Skip to content

Comments

[PPP-5351]-XSS Findings For Data-Access#1284

Open
Rangashivani wants to merge 1 commit intopentaho:BACKLOG-41215from
Rangashivani:BACKLOG-41215
Open

[PPP-5351]-XSS Findings For Data-Access#1284
Rangashivani wants to merge 1 commit intopentaho:BACKLOG-41215from
Rangashivani:BACKLOG-41215

Conversation

@Rangashivani
Copy link

@Rangashivani Rangashivani commented Oct 28, 2024
edited
Loading

PPP-5351-XSS Findings For Data-Access

@Rangashivani Rangashivani requested a review from a team as a code owner October 28, 2024 11:31
@buildguy

This comment has been minimized.

Sign in to view
@hitachivantarasonarqube
Copy link

hitachivantarasonarqube bot commented Oct 28, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@buildguy
Copy link
Collaborator

buildguy commented Oct 28, 2024

👍 Frogbot scanned this pull request and did not find any new security issues.

Note:

Frogbot also supports Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning. This features are included as part of the JFrog Advanced Security package, which isn't enabled on your system.

@buildguy
Copy link
Collaborator

buildguy commented Oct 28, 2024

✅ Build finished in 1m 39s

Build command:

mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl \
assemblies/data-access-plugin

❗ No tests found!

ℹ️ This is an automatic message

@Rangashivani Rangashivani changed the title [PPP-5351]-XSS Findings For Data-Access ,Pentaho-platform-plugin-dashboards [PPP-5351]-XSS Findings For Data-Access Oct 28, 2024
@Rangashivani Rangashivani marked this pull request as draft October 28, 2024 12:06
@Rangashivani Rangashivani marked this pull request as ready for review October 29, 2024 05:09
@Rangashivani Rangashivani requested a review from dcleao October 29, 2024 05:10
dcleao
dcleao requested changes Oct 30, 2024
View reviewed changes
Copy link
Contributor

@dcleao dcleao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAIK, this JS code in the data-access plugin is not used. In fact, it was duplicated and converted to RequireJS and now lives in https://github.com/pentaho/pentaho-platform-plugin-common-ui/tree/930bf603641698c4352d26d5a002f0659c61b5f3/impl/client/src/main/javascript/web/dataapi.

My advice is to remove this code, simultaneously fixing the XSS findings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dcleao dcleao dcleao requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Rangashivani @buildguy @dcleao