Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

base52: check for invalid chars in Decode() #2103

Merged
merged 2 commits into from
Jan 30, 2023

Conversation

AstroProfundis
Copy link
Contributor

What problem does this PR solve?

The Decode() in base52 does not check for input value for invalid characters, thus may have security risks.

What is changed and how it works?

Check for invalid characters and return an error.

Check List

Tests

  • Unit test

Code changes

  • Has exported function/method change

@AstroProfundis AstroProfundis added type/bug Categorizes issue as related to a bug. category/security Categorizes issue or PR as a security enhancement. labels Jan 12, 2023
@AstroProfundis AstroProfundis added this to the 1.12.0 milestone Jan 12, 2023
@AstroProfundis AstroProfundis self-assigned this Jan 12, 2023
@ti-chi-bot
Copy link
Member

ti-chi-bot commented Jan 12, 2023

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • kaaaaaaang

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jan 12, 2023
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Jan 12, 2023
@codecov-commenter
Copy link

codecov-commenter commented Jan 12, 2023

Codecov Report

Base: 56.75% // Head: 56.67% // Decreases project coverage by -0.08% ⚠️

Coverage data is based on head (fc87d65) compared to base (1c231f1).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #2103      +/-   ##
==========================================
- Coverage   56.75%   56.67%   -0.08%     
==========================================
  Files         313      313              
  Lines       33147    33150       +3     
==========================================
- Hits        18811    18785      -26     
- Misses      12105    12134      +29     
  Partials     2231     2231              
Flag Coverage Δ
cluster 45.21% <40.00%> (-0.12%) ⬇️
playground 15.31% <ø> (ø)
tiup 16.54% <ø> (ø)
unittest 22.81% <100.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/base52/base52.go 86.96% <100.00%> (+1.96%) ⬆️
pkg/cluster/spec/pump.go 64.02% <0.00%> (-4.27%) ⬇️
pkg/cluster/operation/scale_in.go 51.10% <0.00%> (-3.45%) ⬇️
pkg/cluster/spec/tiflash.go 69.66% <0.00%> (-1.14%) ⬇️
pkg/cluster/operation/destroy.go 59.66% <0.00%> (-0.64%) ⬇️
pkg/cluster/api/binlog.go 38.22% <0.00%> (-0.52%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@kaaaaaaang kaaaaaaang modified the milestones: 1.12.0, 1.12.2, 1.11.2 Jan 17, 2023
@kaaaaaaang
Copy link
Collaborator

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 465f2e0

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Jan 30, 2023
@ti-chi-bot
Copy link
Member

@AstroProfundis: Your PR was out of date, I have automatically updated it for you.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@ti-chi-bot ti-chi-bot merged commit f8f021c into pingcap:master Jan 30, 2023
@AstroProfundis AstroProfundis deleted the fix-base52-decode branch February 2, 2023 06:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
category/security Categorizes issue or PR as a security enhancement. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT1 Indicates that a PR has LGTM 1. type/bug Categorizes issue as related to a bug.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants