Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(shell) & fix(rebrand & pre-commit): implement config serialization aswell as fix rebrand and pre-commit. #20

Merged
merged 3 commits into from
Jul 30, 2024
Merged

feat(shell) & fix(rebrand & pre-commit): implement config serialization aswell as fix rebrand and pre-commit. #20

merged 3 commits into from
Jul 30, 2024

Conversation

h4rldev
Copy link
Collaborator

@h4rldev h4rldev commented Jul 30, 2024
edited
Loading

I'm making this pr as I will travel today.

I noticed also the pre-commit config was invalid, but it was too small of a change, so I just injected it into this pr.

I don't remember all I did, but be sure to review it properly, and point out inconsistencies, kthxbye.

@h4rldev h4rldev requested a review from Intancote July 30, 2024 03:48
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 30, 2024
View reviewed changes
scripts/build.sh Dismissed Show dismissed Hide dismissed
scripts/build.sh Dismissed Show dismissed Hide dismissed
scripts/build.sh Dismissed Show dismissed Hide dismissed
scripts/build.sh Dismissed Show dismissed Hide dismissed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 30, 2024
View reviewed changes
src/hamon/config.c
folder_buffer_size = strlen("/.config/hamon/") + env_size + 1;
folder_buffer = (char *)malloc(folder_buffer_size);
snprintf(folder_buffer, folder_buffer_size, "%s/.config/hamon/",
getenv("HOME"));

Check warning

Code scanning / Flawfinder (reported by Codacy)

Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. Warning

Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them.
src/hamon/config.c
folder_buffer = (char *)malloc(folder_buffer_size);
snprintf(folder_buffer, folder_buffer_size, "%s\\hamon\\", getenv("APPDATA"));
#elif __linux__
env_size = strlen(getenv("HOME"));

Check warning

Code scanning / Flawfinder (reported by Codacy)

Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. Warning

Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them.
src/hamon/config.c
snprintf(folder_buffer, folder_buffer_size, "%s\\hamon\\", getenv("APPDATA"));
#elif __linux__
env_size = strlen(getenv("HOME"));
folder_buffer_size = strlen("/.config/hamon/") + env_size + 1;

Check notice

Code scanning / Flawfinder (reported by Codacy)

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Note

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).
src/hamon/config.c
folder_buffer = (char *)malloc(folder_buffer_size);
snprintf(folder_buffer, folder_buffer_size, "%s\\hamon\\", getenv("APPDATA"));
#elif __linux__
env_size = strlen(getenv("HOME"));

Check notice

Code scanning / Flawfinder (reported by Codacy)

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Note

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).
src/hamon/config.c Fixed Show fixed Hide fixed
src/hamon/config.c

#if _WIN32
env_size = strlen(getenv("APPDATA"));
folder_buffer_size = strlen("\\hamon\\") + env_size + 1;

Check notice

Code scanning / Flawfinder (reported by Codacy)

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Note

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).
src/hamon/file.c Dismissed Show dismissed Hide dismissed
src/hamon/file.c
}

char *read_file(const char *file_path) {
FILE *file = fopen(file_path, "r");

Check notice

Code scanning / Flawfinder (reported by Codacy)

Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Note

Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362).
src/hamon/file.c Dismissed Show dismissed Hide dismissed
src/hamon/file.c
#include "headers/file.h"

int write_file(const char *filename, const char *content, const size_t size) {
FILE *file = fopen(filename, "w");

Check notice

Code scanning / Flawfinder (reported by Codacy)

Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Note

Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362).
@h4rldev h4rldev changed the title feat(shell) & fix(rebrand): implement config serialization aswell as fix rebrand. feat(shell) & fix(rebrand & pre-commit): implement config serialization aswell as fix rebrand and pre-commit. Jul 30, 2024
@h4rldev
Copy link
Collaborator Author

h4rldev commented Jul 30, 2024

I did all of this through ghcli btw, this tool is nice.

Intancote
Intancote requested changes Jul 30, 2024
View reviewed changes
Copy link
Collaborator

@Intancote Intancote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line 133 should be changed since it's [MS-banned]

@h4rldev
fix(security) & init(nix): use strl instead of strn in functions. Int…
b7fa018 
…roduce nix-compilation support with .envrc and nix-shell
@h4rldev h4rldev requested a review from Intancote July 30, 2024 19:27
Intancote
Intancote approved these changes Jul 30, 2024
View reviewed changes
Copy link
Collaborator

@Intancote Intancote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is mergable now 🙂

@Intancote Intancote merged commit dd6fe3d into tatsoku:main Jul 30, 2024
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Intancote Intancote Intancote approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@h4rldev @Intancote