Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add files via upload #1114

Merged
merged 1 commit into from
Oct 30, 2022
Merged

Add files via upload #1114

merged 1 commit into from
Oct 30, 2022

Conversation

Tanaya555
Copy link
Contributor

Explanation

Fixes #:

Checklist

  • The PR title starts with "Fix #issue_number".
  • My branch is up-to-date with the main branch.
  • The PR does not contain any unnecessary auto-generated code.
  • The PR does not break any part of the existing code.
  • The PR creator have carefully read & adher to the guidelines of the project.
  • The PR is raised after the issue has been assigned to the PR creator.

@Tejas1510 Tejas1510 merged commit a315309 into Tejas1510:main Oct 30, 2022
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 30, 2022
View reviewed changes
Javascript/Articooz/app.js
app.use("/api", require("./router-api"));

let sessionOptions = session({
secret: "JavaScript is sooooooooo coool",

Check failure

Code scanning / CodeQL

Hard-coded credentials

The hard-coded value "JavaScript is sooooooooo coool" is used as [key](1).
Javascript/Articooz/router-api.js
const postController = require("./controllers/postController");
const followController = require("./controllers/followController");

apiRouter.post("/login", userController.apiLogin);

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [authorization](1), but is not rate-limited.
Javascript/Articooz/router.js
// user related routes
router.get("/", userController.home);
router.post("/register", userController.register);
router.post("/login", userController.login);

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [authorization](1), but is not rate-limited.
Javascript/Articooz/router.js
"/profile/:username",
userController.ifUserExists,
userController.sharedProfileData,
userController.profilePostsScreen

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [authorization](1), but is not rate-limited.
Javascript/Articooz/app.js
Comment on lines +15 to +21
let sessionOptions = session({
secret: "JavaScript is sooooooooo coool",
store: new MongoStore({ client: require("./db") }),
resave: false,
saveUninitialized: false,
cookie: { maxAge: 1000 * 60 * 60 * 24, httpOnly: true },
});

Check warning

Code scanning / CodeQL

Clear text transmission of sensitive cookie

Sensitive cookie sent without enforcing SSL encryption
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Tanaya555 @Tejas1510