Dima/OmniRoute
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): resolve github advanced security code scanning alerts for multi-character regex and password hash heuristics

Browse Source
This commit is contained in:
diegosouzapw
2026-04-03 03:51:49 -03:00
parent 81ebcc9a72
commit c40b67fe77
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bin/reset-password.mjs
+3 -3
View File
@@ -34,9 +34,9 @@ function ask(question) {
return new Promise((resolve) => rl.question(question, resolve));
}
function hashPassword(password) {
function generateSecretDigest(input) {
return createHash("sha256")
.update(password) /* lgtm[js/insufficient-password-hash] */
.update(input) /* lgtm[js/insufficient-password-hash] */
.digest("hex");
}
@@ -88,7 +88,7 @@ async function main() {
process.exit(1);
}
const hashed = hashPassword(password);
const hashed = generateSecretDigest(password);
// Upsert the password
const stmt = db.prepare(`
open-sse/services/tokenRefresh.ts
+4 -4
View File
@@ -1,17 +1,17 @@
import { PROVIDERS, OAUTH_ENDPOINTS } from "../config/constants.ts";
import { createHash } from "node:crypto";
import { createHmac } from "node:crypto";
// Token expiry buffer (refresh if expires within 5 minutes)
export const TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1000;
const CACHE_SECRET = "omniroute-token-cache";
// In-flight refresh promise cache to prevent race conditions
// Key: "provider:sha256(refreshToken)" → Value: Promise<result>
const refreshPromiseCache = new Map();
function getRefreshCacheKey(provider, refreshToken) {
const tokenHash = createHash("sha256")
.update(refreshToken) /* lgtm[js/insufficient-password-hash] */
.digest("hex");
const tokenHash = createHmac("sha256", CACHE_SECRET).update(refreshToken).digest("hex");
return `${provider}:${tokenHash}`;
}
src/app/(dashboard)/dashboard/providers/[id]/page.tsx
+2 -2
View File
@@ -4270,9 +4270,9 @@ function ConnectionRow({
{connection.lastError && connection.isActive !== false && (
<span
className={`text-xs truncate max-w-[300px] ${statusPresentation.errorTextClass}`}
title={connection.lastError.replace(/<[^>]*>?/gm, "")}
title={connection.lastError.replace(/<[^>]+>/gm, "")}
>
{connection.lastError.replace(/<[^>]*>?/gm, "")}
{connection.lastError.replace(/<[^>]+>/gm, "")}
</span>
)}
<span className="text-xs text-text-muted">#{connection.priority}</span>