Change "script" to "launcher" in variables #3976

ashton22305 · 2024-11-22T16:30:05Z

Changes variables with script in the name to instead say launcher if actually referring to launchers.
Updates user messages to reflect using launchers, not scripts.

apps/dashboard/app/models/project.rb

-    end.map do |script|
-      saved_successfully = script.save
-      errors.add(:save, script.errors.full_messages) unless saved_successfully
+    Dir.glob("#{dir}/*/form.yml").map do |launcher_yml|


To fix the problem, we need to ensure that the template attribute is properly validated and sanitized before being used to construct file paths. This can be achieved by implementing additional validation rules to restrict the format of the template attribute, ensuring it does not contain any directory traversal sequences or other potentially harmful characters.

Add a custom validation method to sanitize the template attribute.

Update the project_template_invalid method to include the new validation.

Ensure that the template attribute is sanitized before being used in the save_new_launchers method.

johrstrom · 2024-11-22T17:44:04Z

Given tests fail you may want to reduce the scope of the change to maybe 1 file at a time and pick this apart piecemeal.

ashton22305 · 2024-11-25T16:17:14Z

Tests pass but the naming of system tests should probably be updated and possibly something about this security vulnerability as well.

ashton22305 added 2 commits November 22, 2024 11:20

change other variable names to launcher

1a93298

change messages to say launcher instead of script

b2ebc9d

osc-bot added the component/dashboard label Nov 22, 2024

github-advanced-security bot found potential problems Nov 22, 2024

View reviewed changes

change selector strings in system tests to launcher

70b253b

ashton22305 marked this pull request as draft November 25, 2024 16:08

ashton22305 added 3 commits November 25, 2024 11:34

change system tests to say launcher not script

a551801

change #save_script_edit to #save_launcher_edit

da069ce

update save_script to save_launcher in this view

df30661

ashton22305 marked this pull request as ready for review November 25, 2024 19:33

johrstrom merged commit 049daeb into master Nov 26, 2024
24 of 25 checks passed

johrstrom deleted the script-to-launcher branch November 26, 2024 14:29

@@ -272,2 +272,3 @@
               def save_new_launchers
+                sanitize_template
                 dir = Launcher.launchers_dir(template)
@@ -310,2 +311,3 @@
+                sanitize_template
                 template_path = Pathname.new(template)
@@ -314,2 +316,7 @@
               end
+              def sanitize_template
+                # Remove any directory traversal sequences and ensure the template is a valid directory name
+                self.template = template.gsub(/(\.\.\/|\/|\\)/, '')
+              end
             end

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Change "script" to "launcher" in variables #3976

Change "script" to "launcher" in variables #3976

ashton22305 commented Nov 22, 2024

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

johrstrom commented Nov 22, 2024

ashton22305 commented Nov 25, 2024

Change "script" to "launcher" in variables #3976

Change "script" to "launcher" in variables #3976

Conversation

ashton22305 commented Nov 22, 2024

johrstrom commented Nov 22, 2024

ashton22305 commented Nov 25, 2024