server/logger.ts b/backend/src/server/logger.ts index d1edbd8fb..0f146b7f7 100644 --- a/backend/src/server/logger.ts +++ b/backend/src/server/logger.ts @@ -7,6 +7,7 @@ import { configure, getLogger } from 'log4js' import { CONFIG } from '@/config' +// eslint-disable-next-line security/detect-non-literal-fs-filename const options = JSON.parse(readFileSync(CONFIG.LOG4JS_CONFIG, 'utf-8')) options.categories.backend.level = CONFIG.LOG_LEVEL diff --git a/backend/src/webhook/elopage.ts b/backend/src/webhook/elopage.ts index 7a779fadd..07e7d4ecf 100644 --- a/backend/src/webhook/elopage.ts +++ b/backend/src/webhook/elopage.ts @@ -115,6 +115,7 @@ export const elopageWebhook = async (req: any, res: any): Promise => { ) { const email = loginElopageBuy.payerEmail + // eslint-disable-next-line security/detect-unsafe-regex const VALIDATE_EMAIL = /^[a-zA-Z0-9.!#$%&?*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/ const VALIDATE_NAME = /^<>&;]{2,}$/