Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3.16 - validate image source before saving it into the DB #6605

Open
wants to merge 8 commits into
base: develop
Choose a base branch
from
Open

3.16 - validate image source before saving it into the DB #6605

wants to merge 8 commits into from

Conversation

wordpressfan
Copy link
Contributor

@wordpressfan wordpressfan commented May 2, 2024
edited

Description

Fixes #6599

Documentation

User documentation

We just add another layer of sanitizing and checking the valid lcp/atf to be valid images

Technical documentation

Here we will exclude the following patterns and more:

https://domain.ext/file.php?url=img.jpg
https://domain.ext/file.js?url=img.jpg
https://domain.ext/file.php#url=img.jpg
chrome-extension://extension-hash/path/to/image/x.svg
linear-gradient(160deg, rgb(255, 255, 255) 0%, rgb(248, 246, 243) 100%)

Type of change

Delete options that are not relevant.

  • New feature (non-breaking change which adds functionality).
  • Bug fix (non-breaking change which fixes an issue).
  • Enhancement (non-breaking change which improves an existing functionality).
  • Breaking change (fix or feature that would cause existing functionality to not work as before).

New dependencies

List any new dependencies that are required for this change.

Risks

List possible performance & security issues or risks, and explain how they have been mitigated.

Checklists

Feature validation

  • I validated all the Acceptance Criteria. If possible, provide sreenshots or videos.
  • I triggered all changed lines of code at least once without new errors/warnings/notices.
  • I implemented built-in tests to cover the new/changed code.

Documentation

  • I prepared the user documentation for the feature/enhancement and shared it in the PR or the GitHub issue.
  • The user documentation covers new/changed entry points (endpoints, WP hooks, configuration files, ...).
  • I prepared the technical documentation if needed, and shared it in the PR or the GitHub issue.

Code style

  • I wrote self-explanatory code about what it does.
  • I wrote comments to explain why it does it.
  • I named variables and functions explicitely.
  • I protected entry points against unexpected inputs.
  • I did not introduce unecessary complexity.
  • I listed the introduced external dependencies explicitely on the PR.
  • I validated the repo-specific guidelines from CONTRIBUTING.md.

Observability

  • I handled errors when needed.
  •  I wrote user-facing messages that are understandable and provide actionable feedbacks.
  • I prepared ways to observe the implemented system (logs, data, etc.).

Risks

  •  I explicitely mentioned performance risks in the PR.
  • I explicitely mentioned security risks in the PR.

@wordpressfan wordpressfan self-assigned this May 2, 2024
@wordpressfan wordpressfan mentioned this pull request May 2, 2024
Open
@piotrbak
Copy link
Contributor

Could we also validate the resource usage/time spent on this one?

@wordpressfan wordpressfan marked this pull request as ready for review May 24, 2024 12:24
@codacy-production Codacy Production
Copy link

codacy-production bot commented May 24, 2024
edited

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
Report missing for 38775321 85.00% (target: 50.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (3877532) Report Missing Report Missing Report Missing
Head commit (7ec3c8e) 37186 14358 38.61%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#6605) 20 17 85.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy will stop sending the deprecated coverage status from June 5th, 2024. Learn more

Footnotes

  1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

@wordpressfan wordpressfan requested a review from a team May 24, 2024 12:32
@Miraeld Miraeld requested a review from Tabrisrp May 26, 2024 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tabrisrp Tabrisrp Tabrisrp approved these changes

@Miraeld Miraeld Miraeld approved these changes

Assignees

@wordpressfan wordpressfan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Guard beacon script against saving not expected values into the database
4 participants
@wordpressfan @piotrbak @Tabrisrp @Miraeld