Add prettier and eslint for better code quality #283
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
|
| 'vista.encodingWatchConfigurationViewProvider', | ||
| 'Config', | ||
| options, | ||
| ENCODING_WATCH_TYPE |
Check warning
Code scanning / CodeQL
Superfluous trailing arguments Warning
| 'vista.frameWatchConfigurationViewProvider', | ||
| 'Config', | ||
| options, | ||
| FRAME_WATCH_TYPE |
Check warning
Code scanning / CodeQL
Superfluous trailing arguments Warning
| @@ -6,11 +6,27 @@ | |||
| const TOTAL_PARTS_FIELD = 'total_parts'; | |||
|
|
|||
| const PRODUCT_STARTED_RECORD_TYPE = 'PRODUCT_STARTED'; | |||
| // eslint-disable-next-line no-unused-vars | |||
Check notice
Code scanning / CodeQL
Unused variable, import, function or class Note
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the problem, we need to remove the unused variable COMPLETE_PRODUCT_RECORD_TYPE from the code. This involves deleting the line where the variable is declared. This change will not affect the existing functionality since the variable is not used anywhere in the provided code snippet.
| @@ -8,4 +8,3 @@ | ||
| const PRODUCT_STARTED_RECORD_TYPE = 'PRODUCT_STARTED'; | ||
| // eslint-disable-next-line no-unused-vars | ||
| const COMPLETE_PRODUCT_RECORD_TYPE = 'COMPLETE_PRODUCT'; | ||
|
|
||
| const PRODUCT_PART_RECEIVED_RECORD_TYPE = 'PRODUCT_PART_RECEIVED'; |
|
|
||
| }(self, WebSocket)); | ||
| worker = new MCWSStreamWorker(); | ||
| self.onmessage = function (messageEvent) { |
Check warning
Code scanning / CodeQL
Missing origin verification in `postMessage` handler Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the problem, we need to verify the origin of incoming messages in the messageEvent handler. This involves checking the origin property of the messageEvent object to ensure it matches a trusted origin before processing the message. This change should be made in the self.onmessage function within the src/realtime/MCWSStreamWorkerScript.js file.
- Identify the trusted origin(s) that should be allowed to send messages.
- Modify the
self.onmessagefunction to include a check for theoriginproperty of themessageEventobject. - If the origin matches the trusted origin, proceed with processing the message; otherwise, ignore the message.
| @@ -320,6 +320,9 @@ | ||
| self.onmessage = function (messageEvent) { | ||
| var data = messageEvent.data, | ||
| method = worker[data.key]; | ||
| if (method) { | ||
| method.call(worker, data.value); | ||
| var trustedOrigin = 'https://www.example.com'; // Replace with the actual trusted origin | ||
| if (messageEvent.origin === trustedOrigin) { | ||
| var data = messageEvent.data, | ||
| method = worker[data.key]; | ||
| if (method) { | ||
| method.call(worker, data.value); | ||
| } | ||
| } |
| return !!(this.options.frameSummaryStreamUrl || this.options.frameSummaryStreamUrl); | ||
| }; | ||
| Dataset.prototype.hasFrameSummary = function () { | ||
| return !!(this.options.frameSummaryStreamUrl || this.options.frameSummaryStreamUrl); |
Check warning
Code scanning / CodeQL
Identical operands Warning
| }; | ||
|
|
||
| worker = new MCWSStreamWorker(); | ||
| self.onmessage = function (messageEvent) { |
Check warning
Code scanning / CodeQL
Missing origin verification in `postMessage` handler Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the problem, we need to verify the origin of the incoming messages in the messageEvent handler. This involves checking the origin property of the messageEvent object against a list of trusted origins before processing the message. This ensures that only messages from trusted sources are handled, mitigating the risk of malicious attacks.
- Identify the trusted origins for the application.
- Modify the
self.onmessagehandler to include a check for theoriginproperty. - Only process the message if the origin is in the list of trusted origins.
| @@ -244,6 +244,9 @@ | ||
| self.onmessage = function (messageEvent) { | ||
| var data = messageEvent.data, | ||
| method = worker[data.key]; | ||
| if (method) { | ||
| method.call(worker, data.value); | ||
| var trustedOrigins = ['https://www.example.com', 'https://trusted.origin']; | ||
| if (trustedOrigins.includes(messageEvent.origin)) { | ||
| var data = messageEvent.data, | ||
| method = worker[data.key]; | ||
| if (method) { | ||
| method.call(worker, data.value); | ||
| } | ||
| } |
| if (!sessionServiceInstance) { | ||
| sessionServiceInstance = new SessionService(openmct, openmctMCWSConfig); | ||
| } | ||
| export default function (openmct, openmctMCWSConfig) { |
Check warning
Code scanning / CodeQL
Inconsistent use of 'new' Warning
jvigliotta
left a comment
jvigliotta
left a comment
There was a problem hiding this comment.
Having already reviewed the previous two PR's into this branch, we good...
Closes #219
topic branch to be merged into main after after sub issues #269 and #270 have been merged into topic branch