Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Txmv2 with dual transmission #15459

Closed
wants to merge 201 commits into from

Merge branch 'update-secondary-transmission-method-signature' into tx…

895ff1d
Select commit
Loading
Failed to load commit list.
Closed

Txmv2 with dual transmission #15459

Merge branch 'update-secondary-transmission-method-signature' into tx…
895ff1d
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Nov 29, 2024 in 3s

24 new alerts including 4 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 4 critical
  • 15 high
  • 5 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 2 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check warning on line 25 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing origin verification in `postMessage` handler Medium

Postmessage handler has no origin check.

Check failure on line 25 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 25 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Remote property injection High

A property name to write to depends on a
user-provided value
Loading
.
A property name to write to depends on a
user-provided value
Loading
.

Check failure on line 43 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 97 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing regular expression anchor High

Misleading operator precedence. The subexpression '^maart' is anchored at the beginning, but the other parts of this regular expression are not
Misleading operator precedence. The subexpression 'mrt.?$' is anchored at the end, but the other parts of this regular expression are not

Check failure on line 98 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing regular expression anchor High

Misleading operator precedence. The subexpression '^maart' is anchored at the beginning, but the other parts of this regular expression are not
Misleading operator precedence. The subexpression 'mrt.?$' is anchored at the end, but the other parts of this regular expression are not

Check failure on line 115 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This replaces only the first occurrence of "".

Check failure on line 120 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 157 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 164 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This replaces only the first occurrence of "$".

Check failure on line 164 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing regular expression anchor High

Misleading operator precedence. The subexpression '^<<<(?:"\[^"&#92;]+"|\[a-z_\]\\w*)' is anchored at the beginning, but the other parts of this regular expression are not
Misleading operator precedence. The subexpression '\[a-z_\]\\w*;$' is anchored at the end, but the other parts of this regular expression are not

Check failure on line 164 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing regular expression anchor High

Misleading operator precedence. The subexpression '^<<\[-~\]?\[a-z_\]\\w*' is anchored at the beginning, but the other parts of this regular expression are not
Misleading operator precedence. The subexpression '\[a-z_\]\\w*$' is anchored at the end, but the other parts of this regular expression are not

Check failure on line 164 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing regular expression anchor High

Misleading operator precedence. The subexpression '\[a-z_\]\\w*$' is anchored at the end, but the other parts of this regular expression are not
Misleading operator precedence. The subexpression '^<<\[-~\]?'\[a-z_\]\\w*'' is anchored at the beginning, but the other parts of this regular expression are not

Check warning on line 164 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check warning on line 164 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check warning on line 164 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing origin verification in `postMessage` handler Medium

Postmessage handler has no origin check.

Check failure on line 174 in core/web/assets/main.ec7b7e88c8c965c1e482.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 110 in core/internal/cltest/cltest.go

See this annotation in the file changed.

Code scanning / CodeQL

Hard-coded credentials Critical

Hard-coded
password
Loading
.

Check failure on line 321 in core/internal/cltest/mocks.go

See this annotation in the file changed.

Code scanning / CodeQL

Hard-coded credentials Critical

Hard-coded
password
Loading
.

Check failure on line 377 in core/internal/cltest/mocks.go

See this annotation in the file changed.

Code scanning / CodeQL

Hard-coded credentials Critical

Hard-coded
password
Loading
.

Check failure on line 232 in core/services/ocr2/plugins/ccip/testhelpers/integration/jobspec.go

See this annotation in the file changed.

Code scanning / CodeQL

Potentially unsafe quoting Critical test

If this
JSON value
Loading
contains a double quote, it could break out of the enclosing quotes.

Check warning on line 500 in core/services/ocr2/plugins/functions/integration_tests/v1/internal/testutils.go

See this annotation in the file changed.

Code scanning / CodeQL

Reflected cross-site scripting Medium test

Cross-site scripting vulnerability due to
user-provided value
Loading
.

Check failure on line 239 in core/sessions/localauth/orm.go

See this annotation in the file changed.

Code scanning / CodeQL

Use of insufficient randomness as the key of a cryptographic algorithm High

This cryptographic algorithm depends on a
random number
Loading
generated with a cryptographically weak RNG.