Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nounly Sample #336

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Nounly Sample #336

wants to merge 3 commits into from

Conversation

commit111
Copy link
Collaborator

@commit111 commit111 commented Mar 11, 2025
edited by github-actions bot
Loading

Fixes #124

Nounly is a URL shortener website built with Go, JavaScript, and Redis, and can be deployed with Defang as a sample.
See the real Noun.ly website for reference.

Samples Checklist

✅ All good!

@commit111 commit111 requested review from lionello and raphaeltm March 11, 2025 21:40
@commit111 commit111 had a problem deploying to deploy-changed-samples March 11, 2025 21:40 — with GitHub Actions Failure
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 11, 2025
View reviewed changes
samples/nounly/public/javascripts/app.js
a.setAttribute("data-etag", r.etag);
a.setAttribute("data-date", r.date);
a.title = r.origUrl || r.url;
a.href = r.url;

Check warning

Code scanning / CodeQL

Client-side URL redirect Medium

Untrusted URL redirection depends on a
user-provided value
Loading
.

Copilot Autofix AI 1 day ago

To fix the problem, we need to ensure that the URL used for redirection is validated against a list of authorized URLs. This can be done by maintaining a list of allowed URLs and checking if the user-provided URL matches any entry in this list before performing the redirection.

  1. Create a list of authorized URLs.
  2. Validate the user-provided URL against this list.
  3. Only perform the redirection if the URL is authorized.
Suggested changeset 1
samples/nounly/public/javascripts/app.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/samples/nounly/public/javascripts/app.js b/samples/nounly/public/javascripts/app.js
--- a/samples/nounly/public/javascripts/app.js
+++ b/samples/nounly/public/javascripts/app.js
@@ -1,2 +1,10 @@
 (function () {
+    const authorizedUrls = [
+        "https://example.com",
+        "https://another-example.com"
+    ];
+
+    function isAuthorizedUrl(url) {
+        return authorizedUrls.some(authorizedUrl => url.startsWith(authorizedUrl));
+    }
     function E(id) { return document.getElementById(id); }
@@ -86,3 +94,7 @@
         a.title = r.origUrl || r.url;
-        a.href = r.url;
+        if (isAuthorizedUrl(r.url)) {
+            a.href = r.url;
+        } else {
+            a.href = "#";
+        }
         a.appendChild(document.createTextNode(r.code));
EOF
@@ -1,2 +1,10 @@
(function () {
const authorizedUrls = [
"https://example.com",
"https://another-example.com"
];

function isAuthorizedUrl(url) {
return authorizedUrls.some(authorizedUrl => url.startsWith(authorizedUrl));
}
function E(id) { return document.getElementById(id); }
@@ -86,3 +94,7 @@
a.title = r.origUrl || r.url;
a.href = r.url;
if (isAuthorizedUrl(r.url)) {
a.href = r.url;
} else {
a.href = "#";
}
a.appendChild(document.createTextNode(r.code));
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@commit111 commit111 temporarily deployed to deploy-changed-samples March 11, 2025 21:48 — with GitHub Actions Inactive
@commit111 commit111 changed the title Add Nounly as a sample Nounly Sample Mar 11, 2025
@commit111 commit111 deployed to deploy-changed-samples March 11, 2025 23:28 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lionello lionello Awaiting requested review from lionello

@raphaeltm raphaeltm Awaiting requested review from raphaeltm

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Publish nounly as a sample
1 participant
@commit111