Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SAH-77]: Supplier Inventory Page #167

Merged
merged 19 commits into from
Dec 3, 2024
Merged

[SAH-77]: Supplier Inventory Page #167

merged 19 commits into from
Dec 3, 2024

Conversation

Emmanuel-Melon
Copy link
Collaborator

No description provided.

@Emmanuel-Melon Emmanuel-Melon self-assigned this Apr 6, 2024
@Emmanuel-Melon Emmanuel-Melon linked an issue Apr 16, 2024 that may be closed by this pull request
[SAH-77]: Supplier Inventory Page #157
Closed
@Emmanuel-Melon Emmanuel-Melon marked this pull request as ready for review November 20, 2024 00:35
@linear Linear
Copy link

linear bot commented Nov 20, 2024

SAH-77 [SAH-79]: Add Drawer Component

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 20, 2024
View reviewed changes
packages/features/Inventory/ProductForm.tsx
{newImages.map((image, index) => (
<div key={`new-${index}`} className="relative group">
<img
src={URL.createObjectURL(image)}

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 2 months ago

To fix the problem, we need to ensure that the uploaded image files are properly validated and sanitized before being used. One way to achieve this is by checking the file type and size before creating the object URL. Additionally, we can use a library like DOMPurify to sanitize any potentially unsafe content.

  • Validate the file type and size before creating the object URL.
  • Use DOMPurify to sanitize the object URL before using it as the src attribute of the img element.
  • Update the handleImageUpload function to include these validations and sanitizations.
Suggested changeset 2
packages/features/Inventory/ProductForm.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/features/Inventory/ProductForm.tsx b/packages/features/Inventory/ProductForm.tsx
--- a/packages/features/Inventory/ProductForm.tsx
+++ b/packages/features/Inventory/ProductForm.tsx
@@ -6,2 +6,3 @@
 import { HiMinus, HiPlus } from 'react-icons/hi2';
+import DOMPurify from 'dompurify';
 
@@ -53,3 +54,8 @@
       const filesArray = Array.from(e.target.files);
-      setNewImages((prevImages) => [...prevImages, ...filesArray]);
+      const validFiles = filesArray.filter(file => {
+        const isValidType = file.type.startsWith('image/');
+        const isValidSize = file.size <= 5 * 1024 * 1024; // 5MB limit
+        return isValidType && isValidSize;
+      });
+      setNewImages((prevImages) => [...prevImages, ...validFiles]);
     }
@@ -165,3 +171,3 @@
               <img
-                src={URL.createObjectURL(image)}
+                src={DOMPurify.sanitize(URL.createObjectURL(image))}
                 alt={`New product image ${index + 1}`}
EOF
@@ -6,2 +6,3 @@
import { HiMinus, HiPlus } from 'react-icons/hi2';
import DOMPurify from 'dompurify';

@@ -53,3 +54,8 @@
const filesArray = Array.from(e.target.files);
setNewImages((prevImages) => [...prevImages, ...filesArray]);
const validFiles = filesArray.filter(file => {
const isValidType = file.type.startsWith('image/');
const isValidSize = file.size <= 5 * 1024 * 1024; // 5MB limit
return isValidType && isValidSize;
});
setNewImages((prevImages) => [...prevImages, ...validFiles]);
}
@@ -165,3 +171,3 @@
<img
src={URL.createObjectURL(image)}
src={DOMPurify.sanitize(URL.createObjectURL(image))}
alt={`New product image ${index + 1}`}
packages/features/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/features/package.json b/packages/features/package.json
--- a/packages/features/package.json
+++ b/packages/features/package.json
@@ -8,3 +8,4 @@
     "@sahil/configs": "*",
-    "ui": "*"
+    "ui": "*",
+    "dompurify": "^3.2.0"
   }
EOF
@@ -8,3 +8,4 @@
"@sahil/configs": "*",
"ui": "*"
"ui": "*",
"dompurify": "^3.2.0"
}
This fix introduces these dependencies
Package Version Security advisories
dompurify (npm) 3.2.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@Emmanuel-Melon Emmanuel-Melon merged commit f05967d into develop Dec 3, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Emmanuel-Melon Emmanuel-Melon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[SAH-77]: Supplier Inventory Page
3 participants
@Emmanuel-Melon @eman-bfloat @Maiz27