feat: handle improper type validation sync vulnerability #2937
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Important Auto Review SkippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the To trigger a single review, invoke the Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChat with CodeRabbit Bot (
|
koladilip
previously approved these changes
Dec 18, 2023
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## develop #2937 +/- ##
========================================
Coverage 87.18% 87.18%
========================================
Files 860 860
Lines 29311 29312 +1
Branches 6839 6840 +1
========================================
+ Hits 25555 25556 +1
Misses 3410 3410
Partials 346 346 ☔ View full report in Codecov by Sentry. |
sanpj2292
reviewed
Dec 19, 2023
koladilip
approved these changes
Jan 3, 2024
|
sanpj2292
approved these changes
Jan 3, 2024
anantjain45823
added a commit
that referenced
this pull request
Jan 9, 2024
* chore(deps): bump actions/stale from 8.0.0 to 9.0.0 (#2892) Bumps [actions/stale](https://github.com/actions/stale) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v8.0.0...v9.0.0) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Krishna Chaitanya <[email protected]> * chore(deps): bump docker/build-push-action from 4.1.1 to 5.1.0 (#2839) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.1.1 to 5.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v4.1.1...v5.1.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Krishna Chaitanya <[email protected]> * chore(deps): bump docker/setup-buildx-action from 2.9.1 to 3.0.0 (#2777) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.9.1 to 3.0.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2.9.1...v3.0.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Krishna Chaitanya <[email protected]> * chore(deps): bump actions/setup-node from 3.7.0 to 4.0.0 (#2775) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v3.7.0...v4.0.0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Krishna Chaitanya <[email protected]> * chore(deps): bump actions/checkout from 3.5.3 to 4.1.1 (#2776) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.5.3...v4.1.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Snyk] Upgrade @aws-sdk/client-s3 from 3.370.0 to 3.438.0 (#2838) fix: upgrade @aws-sdk/client-s3 from 3.370.0 to 3.438.0 Snyk has created this PR to upgrade @aws-sdk/client-s3 from 3.370.0 to 3.438.0. See this package in npm: https://www.npmjs.com/package/@aws-sdk/client-s3 See this project in Snyk: https://app.snyk.io/org/datamanagement/project/39f686fe-9e69-4343-a9ce-129e22bff288?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Sai Kumar Battinoju <[email protected]> * chore: upgrade delete old branches action * Update create-hotfix-branch.yml * chore: move destinations to component test suite (#2894) * chore: move clevertap, braze and am * chore: move intercom test cases * chore: add component test cases for marketo and sendgrid * chore: resolve conflicts * chore: add component test cases for destinations without mock (#2910) chore: add component test cases for ga4, stormly, facebook_conversion * chore: add component test cases for some destinations part1 (#2915) * chore: add component test cases for some destinations * chore: add method to network.ts * chore: added component test cases for desitnations part3 (#2927) * chore: added component test cases for desitnations * chore: added component test cases for wootric * chore: add component test cases for some destinations part2 (#2917) * chore: add component test cases for some destinations * chore: added component test cases for desitnations * chore: decrease coverageThreshold in jest.config.js * chore: decrease coverageThreshold in jest.default.config.js * fix: tiktok add missing field brand (#2942) * feat: amplitude add support for unset (#2941) * feat: amplitude add support for unset * Update src/v0/destinations/am/transform.js Co-authored-by: Yashasvi Bajpai <[email protected]> * Update src/v0/destinations/am/transform.js Co-authored-by: Yashasvi Bajpai <[email protected]> * chore:comment addresed * Update transform.js * chore:comment addresed * chore: added docs * Update utils.js --------- Co-authored-by: Yashasvi Bajpai <[email protected]> * chore: upgrade node to 18.19 (#2940) * chore: upgrade node to 18.19 * fix: image name --------- Co-authored-by: Yashasvi Bajpai <[email protected]> * feat: pass ip details for factorsAI (#2925) * feat: handle improper type validation sync vulnerability (#2937) * feat: handle improper type validation sync vulnerability * feat: addressed review comments * feat: move intercom to routerTransform (#2964) * chore: add endpoint labels (#2944) * chore: add endpoint labelsx1 * chore: add endpoint labelsx2 * Update src/v0/destinations/active_campaign/transform.js Co-authored-by: Sudip Paul <[email protected]> * Update src/v0/destinations/active_campaign/transform.js Co-authored-by: Sankeerth <[email protected]> * chore: fix monday path --------- Co-authored-by: Sudip Paul <[email protected]> Co-authored-by: Sankeerth <[email protected]> * chore: add endpoint labels (#2951) chore: add endpoint labelsx3 Co-authored-by: Sudip Paul <[email protected]> * fix: error handling when payload contains toString as key (#2954) * fix: for gainsight px only new users to have default signUp date (#2953) * fix: only new users to have default signUp date * fix: only new users to have default createDate * fix: small edit in comment * fix: small edit in comment * fix: small edit in comment * fix: review comments addressed * feat(sprig): added user deletion support (#2886) * feat(sprig): added user deletion support * chore: destination doc link added for reference * chore: code review changes * chore: code review changes * fix: enhancement and version upgrade of google ads remarketing list (#2945) * fix: enhancement and version upgrade of garl * fix: migrating util to google utils and adding test cases * fix: small edit * Update src/v0/destinations/google_adwords_remarketing_lists/networkHandler.js Co-authored-by: Sudip Paul <[email protected]> * fix: edit test case description --------- Co-authored-by: Sudip Paul <[email protected]> * fix: version upgrade of gaec from 14 to 15 (#2966) * feat: onboard new destination the trade desk (#2918) * feat: onboard new destination the trade desk * feat: onboard trade desk on transformer porxy * feat: add secret from metadata * refactor: remove secretKey from headers in utils * feat: using audienceId from config inplace of segmentName * test: added testcases * test: added testcases * refactor: prepareProxyRequest utility and added delivery test cases * test: add console log * refactor: address review comments * refactor: use existing utility to split batch on size * chore: added mocks * refactor: throw platform error * chore(deps): bump actions/setup-node from 4.0.0 to 4.0.1 (#2950) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump SonarSource/sonarcloud-github-action from 2.0.0 to 2.1.1 (#2931) chore(deps): bump SonarSource/sonarcloud-github-action Bumps [SonarSource/sonarcloud-github-action](https://github.com/sonarsource/sonarcloud-github-action) from 2.0.0 to 2.1.1. - [Release notes](https://github.com/sonarsource/sonarcloud-github-action/releases) - [Commits](SonarSource/sonarcloud-github-action@v2.0.0...v2.1.1) --- updated-dependencies: - dependency-name: SonarSource/sonarcloud-github-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: upgrade @aws-sdk/client-personalize from 3.414.0 to 3.470.0 (#2962) fix: upgrade @aws-sdk/client-personalize from 3.414.0 to 3.470.0 Snyk has created this PR to upgrade @aws-sdk/client-personalize from 3.414.0 to 3.470.0. See this package in npm: https://www.npmjs.com/package/@aws-sdk/client-personalize See this project in Snyk: https://app.snyk.io/org/sandeep-L8FvsjCG7mBBqonjSmN48c/project/4b0f037e-0dab-4719-aeee-b46d2ae82119?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <[email protected]> * chore: upgrade @aws-sdk/lib-storage from 3.417.0 to 3.456.0 (#2911) fix: upgrade @aws-sdk/lib-storage from 3.417.0 to 3.456.0 Snyk has created this PR to upgrade @aws-sdk/lib-storage from 3.417.0 to 3.456.0. See this package in npm: https://www.npmjs.com/package/@aws-sdk/lib-storage See this project in Snyk: https://app.snyk.io/org/sandeep-L8FvsjCG7mBBqonjSmN48c/project/4b0f037e-0dab-4719-aeee-b46d2ae82119?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <[email protected]> * chore(release): 1.53.0 * revert: fix: tiktok add missing field brand (#2977) * Revert "fix: tiktok add missing field brand (#2942)" This reverts commit ca76297. * chore: update changelog --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: AASHISH MALIK <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Krishna Chaitanya <[email protected]> Co-authored-by: nidhilashkari17 <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Sai Kumar Battinoju <[email protected]> Co-authored-by: chandumlg <[email protected]> Co-authored-by: Dilip Kola <[email protected]> Co-authored-by: Sudip Paul <[email protected]> Co-authored-by: Anant Jain <[email protected]> Co-authored-by: Yashasvi Bajpai <[email protected]> Co-authored-by: Sandeep Digumarty <[email protected]> Co-authored-by: Mihir Bhalala <[email protected]> Co-authored-by: Sankeerth <[email protected]> Co-authored-by: Akash Chetty <[email protected]> Co-authored-by: shrouti1507 <[email protected]> Co-authored-by: Gauravudia <[email protected]> Co-authored-by: GitHub Actions <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What are the changes introduced in this PR?
Resolves INT-1131
This PR resolves the
improper type validationsync vulnerabilities found among all the sync vulnerabilities found.Please explain the objectives of your changes below
Objective of the changes is to resolve the improper type validation sync vulnerabilities found
Type of change
refactor
Developer checklist
No breaking changes are being introduced.
Are all related docs linked with the PR?
Are all changes manually tested?
Does this change require any documentation changes?
Are relevant unit and component test-cases added?
Reviewer checklist
Is the type of change in the PR title appropriate as per the changes?
Verified that there are no credentials or confidential data exposed with the changes.