Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

♻️ Refactor code. 重构插件支持钉钉机器人 #97

Merged
merged 1 commit into from
Feb 24, 2024
Merged

♻️ Refactor code. 重构插件支持钉钉机器人 #97

merged 1 commit into from
Feb 24, 2024

Conversation

721806280
Copy link
Owner

No description provided.

@721806280 721806280 merged commit b70c144 into main Feb 24, 2024
1 check passed
@721806280 721806280 deleted the 2.0.0 branch February 24, 2024 07:44
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 24, 2024
View reviewed changes
src/main/java/io/jenkins/plugins/lark/notice/config/LarkRobotConfig.java
* @param secret The encryption key.
* @return Returns the test result. If the test passes, it returns FormValidation.respond(Kind.OK); otherwise, it returns an error message.
*/
public FormValidation doTest(@QueryParameter("id") String id, @QueryParameter("name") String name,

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If LarkRobotConfigDescriptor#doTest connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
src/main/java/io/jenkins/plugins/lark/notice/config/LarkRobotConfig.java
* @param value Webhook key
* @return Validation result, returns FormValidation.ok() if validation passes, otherwise returns an error message
*/
public FormValidation doCheckWebhook(@QueryParameter String value) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If LarkRobotConfigDescriptor#doCheckWebhook connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
src/main/java/io/jenkins/plugins/lark/notice/model/ImgModel.java
/**
* The unique key associated with the image. This key is typically used to fetch or reference the image.
*/
private String imgKey;

Check warning

Code scanning / Jenkins Security Scan

Jenkins: Plaintext password storage Warning

Field should be reviewed whether it stores a password and is serialized to disk: imgKey
src/main/java/io/jenkins/plugins/lark/notice/model/RobotConfigModel.java
/**
* Security key used for authentication.
*/
private String keys;

Check warning

Code scanning / Jenkins Security Scan

Jenkins: Plaintext password storage Warning

Field should be reviewed whether it stores a password and is serialized to disk: keys
src/main/java/io/jenkins/plugins/lark/notice/sdk/model/lark/LarkImageMessage.java
public static class ImageContent {

@JsonProperty("image_key")
private String imageKey;

Check warning

Code scanning / Jenkins Security Scan

Jenkins: Plaintext password storage Warning

Field should be reviewed whether it stores a password and is serialized to disk: imageKey
src/main/java/io/jenkins/plugins/lark/notice/step/impl/LarkStep.java
/**
* The image key to be displayed in an IMAGE message.
*/
private String imageKey;

Check warning

Code scanning / Jenkins Security Scan

Jenkins: Plaintext password storage Warning

Field should be reviewed whether it stores a password and is serialized to disk: imageKey
src/main/java/io/jenkins/plugins/lark/notice/config/LarkRobotConfig.java
* @param secret The encryption key.
* @return Returns the test result. If the test passes, it returns FormValidation.respond(Kind.OK); otherwise, it returns an error message.
*/
public FormValidation doTest(@QueryParameter("id") String id, @QueryParameter("name") String name,

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in LarkRobotConfigDescriptor#doTest
src/main/java/io/jenkins/plugins/lark/notice/config/LarkRobotConfig.java
* @param value Webhook key
* @return Validation result, returns FormValidation.ok() if validation passes, otherwise returns an error message
*/
public FormValidation doCheckWebhook(@QueryParameter String value) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in LarkRobotConfigDescriptor#doCheckWebhook
src/main/java/io/jenkins/plugins/lark/notice/config/LarkRobotConfig.java
* @param value Robot name
* @return Validation result, returns FormValidation.ok() if validation passes, otherwise returns an error message
*/
public FormValidation doCheckName(@QueryParameter String value) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in LarkRobotConfigDescriptor#doCheckName
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@721806280