From f1dd1d1e181c08db13b144c9ee23a2f88cdd6256 Mon Sep 17 00:00:00 2001 From: Akhil Anand Date: Thu, 5 Oct 2023 16:22:40 +0530 Subject: [PATCH 1/4] feature-5232-Security-Scans-OSV-Scanner --- .github/workflows/osv-scanner.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/osv-scanner.yml diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml new file mode 100644 index 0000000000..e4ee26c79b --- /dev/null +++ b/.github/workflows/osv-scanner.yml @@ -0,0 +1,27 @@ +name: OSV Scanner + +on: + pull_request: + push: + +jobs: + OSV-Scanner: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Install Golang + uses: actions/setup-go@v4 + with: + go-version: '1.19' + + - name: Install OSV Scanner + run: | + go install github.com/google/osv-scanner/cmd/osv-scanner@latest + + - name: Scan for Vulnerabilities + run: | + osv-scanner -r . From 2f5be1080f104383921c0654b9131716985352b9 Mon Sep 17 00:00:00 2001 From: fuyangpengqi <995764973@qq.com> Date: Thu, 18 Apr 2024 21:40:03 +0800 Subject: [PATCH 2/4] chore: fix some typos in comments Signed-off-by: fuyangpengqi <995764973@qq.com> --- app/config/errors.php | 8 ++++---- app/init.php | 4 ++-- src/Appwrite/Platform/Tasks/CalcTierStats.php | 4 ++-- src/Appwrite/Platform/Tasks/CreateInfMetric.php | 4 ++-- .../Platform/Tasks/PatchRecreateRepositoriesDocuments.php | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/app/config/errors.php b/app/config/errors.php index c999ddba58..3cb16d4063 100644 --- a/app/config/errors.php +++ b/app/config/errors.php @@ -11,7 +11,7 @@ return [ /** General Errors */ Exception::GENERAL_UNKNOWN => [ 'name' => Exception::GENERAL_UNKNOWN, - 'description' => 'An unknown error has occured. Please check the logs for more information.', + 'description' => 'An unknown error has occurred. Please check the logs for more information.', 'code' => 500, ], Exception::GENERAL_MOCK => [ @@ -279,7 +279,7 @@ return [ ], Exception::USER_CHALLENGE_REQUIRED => [ 'name' => Exception::USER_CHALLENGE_REQUIRED, - 'description' => 'A recently succeessful challenge is required to complete this action. A challenge is considered recent for 5 minutes.', + 'description' => 'A recently successful challenge is required to complete this action. A challenge is considered recent for 5 minutes.', 'code' => 401, ], Exception::USER_OAUTH2_BAD_REQUEST => [ @@ -484,7 +484,7 @@ return [ ], Exception::REPOSITORY_NOT_FOUND => [ 'name' => Exception::REPOSITORY_NOT_FOUND, - 'description' => 'Repository with the requested ID could not be found. Check to see if the ID is correct, or create the respository.', + 'description' => 'Repository with the requested ID could not be found. Check to see if the ID is correct, or create the repository.', 'code' => 404, ], Exception::PROVIDER_CONTRIBUTION_CONFLICT => [ @@ -494,7 +494,7 @@ return [ ], Exception::GENERAL_PROVIDER_FAILURE => [ 'name' => Exception::GENERAL_PROVIDER_FAILURE, - 'description' => 'VCS (Version Control System) provider failed to proccess the request. We believe this is an error with the VCS provider. Try again, or contact support for more information.', + 'description' => 'VCS (Version Control System) provider failed to process the request. We believe this is an error with the VCS provider. Try again, or contact support for more information.', 'code' => 400, ], diff --git a/app/init.php b/app/init.php index 5877327ab6..5d688fd1b5 100644 --- a/app/init.php +++ b/app/init.php @@ -837,7 +837,7 @@ $register->set('pools', function () { /** * Get Resource * - * Creation could be reused accross connection types like database, cache, queue, etc. + * Creation could be reused across connection types like database, cache, queue, etc. * * Resource assignment to an adapter will happen below. */ @@ -847,7 +847,7 @@ $register->set('pools', function () { $resource = function () use ($dsnHost, $dsnPort, $dsnUser, $dsnPass, $dsnDatabase) { return new PDOProxy(function () use ($dsnHost, $dsnPort, $dsnUser, $dsnPass, $dsnDatabase) { return new PDO("mysql:host={$dsnHost};port={$dsnPort};dbname={$dsnDatabase};charset=utf8mb4", $dsnUser, $dsnPass, array( - // No need to set PDO::ATTR_ERRMODE it is overwitten in PDOProxy + // No need to set PDO::ATTR_ERRMODE it is overwritten in PDOProxy PDO::ATTR_TIMEOUT => 3, // Seconds PDO::ATTR_PERSISTENT => true, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, diff --git a/src/Appwrite/Platform/Tasks/CalcTierStats.php b/src/Appwrite/Platform/Tasks/CalcTierStats.php index 2d7dd3403f..ae8bd27fe3 100644 --- a/src/Appwrite/Platform/Tasks/CalcTierStats.php +++ b/src/Appwrite/Platform/Tasks/CalcTierStats.php @@ -103,7 +103,7 @@ class CalcTierStats extends Action return; } catch (\Throwable $th) { - Console::error("Unexpected error occured with Project ID {$projectId}"); + Console::error("Unexpected error occurred with Project ID {$projectId}"); Console::error('[Error] Type: ' . get_class($th)); Console::error('[Error] Message: ' . $th->getMessage()); Console::error('[Error] File: ' . $th->getFile()); @@ -129,7 +129,7 @@ class CalcTierStats extends Action $data = $this->getData($project, $dbForConsole, $dbForProject); $csv->insertOne($data); } catch (\Throwable $th) { - Console::error("Unexpected error occured with Project ID {$projectId}"); + Console::error("Unexpected error occurred with Project ID {$projectId}"); Console::error('[Error] Type: ' . get_class($th)); Console::error('[Error] Message: ' . $th->getMessage()); Console::error('[Error] File: ' . $th->getFile()); diff --git a/src/Appwrite/Platform/Tasks/CreateInfMetric.php b/src/Appwrite/Platform/Tasks/CreateInfMetric.php index c50b6e09f9..ce3484edbf 100644 --- a/src/Appwrite/Platform/Tasks/CreateInfMetric.php +++ b/src/Appwrite/Platform/Tasks/CreateInfMetric.php @@ -50,7 +50,7 @@ class CreateInfMetric extends Action $dbForProject = call_user_func($getProjectDB, $project); $this->getUsageData($dbForProject, $project); } catch (\Throwable $th) { - Console::error("Unexpected error occured with Project ID {$projectId}"); + Console::error("Unexpected error occurred with Project ID {$projectId}"); Console::error('[Error] Type: ' . get_class($th)); Console::error('[Error] Message: ' . $th->getMessage()); Console::error('[Error] File: ' . $th->getFile()); @@ -72,7 +72,7 @@ class CreateInfMetric extends Action $dbForProject = call_user_func($getProjectDB, $project); $this->getUsageData($dbForProject, $project); } catch (\Throwable $th) { - Console::error("Unexpected error occured with Project ID {$projectId}"); + Console::error("Unexpected error occurred with Project ID {$projectId}"); Console::error('[Error] Type: ' . get_class($th)); Console::error('[Error] Message: ' . $th->getMessage()); Console::error('[Error] File: ' . $th->getFile()); diff --git a/src/Appwrite/Platform/Tasks/PatchRecreateRepositoriesDocuments.php b/src/Appwrite/Platform/Tasks/PatchRecreateRepositoriesDocuments.php index 9cf65d05b6..a7e2367d59 100644 --- a/src/Appwrite/Platform/Tasks/PatchRecreateRepositoriesDocuments.php +++ b/src/Appwrite/Platform/Tasks/PatchRecreateRepositoriesDocuments.php @@ -42,7 +42,7 @@ class PatchRecreateRepositoriesDocuments extends Action $dbForProject = call_user_func($getProjectDB, $project); $this->recreateRepositories($dbForConsole, $dbForProject, $project); } catch (\Throwable $th) { - Console::error("Unexpected error occured with Project ID {$projectId}"); + Console::error("Unexpected error occurred with Project ID {$projectId}"); Console::error('[Error] Type: ' . get_class($th)); Console::error('[Error] Message: ' . $th->getMessage()); Console::error('[Error] File: ' . $th->getFile()); @@ -64,7 +64,7 @@ class PatchRecreateRepositoriesDocuments extends Action $dbForProject = call_user_func($getProjectDB, $project); $this->recreateRepositories($dbForConsole, $dbForProject, $project); } catch (\Throwable $th) { - Console::error("Unexpected error occured with Project ID {$projectId}"); + Console::error("Unexpected error occurred with Project ID {$projectId}"); Console::error('[Error] Type: ' . get_class($th)); Console::error('[Error] Message: ' . $th->getMessage()); Console::error('[Error] File: ' . $th->getFile()); From 8eb5b3467a5e47095214554bfb80d8280151012c Mon Sep 17 00:00:00 2001 From: Steven Nguyen <1477010+stnguyen90@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:00:23 +0000 Subject: [PATCH 3/4] feat(security): add github workflow to check dependencies This workflow action uses OSV Scanner, an open source vulnerability scanner by Google. We're using OSV Scanner because it has: * good usability - JSON output and multiple options * good accuracy - OSV database from google and support for multiple languages including PHP --- .github/workflows/check-dependencies.yml | 19 +++++++++++++++++ .github/workflows/osv-scanner.yml | 27 ------------------------ 2 files changed, 19 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/check-dependencies.yml delete mode 100644 .github/workflows/osv-scanner.yml diff --git a/.github/workflows/check-dependencies.yml b/.github/workflows/check-dependencies.yml new file mode 100644 index 0000000000..17caf3aa6b --- /dev/null +++ b/.github/workflows/check-dependencies.yml @@ -0,0 +1,19 @@ +name: Check dependencies + +# Adapted from https://google.github.io/osv-scanner/github-action/#scan-on-pull-request + +on: + pull_request: + branches: [main, 1.*.x] + merge_group: + branches: [main, 1.*.x] + +permissions: + # Require writing security events to upload SARIF file to security tab + security-events: write + # Only need to read contents + contents: read + +jobs: + scan-pr: + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.7.1" \ No newline at end of file diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml deleted file mode 100644 index e4ee26c79b..0000000000 --- a/.github/workflows/osv-scanner.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: OSV Scanner - -on: - pull_request: - push: - -jobs: - OSV-Scanner: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Install Golang - uses: actions/setup-go@v4 - with: - go-version: '1.19' - - - name: Install OSV Scanner - run: | - go install github.com/google/osv-scanner/cmd/osv-scanner@latest - - - name: Scan for Vulnerabilities - run: | - osv-scanner -r . From f7f00fcf10be528f9ba84a3b19428a751dd92b12 Mon Sep 17 00:00:00 2001 From: Evan Date: Mon, 29 Apr 2024 13:42:13 -0700 Subject: [PATCH 4/4] Close reason update Due to failures, changing to not_planned --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 053f0191a2..5987eeeb0c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,6 +18,6 @@ jobs: days-before-close: 14 remove-stale-when-updated: true close-issue-message: "This issue has been closed due to inactivity. If you still require assistance, please provide the requested information." - close-issue-reason: "not-planned" + close-issue-reason: "not_planned" operations-per-run: 100 only-labels: "question"