Merge upstream #839

u1-liquid · 2024-12-22T02:32:07Z

What

Why

Additional info (optional)

Checklist

Read the contribution guide
Test working in a local environment
(If needed) Add story of storybook
(If needed) Update CHANGELOG.md
(If possible) Add tests

* fix(backend): 連合限定先が間違って連合しない先に代入されているのを修正 * build: fix property typo

* feat: サーバー初期設定時専用の初期パスワードを設定できるように * 無いのに入力された場合もエラーにする * 🎨 * 🎨 * cypress-devcontainerにもpassを設定（テストが失敗するため） * [ci skip] 🎨 * ✌️ * test: please revert this commit before merge * Revert "test: please revert this commit before merge" This reverts commit 66b2b48. * Update locales/ja-JP.yml Co-authored-by: syuilo <[email protected]> * build assets * Update Changelog * fix condition * fix condition * add comment * change error code * 他のエラーコードと合わせる * Update CHANGELOG.md --------- Co-authored-by: syuilo <[email protected]>

…#14679)

* fix: 初期パスワードをコメントアウト * 🎨 * fix indent

* wip * Update MkSignin.vue * Update MkSignin.vue * wip * Update CHANGELOG.md * enhance(frontend): サインイン画面の改善 * Update Changelog * 14655の変更取り込み * spdx * fix * fix * fix * 🎨 * 🎨 * 🎨 * 🎨 * Captchaがリセットされない問題を修正 * 次の処理をsignin apiから読み取るように * Add Comments * fix * fix test * attempt to fix test * fix test * fix test * fix test * fix * fix test * fix: 一部のエラーがちゃんと出るように * Update Changelog * 🎨 * 🎨 * remove border --------- Co-authored-by: syuilo <[email protected]>

* New translations ja-jp.yml (Chinese Traditional) * New translations ja-jp.yml (Korean) * New translations ja-jp.yml (Chinese Simplified) * New translations ja-jp.yml (English) * New translations ja-jp.yml (Chinese Traditional) * New translations ja-jp.yml (Korean) * New translations ja-jp.yml (Chinese Simplified) * New translations ja-jp.yml (Chinese Simplified)

* fix(frontend): ログイン画面でキャプチャが表示されない問題を修正 * rename

* fix: signin の資格情報が足りないだけの場合はエラーにせず200を返すように * run api extractor * fix * fix * fix test * /signin -> /signin-flow * fix * fix lint * rename * fix * fix

…dev#14698) * feat(backend): 通報および通報解決時に送出されるSystemWebhookにユーザ情報を含めるようにする * テスト送信もペイロード形式を合わせる * add spaces * fix test

* fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正 * Update Changelog * fix

…dev#15033) * fix(backend): アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する * fix CHANGELOG.md

…sskey-dev#15044) * fix(frontend): サーバードキュメントとMisskey関連リソースとの間にdividerが入らないことがある問題を修正 * Update Changelog

* check harder for connectibility `allSettled` does not throw if a promise is rejected, so `check_connect` never actually failed * Update Changelog --------- Co-authored-by: dakkar <[email protected]>

… develop

* Resolve frontend/backend contradiction for home visibility embeds This now uses the same check from `packages/frontend/src/scripts/get-note-menu.ts` * Update Changelog --------- Co-authored-by: CenTdemeern1 <[email protected]>

misskey-dev#15101) * fix(frontend): ノートがログインしているユーザーしか見れない場合にログインをキャンセルすると一切の処理が停止する問題を修正 * Update Changelog --------- Co-authored-by: syuilo <[email protected]>

* チャンネル一覧の列を最大3列にした (Otaku-Social#13) * fix * fix * fix * 🎨 * fix * 🎨 * Update Changelog * Update Changelog * 要らない_marginを消す --------- Co-authored-by: tmorio <[email protected]>

* fix(frontend): 絵文字管理画面で絵文字が表示されないことがある問題を修正 * Update Changelog * optimize

* fix(frontend): serverContextの型エラーを修正 * add comment

* enhance: 照会の失敗理由を表示するように * Update Changelog * fix * fix test * lookupErrors-> remoteLookupErrors

sonarqubecloud · 2024-12-22T02:35:17Z

Quality Gate failed

Failed conditions
34 Security Hotspots
D Security Rating on New Code (required ≥ A)
E Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

packages/backend/test/e2e/synalio/abuse-report.ts

+				name: randomString(),
+				on: ['abuseReport'],
+				url: WEBHOOK_HOST,
+				secret: randomString(),


To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to generate secure random values. We will modify the randomString function to use crypto.randomBytes instead of Math.random().

Import the crypto module in the utils.ts file.

Modify the randomString function to use crypto.randomBytes to generate random values.

packages/backend/test/e2e/synalio/user-create.ts

+				name: randomString(),
+				on: ['userCreated'],
+				url: WEBHOOK_HOST,
+				secret: randomString(),


To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to generate secure random values. We will update the randomString function to use crypto.randomBytes instead of Math.random().

Update the randomString function in packages/backend/test/utils.ts to use crypto.randomBytes.

Import the crypto module in packages/backend/test/utils.ts.

packages/backend/test/unit/AbuseReportNotificationService.ts

+				name: randomString(),
+				on: ['abuseReport'],
+				url: 'https://example.com',
+				secret: randomString(),


To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to generate secure random values. We will modify the randomString function to use crypto.randomBytes instead of Math.random().

packages/backend/test/unit/SigninWithPasskeyApiService.ts

+	});
+
+	beforeEach(async () => {
+		const uid = idService.gen();


To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to generate secure random values. We will modify the getRandom() function in packages/backend/src/misc/id/meid.ts to use crypto.randomBytes instead of Math.random().

packages/backend/test/unit/SystemWebhookService.ts

+				name: randomString(),
+				on: ['abuseReport'],
+				url: 'https://example.com',
+				secret: randomString(),


To fix the problem, we need to replace the use of Math.random() in the randomString function with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to generate secure random values. We will update the randomString function to use crypto.randomBytes instead of Math.random().

packages/backend/test/unit/SystemWebhookService.ts

+							name: randomString(),
+							on: ['abuseReport'],
+							url: 'https://example.com',
+							secret: randomString(),


To fix the problem, we need to replace the use of Math.random() in the randomString function with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to achieve this. This change will ensure that the generated random strings are not predictable.

Modify the randomString function in packages/backend/test/utils.ts to use crypto.randomBytes instead of Math.random().

Import the crypto module in the same file.

packages/backend/test/unit/SystemWebhookService.ts

+							name: randomString(),
+							on: ['abuseReport'],
+							url: 'https://example.com',
+							secret: randomString(),


To fix the problem, we need to replace the use of Math.random() in the randomString function with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to achieve this. This change will ensure that the generated strings are not predictable and are suitable for use in security-sensitive contexts.

packages/backend/test/unit/UserWebhookService.ts

+				name: randomString(),
+				on: ['mention'],
+				url: 'https://example.com',
+				secret: randomString(),


To fix the problem, we need to replace the use of Math.random() in the randomString function with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to generate secure random values. We will modify the randomString function to use crypto.randomBytes instead of Math.random().

packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts

+		const user = await usersRepository
+			.insert({
+				id: id,
+				username: `user_${id}`,


To fix the problem, we need to replace the use of Math.random() with a cryptographically secure pseudo-random number generator. In Node.js, we can use the crypto module's randomBytes function to generate secure random values. We will modify the getRandom function in packages/backend/src/misc/id/meid.ts to use crypto.randomBytes instead of Math.random(). This change will ensure that the generated IDs are not predictable and are suitable for use in security-sensitive contexts.

packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts

+			.insert({
+				id: id,
+				username: `user_${id}`,
+				usernameLower: `user_${id}`.toLowerCase(),


To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, we can use the crypto module's randomBytes function to generate secure random values. This change will ensure that the generated IDs are not predictable.

Replace the getRandom function in packages/backend/src/misc/id/meid.ts to use crypto.randomBytes instead of Math.random().

Update the import statements to include the crypto module.

KisaragiEffective and others added 30 commits October 3, 2024 17:05

fix(backend): 連合限定先が間違って連合しない先に代入されているのを修正 (misskey-dev#14662)

a722ea8

* fix(backend): 連合限定先が間違って連合しない先に代入されているのを修正 * build: fix property typo

Update CHANGELOG.md

a09b03e

Update CHANGELOG.md

75ea964

fix(misskey-js): type fixes related to signup and signin (misskey-dev…

2a4ab0e

…#14679)

initialPassword -> setupPassword

d2175a9

fix(gh): Githubのテスト用環境でsetupPasswordが指定されていないのを修正 (misskey-dev#14681)

d266c3c

fix: 初期パスワードをコメントアウト (misskey-dev#14682)

7bdc4e8

* fix: 初期パスワードをコメントアウト * 🎨 * fix indent

Bump version to 2024.10.0-alpha.1

fa2558f

Bump version to 2024.10.0-beta.2

650e22c

fix(test): 初期セットアップで初期パスワードを入力していないのを修正 (misskey-dev#14685)

a08a38c

🎨

c1597be

update deps

864327b

🎨

ed71b0b

🎨

2fa805b

fix test

1aee260

Update generate.tsx

e344650

Bump version to 2024.10.0-beta.3

3b0b4f8

fix(frontend): リンク動作のオーバーライドが動作していないのを修正

ea2675e

🎨

2639e92

🎨

708ffae

fix(frontend): canvas-confettiの型定義を追加 (misskey-dev#14692)

d8f30fb

Bump version to 2024.10.0-beta.4

3d637af

fix(frontend): ログイン画面でキャプチャが表示されない問題を修正 (misskey-dev#14694)

b36d13d

* fix(frontend): ログイン画面でキャプチャが表示されない問題を修正 * rename

🎨

fa06c59

misskey-dev#14675 レビューの修正 (misskey-dev#14705)

d8bf1ff

syuilo and others added 20 commits November 23, 2024 04:44

fix(backend): use atomic command to improve security

04b2214

fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正 (misskey-dev#15042)

d91a1be

* fix(frontend): 画面サイズが変わった際にnavbarが自動で折りたたまれない問題を修正 * Update Changelog * fix

Update CHANGELOG.md (書き方を揃える)

00301ed

ci: do not run chromatic on fork repositories (misskey-dev#15041)

ae1d0b0

fix(backend/misskey-js): タイポ修正 (misskey-dev#15046)

d176db5

fix: unable to upload to local object storage (misskey-dev#15040)

dd56623

Bump version to 2024.11.1-alpha.0

8076f78

Update about-misskey.vue

fa271cf

Merge branch 'develop' of https://github.com/misskey-dev/misskey into…

dac3b1f

… develop

fix(frontend): MiAuth認可画面のデザイン修正 (misskey-dev#15106)

020c191

misskey-js: APIClientにURL末尾の/を除去する処理を追加 (misskey-dev#15132)

234d91a

fix(frontend): 絵文字管理画面で絵文字が表示されないことがある問題を修正 (misskey-dev#15128)

3e0fcae

* fix(frontend): 絵文字管理画面で絵文字が表示されないことがある問題を修正 * Update Changelog * optimize

fix(frontend): serverContextの型エラーを修正 (misskey-dev#15131)

0804092

* fix(frontend): serverContextの型エラーを修正 * add comment

enhance(frontend): 照会の際にエラーを表示するように (misskey-dev#15147)

f123be3

* enhance: 照会の失敗理由を表示するように * Update Changelog * fix * fix test * lookupErrors-> remoteLookupErrors

github-actions bot added packages/backend packages/backend:test packages/frontend packages/frontend:test packages/sw packages/misskey-js packages/misskey-js:test labels Dec 22, 2024

u1-liquid marked this pull request as draft December 22, 2024 02:35

github-advanced-security bot found potential problems Dec 22, 2024

View reviewed changes

@@ -8,3 +8,3 @@
             import { basename, isAbsolute } from 'node:path';
-            import { randomUUID } from 'node:crypto';
+            import { randomUUID, randomBytes } from 'node:crypto';
             import { inspect } from 'node:util';
@@ -122,5 +122,6 @@
             export function randomString(chars = 'abcdefghijklmnopqrstuvwxyz0123456789', length = 16) {
+            	const randomBytes = crypto.randomBytes(length);
             	let randomString = '';
             	for (let i = 0; i < length; i++) {
-            		randomString += chars[Math.floor(Math.random() * chars.length)];
+            		randomString += chars[randomBytes[i] % chars.length];
             	}

@@ -121,6 +121,9 @@
+            import { randomBytes } from 'node:crypto';
             export function randomString(chars = 'abcdefghijklmnopqrstuvwxyz0123456789', length = 16) {
             	let randomString = '';
+            	const bytes = randomBytes(length);
             	for (let i = 0; i < length; i++) {
-            		randomString += chars[Math.floor(Math.random() * chars.length)];
+            		randomString += chars[bytes[i] % chars.length];
             	}

@@ -121,6 +121,9 @@
+            import { randomBytes } from 'crypto';
             export function randomString(chars = 'abcdefghijklmnopqrstuvwxyz0123456789', length = 16) {
             	let randomString = '';
+            	const bytes = randomBytes(length);
             	for (let i = 0; i < length; i++) {
-            		randomString += chars[Math.floor(Math.random() * chars.length)];
+            		randomString += chars[bytes[i] % chars.length];
             	}

@@ -5,2 +5,4 @@
+            import { randomBytes } from 'crypto';
             const CHARS = '0123456789abcdef';
@@ -23,5 +25,6 @@
             	let str = '';
+            	const randomValues = randomBytes(12);
             	for (let i = 0; i < 12; i++) {
-            		str += CHARS[Math.floor(Math.random() * CHARS.length)];
+            		str += CHARS[randomValues[i] % CHARS.length];
             	}

@@ -121,6 +121,9 @@
+            import { randomBytes } from 'crypto';
             export function randomString(chars = 'abcdefghijklmnopqrstuvwxyz0123456789', length = 16) {
             	let randomString = '';
+            	const bytes = randomBytes(length);
             	for (let i = 0; i < length; i++) {
-            		randomString += chars[Math.floor(Math.random() * chars.length)];
+            		randomString += chars[bytes[i] % chars.length];
             	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge upstream #839

Merge upstream #839

u1-liquid commented Dec 22, 2024

sonarqubecloud bot commented Dec 22, 2024

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

@@ -6,2 +6,3 @@
             const CHARS = '0123456789abcdef';
+            import { randomBytes } from 'crypto';
@@ -22,2 +23,3 @@
             function getRandom() {
+            	const bytes = randomBytes(12);
             	let str = '';
@@ -25,3 +27,3 @@
             	for (let i = 0; i < 12; i++) {
-            		str += CHARS[Math.floor(Math.random() * CHARS.length)];
+            		str += CHARS[bytes[i] % CHARS.length];
             	}

Merge upstream #839

Are you sure you want to change the base?

Merge upstream #839

Conversation

u1-liquid commented Dec 22, 2024

What

Why

Additional info (optional)

Checklist

sonarqubecloud bot commented Dec 22, 2024

Quality Gate failed