Skip to content

Feature/create runpacks configuration table #659

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Jul 4, 2025
Merged

Feature/create runpacks configuration table #659

merged 12 commits into from
Jul 4, 2025

Conversation

@mms-gianni
Copy link
Member

@mms-gianni mms-gianni commented Jun 30, 2025
edited
Loading

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

  • Template (non-breaking change which adds a template)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • I've built the image and tested it on a kubernetes cluster

Test Configuration:

  • Operator Version:
  • Kubernetes Version:
  • Kubero CLI Version (if applicable):

Checklist:

  • I removed unnecessary debug logs
  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I documented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 30, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 1, 2025
View reviewed changes
server/src/users/users.service.ts
let user = await this.findOne(username);
if (!user) {
this.logger.debug(`User ${username} not found, creating new user.`);
const password = Math.random().toString(36).slice(-8); // Generate a random password

Check failure

Code scanning / CodeQL

Insecure randomness High

This uses a cryptographically insecure random number generated at
Math.random()
Loading
in a security context.

Copilot Autofix

AI 4 months ago

To fix the issue, replace the use of Math.random() with a cryptographically secure random number generator. In Node.js, the crypto module provides a secure method for generating random bytes. Specifically, crypto.randomBytes can be used to generate a secure random password.

The fix involves:

  1. Importing the crypto module.
  2. Replacing the insecure Math.random() logic with crypto.randomBytes to generate a secure random password.
  3. Ensuring the generated password is converted to a suitable format (e.g., alphanumeric string) without introducing bias.

The changes will be made in the findOneOrCreate method, specifically on line 65.

Suggested changeset 1
server/src/users/users.service.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/server/src/users/users.service.ts b/server/src/users/users.service.ts
--- a/server/src/users/users.service.ts
+++ b/server/src/users/users.service.ts
@@ -4,3 +4,3 @@
 dotenv.config();
-//import * as crypto from 'crypto';
+import * as crypto from 'crypto';
 import * as bcrypt from 'bcrypt';
@@ -64,3 +64,3 @@
       this.logger.debug(`User ${username} not found, creating new user.`);
-      const password = Math.random().toString(36).slice(-8); // Generate a random password
+      const password = crypto.randomBytes(12).toString('base64').slice(0, 12); // Generate a secure random password
       const imageData = image
EOF
@@ -4,3 +4,3 @@
dotenv.config();
//import * as crypto from 'crypto';
import * as crypto from 'crypto';
import * as bcrypt from 'bcrypt';
@@ -64,3 +64,3 @@
this.logger.debug(`User ${username} not found, creating new user.`);
const password = Math.random().toString(36).slice(-8); // Generate a random password
const password = crypto.randomBytes(12).toString('base64').slice(0, 12); // Generate a secure random password
const imageData = image
Copilot is powered by AI and may make mistakes. Always verify output.
@mms-gianni mms-gianni merged commit 039a124 into main Jul 4, 2025
1 of 3 checks passed
@mms-gianni mms-gianni self-assigned this Jul 8, 2025
@mms-gianni mms-gianni added the feature New feature or request label Jul 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mms-gianni mms-gianni

Labels

feature New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mms-gianni