Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix security findings on the web-client. #97

Merged
merged 2 commits into from
Jan 21, 2024
Merged

Fix security findings on the web-client. #97

merged 2 commits into from
Jan 21, 2024

Conversation

wjonassen
Copy link
Collaborator

Problem Description

There are several security issues on the web client code. These issues include a target="_blank" without rel="noopener" and including a remote javascript file. These issues need to be resolved in this pull request.
Fixes #.

Solution

  1. Add rel="noopener" to the target="_blank" href.
  2. Bring the remote javascript file into the local repository.

how you tested the change

  1. Verified that the target="_blank" code opens the correct page in a new tab. No need to worry about keeping information about where the page was opened from.
  2. verify that the now local js file opens without issues and that the data rows can be ordered properly (dataTables.rowReorder.min.js).

Where the following done:

  • Tests. Check all that apply:
    • Unit tests created or modified that run during ant test.
    • Integration tests created or modified that run during integration testing
      (Formerly called regression tests.)
    • Test procedure descriptions for manual testing
  • Was relevant documentation updated?
  • Were relevant config element (e.g. XML data) updated as appropriate

If you aren't sure leave unchecked and we will help guide you to want needs changing where.

@wjonassen wjonassen added this to the 3 - Code Modifications milestone Jan 17, 2024
This was linked to issues Jan 17, 2024
Need to make sure the newly opened window (when using target="_blank") is safe. #98
Closed
Should not reference remote artifact without referencing. #99
Closed
@wjonassen wjonassen force-pushed the feature/web-client-security branch from d1f8248 to 66c41ed Compare January 20, 2024 20:28
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@wjonassen wjonassen marked this pull request as ready for review January 20, 2024 21:23
@wjonassen wjonassen merged commit 3b720c9 into opendcs:main Jan 21, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamkorynta adamkorynta adamkorynta approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
W912HQ23F0243 Task 5: OpenDCS API and Web Client Review
Status: Done
Milestone
3 - Code Modifications
2 participants
@wjonassen @adamkorynta