Skip to content
This repository has been archived by the owner on Apr 5, 2024. It is now read-only.

Security fix #290

Merged
merged 2 commits into from
Jul 10, 2023
Merged

Security fix #290

merged 2 commits into from
Jul 10, 2023

Conversation

chrisdlangton
Copy link

Deprecate calculateMac replaced by calculateServerMac or generateRequestMac

Fixes #284

@chrisdlangton
Copy link
Author

I assume versioning and change log commit's need to be made. Please direct me or (risk team seeing this) let me know that's now up to me to figure out as the maintainers who know seem to have moved on.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 12, 2023
View reviewed changes
test/server.js
};

const exp = Math.floor(Hawk.utils.now() / 1000) + 60;
const ext = 'some-app-data';

Check failure

Code scanning / CodeQL

Hard-coded credentials

The hard-coded value "some-app-data" is used as [authorization header](1).
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unit test directory, the code scanner needs tuning

test/server.js

const exp = Math.floor(Hawk.utils.now() / 1000) + 60;
const ext = 'some-app-data';
const nonce = '1AwuJD';

Check failure

Code scanning / CodeQL

Hard-coded credentials

The hard-coded value "1AwuJD" is used as [authorization header](1).
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unit test directory, the code scanner needs tuning

@lotas
Copy link
Contributor

lotas commented Jun 12, 2023

Thanks @chrisdlangton
We'll review it shortly while trying to understand the context of that issue.

lotas
lotas reviewed Jun 20, 2023
View reviewed changes
lib/crypto.js Outdated Show resolved Hide resolved
lotas
lotas reviewed Jun 20, 2023
View reviewed changes
lib/crypto.js Outdated Show resolved Hide resolved
@lotas lotas merged commit b175ee2 into mozilla:main Jul 10, 2023
@lotas lotas mentioned this pull request Jul 24, 2023
Closed
@shawm11 shawm11 mentioned this pull request Dec 19, 2023
Closed
@lotas lotas mentioned this pull request Apr 2, 2024
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lotas lotas lotas left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The incoming hash of the payload is being trusted and not verified
2 participants
@chrisdlangton @lotas