synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-08 11:39:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: fix security vulnerabilities reported by CodeQL (#5467)

Browse Source
This commit is contained in:
Dean Sheather
2022-12-20 05:25:59 +10:00
committed by GitHub
parent e359f3cd23
commit 1bc4eb5329
8 changed files with 42 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
coderd/gitauth/oauth.go
View File

@ -45,13 +45,13 @@ var scope = map[codersdk.GitProvider][]string{
codersdk.GitProviderGitHub: {"repo", "workflow"},
}
// regex provides defaults for each Git provider to
// match their SaaS host URL. This is configurable by each provider.
// regex provides defaults for each Git provider to match their SaaS host URL.
// This is configurable by each provider.
var regex = map[codersdk.GitProvider]*regexp.Regexp{
codersdk.GitProviderAzureDevops: regexp.MustCompile(`dev\.azure\.com`),
codersdk.GitProviderBitBucket: regexp.MustCompile(`bitbucket\.org`),
codersdk.GitProviderGitLab: regexp.MustCompile(`gitlab\.com`),
codersdk.GitProviderGitHub: regexp.MustCompile(`github\.com`),
codersdk.GitProviderAzureDevops: regexp.MustCompile(`^(https?://)?dev\.azure\.com(/.*)?$`),
codersdk.GitProviderBitBucket: regexp.MustCompile(`^(https?://)?bitbucket\.org(/.*)?$`),
codersdk.GitProviderGitLab: regexp.MustCompile(`^(https?://)?gitlab\.com(/.*)?$`),
codersdk.GitProviderGitHub: regexp.MustCompile(`^(https?://)?github\.com(/.*)?$`),
}
// newJWTOAuthConfig creates a new OAuth2 config that uses a custom

8
coderd/workspaceagents.go
View File

@ -222,11 +222,11 @@ func (api *API) workspaceAgentPTY(rw http.ResponseWriter, r *http.Request) {
})
return
}
height, err := strconv.Atoi(r.URL.Query().Get("height"))
height, err := strconv.ParseUint(r.URL.Query().Get("height"), 10, 16)
if err != nil {
height = 80
}
width, err := strconv.Atoi(r.URL.Query().Get("width"))
width, err := strconv.ParseUint(r.URL.Query().Get("width"), 10, 16)
if err != nil {
width = 80
}
@ -330,7 +330,7 @@ func (api *API) workspaceAgentListeningPorts(rw http.ResponseWriter, r *http.Req
if port == "" {
continue
}
portNum, err := strconv.Atoi(port)
portNum, err := strconv.ParseUint(port, 10, 16)
if err != nil {
continue
}
@ -344,7 +344,7 @@ func (api *API) workspaceAgentListeningPorts(rw http.ResponseWriter, r *http.Req
// common non-HTTP ports such as databases, FTP, SSH, etc.
filteredPorts := make([]codersdk.ListeningPort, 0, len(portsResponse.Ports))
for _, port := range portsResponse.Ports {
if port.Port < uint16(codersdk.MinimumListeningPort) {
if port.Port < codersdk.MinimumListeningPort {
continue
}
if _, ok := appPorts[port.Port]; ok {