Core Integration | Initial by TreyWW · Pull Request #1 · Strelix/core

TreyWW · 2024-12-25T20:22:25Z

Moved to "core" namespace

Fixed team dropdown style issues

Fixed migration signals, converted core:dashboard to just dashboard

Added github actions + templates

Moved to "core" namespace Fixed team dropdown style issues Fixed migration signals, converted core:dashboard to just dashboard Added github actions + templates

github-actions · 2024-12-25T20:23:15Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 19 package(s) with unknown licenses.
⚠️ 10 packages with OpenSSF Scorecard issues.

View full job summary

github-advanced-security · 2024-12-25T20:23:29Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

src/core/views/auth/login.py

+def redirect_to_login(email: str, redirect_url: str):
+    if not url_has_allowed_host_and_scheme(redirect_url, allowed_hosts=None):
+        redirect_url = reverse("dashboard")
+    return redirect(f"{reverse('core:auth:login')}?email={email}&next={redirect_url}")


To fix the problem, we need to ensure that the redirect_url is validated against a whitelist of allowed URLs or ensure that it does not contain an explicit host name. This can be done by using the urlparse function to parse the URL and check that the netloc attribute is empty. Additionally, we should handle backslashes and mistyped URLs to ensure they are correctly parsed.

Import the urlparse function from the urllib.parse module.

Replace the current validation logic with a more robust check using urlparse.

Ensure that the redirect_url does not contain an explicit host name and is a relative path.

Signed-off-by: Trey <73353716+TreyWW@users.noreply.github.com>

Initial Commit

e51d8d6

Moved to "core" namespace Fixed team dropdown style issues Fixed migration signals, converted core:dashboard to just dashboard Added github actions + templates

github-advanced-security bot found potential problems Dec 25, 2024

View reviewed changes

TreyWW added 11 commits December 27, 2024 15:32

Cleanup auth files, added static files

f24c554

Ran black formatter

9dbc199

Fix typos

d3342a7

Attempting to fix actions

ea76788

Attempting to fix actions

85e0240

Fixing mypy stub errors

a6bcb25

Fixing mypy action with env var

9e5c3b1

Addded pythonpath to gh action

ea981f6

Signed-off-by: Trey <73353716+TreyWW@users.noreply.github.com>

Disabled mypy due to django-stubs error

e7052a5

Signed-off-by: Trey <73353716+TreyWW@users.noreply.github.com>

reformatted

35767c3

Signed-off-by: Trey <73353716+TreyWW@users.noreply.github.com>

Fixed pyproject ready for first version

d22ce22

Signed-off-by: Trey <73353716+TreyWW@users.noreply.github.com>

TreyWW marked this pull request as ready for review December 28, 2024 16:17

Version updated from 0.0.0 to 0.0.1

a28820f

Signed-off-by: Trey <73353716+TreyWW@users.noreply.github.com>

TreyWW had a problem deploying to pypi December 28, 2024 16:21 — with GitHub Actions Failure

TreyWW added 2 commits December 28, 2024 16:24

Only run workflow on main branch

47caca5

Signed-off-by: Trey <73353716+TreyWW@users.noreply.github.com>

Set version back to 0.0.0 to run after merge

e449261

Signed-off-by: Trey <73353716+TreyWW@users.noreply.github.com>

TreyWW merged commit 8759ae9 into main Dec 28, 2024
5 checks passed

@@ -18,2 +18,3 @@
             from django_ratelimit.decorators import ratelimit
+            from urllib.parse import urlparse
@@ -80,3 +81,5 @@
-                if url_has_allowed_host_and_scheme(redirect_url, allowed_hosts=None):
+                redirect_url = redirect_url.replace('\\', '')
+                parsed_url = urlparse(redirect_url)
+                if not parsed_url.netloc and not parsed_url.scheme:
                     try:
@@ -91,3 +94,5 @@
             def redirect_to_login(email: str, redirect_url: str):
-                if not url_has_allowed_host_and_scheme(redirect_url, allowed_hosts=None):
+                redirect_url = redirect_url.replace('\\', '')
+                parsed_url = urlparse(redirect_url)
+                if parsed_url.netloc or parsed_url.scheme:
                     redirect_url = reverse("dashboard")

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comments

Core Integration | Initial#1

Core Integration | Initial#1
TreyWW merged 15 commits intomainfrom
initial

TreyWW commented Dec 25, 2024

Uh oh!

github-actions bot commented Dec 25, 2024 •

edited

Loading

Uh oh!

github-advanced-security bot commented Dec 25, 2024

Uh oh!

Check warning

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Comments

Conversation

TreyWW commented Dec 25, 2024

Uh oh!

github-actions bot commented Dec 25, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

Uh oh!

github-advanced-security bot commented Dec 25, 2024

Uh oh!

Check warning

Uh oh!

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

github-actions bot commented Dec 25, 2024 •

edited

Loading