Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI: Auth0 integration #334

Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

CLI: Auth0 integration #334

wants to merge 11 commits into from

Conversation

aumkar
Copy link
Collaborator

@aumkar aumkar commented Jan 22, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 27, 2025
View reviewed changes
packages/cli/src/lib/auth.ts
Comment on lines +75 to +79
const response = await axios.post(url, {
grant_type: "refresh_token",
client_id: apiConfig.auth0ClientId,
refresh_token: refreshToken,
});

Check warning

Code scanning / CodeQL

File data in outbound network request Medium

Outbound network request depends on
file data
Loading
.
packages/cli/src/lib/auth.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 27, 2025
View reviewed changes
packages/cli/src/lib/auth.ts

const server = http.createServer(async (req, res) => {
try {
if (!req.url) {

Check failure

Code scanning / CodeQL

User-controlled bypass of security check High

This condition guards a sensitive
action
Loading
, but a
user-provided value
Loading
controls it.
packages/cli/src/lib/auth.ts
Comment on lines +207 to +209
{
refreshToken,
},

Check warning

Code scanning / CodeQL

File data in outbound network request Medium

Outbound network request depends on
file data
Loading
.
packages/cli/src/lib/auth.ts

const server = http.createServer(async (req, res) => {
try {
if (!req.url) {

Check failure

Code scanning / CodeQL

User-controlled bypass of security check High

This condition guards a sensitive
action
Loading
, but a
user-provided value
Loading
controls it.
packages/cli/src/lib/localStorage.ts
} catch (_err) {
return null;
}
writeFileSync(filePath, JSON.stringify(payload, null, 2));

Check warning

Code scanning / CodeQL

Network data written to file Medium

Write to file system depends on
Untrusted data
Loading
.
Write to file system depends on
Untrusted data
Loading
.
Write to file system depends on
Untrusted data
Loading
.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aumkar