Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CodeQL #1885

Open
wants to merge 248 commits into
base: main
Choose a base branch
from
Open

Add CodeQL #1885

wants to merge 248 commits into from

Conversation

jennantilla
Copy link
Contributor

@jennantilla jennantilla commented Oct 27, 2023

Description

One Line Summary

Add the CodeQL GitHub security scanning action to this repository.

Details

Add the CodeQL GitHub security scanning action to the this repository. This action will run on PRs into user-model/main and main branches.

Motivation

Security scanning

Scope

Static analysis

Checklist

Overview

  • I have filled out all REQUIRED sections above
  • PR does one thing
    • If it is hard to explain how any codes changes are related to each other then it most likely needs to be more than one PR
  • Any Public API changes are explained in the PR details and conform to existing APIs

Testing

  • I have included test coverage for these changes, or explained why they are not needed
  • All automated tests pass, or I explained why that is not possible
  • I have personally tested this on my device, or explained why that is not possible

Final pass

  • Code is as readable as possible.
    • Simplify with less code, followed by splitting up code into well named functions and variables, followed by adding comments to the code.
  • I have reviewed this PR myself, ensuring it meets each checklist item
    • WIP (Work In Progress) is ok, but explain what is still in progress and what you would like feedback on. Start the PR title with "WIP" to indicate this.

This change is Reviewable

brismithers and others added 30 commits October 17, 2022 14:52
* Update `ISingletonModelStore.get()` function to be `ISingletonModelStore.model` property
* Rework the model store change event system to always fire, using tags to differentiate why changes occurred.
* Add `SubscriptionModel.status` to capture the subscription status, for when retrieving push token fails for some reason.
* Drive event callback when app killed during request notification permission activity.
…-model-event-rework

[User Model] notification_types and model event rework
* Implement visual logging
* Remove IInfluenceManager.addSessionData which is no longer required, as session influence is captured via outcome.
* Ensure IAM repository is cleaned on startup.
* Create dummy IAMManager when <4.4
* Move outcome calls over to new ISessionManager (OneSignal.session)
* Add OneSignal.disableGMSMissingPrompt
… moved to config model.

* Document IPreferencesService
* Document ITime
…-todos

[User Model] Visual logging and other TODOs
* Move IAM/Notification/Location to their own gradle modules. AndroidManifest/proguard has now been split across the 4 modules.
* Load modules dynamically using reflection within OneSignalImpl, falling back to "Misconfigured" versions if the modules weren't specified in the application.
* Make internal classes required by a OS module no longer defined as `internal` (but keep in internal namespace).
[User Model] Modularize IAM/Notification/Location
* local ID -> remote ID now get changed directly against the model. There is no longer an in-memory translation, which did not work in the event of an app restart.  Each operation now has a `translateId` method to drive updating their IDs.
* Rename `CreateUserOperation` to be `LoginUserOperation` and now has the ability to "identity" an existing user as the user being logged in, rather than always upserting a new user.
* Update `OperationRepo` and supporting executors to properly handle error conditions.
* Update `IOperationRepo.execute` to be `enqueueAndWait` which supports the change in behavior,,execution of an operation always happens on the background thread and does *not* jump the queue.
* Update operation executors to now ensure the model is in a correct state post-backend execution.
[User Model] New login process and operation repo updates
* Renamed/moved `iam` module to be `inAppMessages` module
* Renamed/moved `notification` module to be `notifications` module
* Renamed `sendOutcomes` to be `addOutcomes`
* Renamed `setTags` to be `addTags`
* Moved triggers to be within `inAppMessages` module
* Add `TrackSessionStartOperation`
* Update executor to count sessions refresh device metadata on `TrackSessionStartOperation`
* Use SubscriptionStatus enum for subscription status across the codebase.
* IUserManager.subscriptions.push can no longer be null. If there isn't a push subscription a "dummy" one is now returned.
* Add `fallbackToSettings` parameter for `ILocationManager.requestPermission` and `INotificationsManager.requestPermission`
* Renamed `INotificationsManager.permissionsStatus` to `permission` and made it a simple Boolean.
* Added `INotificationsManager.canRequestPermission` as a flag to indicate when permissions can be requested.
* Added `ISubscription.addChangeHandler` to allow user to listen for changes to the subscription.
…ription-alignment

[User model] notification/subscription alignment
* Changed `IDeviceService.deviceType` to return an enum rather than int
* Added `EventProducer.fireOnMain` and `CallbackProducer.fireOnMain` for easy firing of callbacks on main thread.
* Added various unit tests for notifications module
* removed high level unittest module from solution
…tests

[User Model] Notifications Unit Tests
* Rename from notification opened to notification clicked
* Remove INotificationsManager.postNotification
* Small notification bug fixes
* Implement `UserBackendService`, `IdentityBackendService`, and `SubscriptionBackendService`
* Tweak `OutcomeEventsBackendService` to provide `subscriptionId`
@jennantilla
Copy link
Contributor Author

Great catch @shepherd-l! Looks like this was accidentally added and unused so I removed it.

.github/workflows/codeql.yml Outdated Show resolved Hide resolved
.github/workflows/codeql.yml Outdated Show resolved Hide resolved
Update onReceive methods to check for correct action before proceeding. This prevents potential risk of third-party applications to send explicit intents to this receiver to cause a denial of service.
@jennantilla
Copy link
Contributor Author

jennantilla commented Jan 31, 2024

Oops, @jinliu9508 this work should eventually get merged (it became stagnant due to a build error). But I think it will be easier for me to just create a new PR once we update to main.

@nan-li
Copy link
Contributor

nan-li commented Jan 31, 2024

Re-opening so we don't lose this, we can always refactor later. The deletion of the usermodel branch (now recovered) caused the PRs to close.

@nan-li nan-li reopened this Jan 31, 2024
@jinliu9508 jinliu9508 force-pushed the user-model/main branch 3 times, most recently from 2072eac to d73bfc6 Compare February 6, 2024 16:38
Base automatically changed from user-model/main to main February 6, 2024 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants