Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracking pull request to merge release-1.65.0 to master #2358

Merged
merged 56 commits into from
Feb 6, 2025
Merged

Tracking pull request to merge release-1.65.0 to master #2358

merged 56 commits into from
Feb 6, 2025

Conversation

kuanfandevops
Copy link
Collaborator

No description provided.

kuanfandevops and others added 30 commits November 19, 2024 14:44
@kuanfandevops
Update package.json 1.65.0 (#2357)
11b8caa
@kuanfandevops
updat readme
65783b6
@kuanfandevops
echo OPENSHIFT_SERVER
ecbd2a2
@kuanfandevops
pr build fix
dacae68
@kuanfandevops
add tmp test
7094926
@kuanfandevops
add tmp test
955f9a8
@kuanfandevops
add tmp test
2613efc
@kuanfandevops
add tmp test
a360cfd
@kuanfandevops
add tmp test
5227c0f
@kuanfandevops
add pull-request-build.yaml
34055af
@kuanfandevops
add pull-request-build.yaml
afb051e
@kuanfandevops
add pull-request-build.yaml
d5a7bad
@kuanfandevops
update pr build
2b767cc
@kuanfandevops
update pr build
340b1bf
@kuanfandevops
update pr build
8ebd40b
@emi-hi
fix: convert carry over deficits (#2360)
91edea1
@emi-hi
fix: adds check for comments before rendering div with outline so the…
59a38a0 
…re isnt an empty box when agreements dont have comments (#2359)

chore: modifies proptypes in vehicle supplier tabs due to console messages appearing
@rogerlcleung
2292 unit-tests: Compliance Obligation Container (#2367)
e0864a6 
* Create unit-tests for ComplianceObligationContainer

* Refactor ComplianceObligationContainer for unit-test edge case

* Grouping some tests

* Refactor compliance unit-tests to reduce duplicated codes

* Refactor TestHelper class to TestData class

* Grouping common test data

* Refactor testData class in ComplianceObligationContainer test
@emi-hi
feat: adds separation between sales/suppled on vehicle supplier infor…
b2e7787 
…mation page (#2369)
@tim738745
feat: 2364 - add tooltips (#2368)
163b425
@rogerlcleung
1732, 1734 - Unit-tests for Compliance and Compliance/components (#2372)
32ea4af 
* Add unit-tests for Compliance and Compliance-components

* Minor clean-up

* Minor clean-up
@tim738745
fix: 2362 - deficits (#2371)
89f37aa
@kuanfandevops
Update readme.md
23a0404
@emi-hi
fix: replaces reportYear with modelYear so page can load properly (un…
4d7cb3c 
…caught reference error) (#2378)
@kuanfandevops
install oc command in pipelines
135ba9a
@kuanfandevops
Merge branch 'master' into release-1.65.0
e65828f
@emi-hi
task: 2363 Flagging Duplicate VINs in BCeID Spreadsheet Uploads to Pr…
55f373a 
…event Error 31 (duplicate VINs) (#2370)

* task: spreadsheets with duplicate vins are rejected with error message during submission

* chore: moves line out of loop
@emi-hi
-updates assessment Comment model to allow for longer comment lengths…
d8a36d2 
… (textField) (#2374)
@jdtoombs
ZEVA-1744: Unit tests for 3 supplementary components (#2375)
e906787 
* unit tests for supp components

* tweaks and start zevsales

* get rid of duplication
@emi-hi
task: 2338 - credit transaction tabs on credit agreement details pages (
69e7d18 
#2377)

* -adds navigation tabs to credit agreement details

* chore: ran prettier
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 2, 2025
View reviewed changes
frontend/src/app/utilities/__tests__/download.test.js

axios.get.mockResolvedValue(mockResponse);

const params = { headers: { Authorization: "Bearer token" } };

Check failure

Code scanning / CodeQL

Hard-coded credentials Critical test

The hard-coded value "Bearer token" is used as
authorization header
Loading
.
emi-hi and others added 6 commits January 2, 2025 14:25
@emi-hi
fix: changes sales input to be numerical instead of text to reduce us…
13222b2 
…er error (#2404)
@emi-hi
chore: adds tests for vehicle viewset (#2405)
bc1c9a3
@rogerlcleung
2380 Disable Transaction Page "Save" Button (#2406)
cf8f899 
* Disable Save button if vehicle supplier, transaction type, or effective date is not entered.

* Disable "Submit to Director" button if credit quantity is missing.
@rogerlcleung
Remove unwanted zero in LDV sales/supplied. (#2407)
687b6cb
@rogerlcleung
2339 - Fix tab/stage-name inconsistency during loading issue (#2402)
69f684e 
* Add model-year in query string to solve tab-names inconsistency during loading issue.

* Add URI encoding and code clean-up

* Align compliance report tabs

* Fixing compliance report disabled tabs alignment

* Disable compliance-report tabs when loading.

* Move insertIdAndYear function to utilities
@emi-hi
feat: 2373 - adds separate comment box for reject/request changes (#2401
8fa7c3b 
)

* feat: initial changes to seperate comment boxes and add tooltip

* chore: ran prettier

* chore: minor refactoring

* chore: adds useEffect
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 6, 2025
View reviewed changes
frontend/src/app/components/Button.js
const getRoute = () => {
if (locationRoute && locationState) {
return history.push(locationRoute, locationState)
return history.push(locationRoute, locationState);

Check failure

Code scanning / CodeQL

Client-side cross-site scripting High

Cross-site scripting vulnerability due to
user-provided value
Loading
.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to ensure that the locationRoute parameter is properly sanitized before being used in the history.push method. One effective way to do this is by using a library like DOMPurify to sanitize the user input. This will prevent any malicious scripts from being executed.

  1. Install the DOMPurify library.
  2. Import DOMPurify in the relevant files.
  3. Sanitize the locationRoute parameter before using it in the history.push method.
Suggested changeset 2
frontend/src/app/components/Button.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/frontend/src/app/components/Button.js b/frontend/src/app/components/Button.js
--- a/frontend/src/app/components/Button.js
+++ b/frontend/src/app/components/Button.js
@@ -5,2 +5,3 @@
 import history from "../History";
+import DOMPurify from "dompurify";
 
@@ -20,8 +21,9 @@
   const getRoute = () => {
-    if (locationRoute && locationState) {
-      return history.push(locationRoute, locationState);
+    const sanitizedRoute = DOMPurify.sanitize(locationRoute);
+    if (sanitizedRoute && locationState) {
+      return history.push(sanitizedRoute, locationState);
     }
 
-    if (locationRoute) {
-      return history.push(locationRoute);
+    if (sanitizedRoute) {
+      return history.push(sanitizedRoute);
     }
EOF
@@ -5,2 +5,3 @@
import history from "../History";
import DOMPurify from "dompurify";

@@ -20,8 +21,9 @@
const getRoute = () => {
if (locationRoute && locationState) {
return history.push(locationRoute, locationState);
const sanitizedRoute = DOMPurify.sanitize(locationRoute);
if (sanitizedRoute && locationState) {
return history.push(sanitizedRoute, locationState);
}

if (locationRoute) {
return history.push(locationRoute);
if (sanitizedRoute) {
return history.push(sanitizedRoute);
}
frontend/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/frontend/package.json b/frontend/package.json
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -52,3 +52,4 @@
     "winston": "^3.2.1",
-    "xlsx": "^0.18.5"
+    "xlsx": "^0.18.5",
+    "dompurify": "^3.2.3"
   },
EOF
@@ -52,3 +52,4 @@
"winston": "^3.2.1",
"xlsx": "^0.18.5"
"xlsx": "^0.18.5",
"dompurify": "^3.2.3"
},
This fix introduces these dependencies
Package Version Security advisories
dompurify (npm) 3.2.3 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
frontend/src/app/components/Button.js
}

if (locationRoute) {
return history.push(locationRoute)
return history.push(locationRoute);

Check failure

Code scanning / CodeQL

Client-side cross-site scripting High

Cross-site scripting vulnerability due to
user-provided value
Loading
.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to ensure that the locationRoute parameter is sanitized or validated before being used in the history.push function. One effective way to do this is to use a whitelist of allowed routes and ensure that the locationRoute matches one of these allowed routes before proceeding.

  1. Create a whitelist of allowed routes.
  2. Validate the locationRoute against this whitelist before using it in the history.push function.
  3. If the locationRoute is not valid, handle the error appropriately (e.g., redirect to a default safe route or show an error message).
Suggested changeset 1
frontend/src/app/components/Button.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/frontend/src/app/components/Button.js b/frontend/src/app/components/Button.js
--- a/frontend/src/app/components/Button.js
+++ b/frontend/src/app/components/Button.js
@@ -19,11 +19,10 @@
   } = props;
+  const allowedRoutes = ["/route1", "/route2", "/route3"]; // Add all allowed routes here
   const getRoute = () => {
-    if (locationRoute && locationState) {
-      return history.push(locationRoute, locationState);
-    }
-
-    if (locationRoute) {
+    if (locationRoute && allowedRoutes.includes(locationRoute)) {
+      if (locationState) {
+        return history.push(locationRoute, locationState);
+      }
       return history.push(locationRoute);
     }
-
     return history.goBack();
EOF
@@ -19,11 +19,10 @@
} = props;
const allowedRoutes = ["/route1", "/route2", "/route3"]; // Add all allowed routes here
const getRoute = () => {
if (locationRoute && locationState) {
return history.push(locationRoute, locationState);
}

if (locationRoute) {
if (locationRoute && allowedRoutes.includes(locationRoute)) {
if (locationState) {
return history.push(locationRoute, locationState);
}
return history.push(locationRoute);
}

return history.goBack();
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
frontend/src/vehicles/VehicleDetailsContainer.js
if (newState === 'SUBMITTED') {
history.replace(ROUTES_VEHICLES.DETAILS.replace(/:id/gi, id))
if (newState === "SUBMITTED") {
history.replace(ROUTES_VEHICLES.DETAILS.replace(/:id/gi, id));

Check failure

Code scanning / CodeQL

Client-side cross-site scripting High

Cross-site scripting vulnerability due to
user-provided value
Loading
.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to ensure that the id parameter is properly sanitized before being used in constructing the URL. One way to achieve this is by using a library like DOMPurify to sanitize the id parameter. This will help prevent any malicious scripts from being executed.

  1. Install the DOMPurify library.
  2. Import DOMPurify in the file.
  3. Sanitize the id parameter before using it in the URL construction.
Suggested changeset 2
frontend/src/vehicles/VehicleDetailsContainer.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/frontend/src/vehicles/VehicleDetailsContainer.js b/frontend/src/vehicles/VehicleDetailsContainer.js
--- a/frontend/src/vehicles/VehicleDetailsContainer.js
+++ b/frontend/src/vehicles/VehicleDetailsContainer.js
@@ -13,2 +13,3 @@
 import VehicleDetailsPage from "./components/VehicleDetailsPage";
+import DOMPurify from "dompurify";
 
@@ -20,3 +21,4 @@
   });
-  const { id } = useParams();
+  const { id: rawId } = useParams();
+  const id = DOMPurify.sanitize(rawId);
   const { keycloak, user, location } = props;
EOF
@@ -13,2 +13,3 @@
import VehicleDetailsPage from "./components/VehicleDetailsPage";
import DOMPurify from "dompurify";

@@ -20,3 +21,4 @@
});
const { id } = useParams();
const { id: rawId } = useParams();
const id = DOMPurify.sanitize(rawId);
const { keycloak, user, location } = props;
frontend/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/frontend/package.json b/frontend/package.json
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -52,3 +52,4 @@
     "winston": "^3.2.1",
-    "xlsx": "^0.18.5"
+    "xlsx": "^0.18.5",
+    "dompurify": "^3.2.3"
   },
EOF
@@ -52,3 +52,4 @@
"winston": "^3.2.1",
"xlsx": "^0.18.5"
"xlsx": "^0.18.5",
"dompurify": "^3.2.3"
},
This fix introduces these dependencies
Package Version Security advisories
dompurify (npm) 3.2.3 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
rogerlcleung and others added 19 commits January 8, 2025 00:34
@rogerlcleung
Setting page-size as maximum number of rows to be displayed in VIN-li…
6349eeb 
…st-table (#2411)
@kuanfandevops
update frontend builder image to node 20.18.1
9079835
@emi-hi
feat: 2409 - disables save button if forecast isn't filled, adds tool…
762b34a 
…tip (#2414)

* feat: disables save button if forecast isn't filled, adds tooltip

* fix: adds check for model year before disabling save

* chore: adds proptypes
@jdtoombs
add unit tests for creditagreement components (#2395)
d4cb0e4
@emi-hi
fix: 2408 - confirmation checkbox for sales forecast (#2416)
ca3f4a5 
* fix: conditionally displays confirmation for sales forecast if year >= 2023

* chore: adds proptypes

* chore: replaces if-then-else flow as requested by sonarcloud
@jdtoombs
fix failing tests (#2421)
7262d73
@jdtoombs
ZEVA-2290: Forecast upload notification improvement (#2418)
06c7755 
* enhance ux on file upload

* allow for prescence of confirm modal to be controlled via props for FileDropArea
@emi-hi
adds script, instructions for running new scripts to insert data and …
267e153 
…update users (#2422)
@rogerlcleung
1738: Create unit-tests for Credits (#2417)
2a3b456 
* Create unit-tests for Credits

* Grouping common test data
@jdtoombs
ZEVA-1736: Unit tests for credit agreement components (#2424)
95c3ab5 
* unit tests for credit agreement components

* reduce duplicate code
@tim738745
feat: 2412 - updated sales and supplied table (#2425)
d425ec5 
* feat: 2412 - updated sales and supplied table

* small change
@tim738745
fix: 2428 - credit transfer submission date (#2431)
8aea14c
@jdtoombs
more unit tests (#2430)
4bd8b1f
@emi-hi
2426/2423 - Tooltips (#2432)
c8471c9 
* feat: adds tooltip component and implements it on supplier info page and compliance obligation

* chore: linting

* chore: more linting

* fix: adds # to css color
@emi-hi
chore: 2347 - credit agreement backend tests (#2435)
1cee8e8 
* fix: adds filter to credit agreement comments for bceid users

* adds check to ensure comment exists for update

* chore: credit agreement tests

* chore: linting
@rogerlcleung
2427 - Mandatory comment in credit transfer recommendation (#2437)
a21039b 
* Disable Recommend buttons in credit transfer if no comment is entered.

* Fix props-validation

* Disable "Add Comment" button until a comment is entered.

* Fix the issue that some buttons won't change back to disabled if comment is erased.
@rogerlcleung
2415 - Function for Resetting the Database (#2429)
d077166 
* Add admin command reset_database

* minor change

* Add migration and check for production environment
@jdtoombs
icbc ver tests (#2442)
ec9e0b6
@jdtoombs
ZEVA-2329: Credit transfer unit tests (#2438)
199f08c 
* credit transfer tests

* more debug

* ensure users get distinct organizations

* remove transaction.oncommit
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 4, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
2 Security Hotspots

See analysis details on SonarQube Cloud

@kuanfandevops kuanfandevops merged commit 85a516e into master Feb 6, 2025
19 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kuanfandevops @emi-hi @rogerlcleung @tim738745 @jdtoombs