Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

24m08b #37

Merged
merged 18 commits into from
Sep 2, 2024
Merged

24m08b #37

merged 18 commits into from
Sep 2, 2024

Conversation

AstroAir
Copy link
Member

No description provided.

github-actions[bot]
github-actions bot reviewed Aug 15, 2024
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @AstroAir! Thanks for this PR.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 15, 2024
View reviewed changes
src/client/gps/plle.cpp Fixed Show fixed Hide fixed
src/client/weather/openweather.cpp Fixed Show fixed Hide fixed
src/client/weather/safe_proxy.cpp Fixed Show fixed Hide fixed
src/client/weather/uranusmeteo.cpp Fixed Show fixed Hide fixed
src/client/weather/weather_company.cpp Fixed Show fixed Hide fixed
src/client/weather/weather_underground.cpp Fixed Show fixed Hide fixed
AstroAir and others added 5 commits August 18, 2024 09:03
@AstroAir
update not finished
2f65fcc
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
6d86ddf 
for more information, see https://pre-commit.ci
@AstroAir
update not finished, and I was very upset about the rebuild of the fr…
b3489dd 
…ontend
@AstroAir
refactor(lithium.indiserver): 改进INDI服务器组件和连接器实现
22ce6a9 
- 重构组件和连接器的头文件和源文件,优化编译时间和清晰度。
- 删除未使用的代码片段,如collection和container类。
- 调整INDIManager和INDIConnector的实现,以提高效率和可靠性。
- 更新日志宏以正确处理路径和字符串转换。
- 改进驱动程序列表的解析功能,增强健壮性。

BREAKING CHANGE: 删除了一些类和函数,这可能会影响依赖于之前版本中container和collection类的客户端。
@AstroAir
refactor(atom): 更新组件定义和IO模块
fa1c9e0 
- 重构组件定义,添加枚举类型支持。
- 重构IO模块,提取公共代码,优化压缩和解压缩功能。
- 重构错误处理,改进错误堆栈操作。
- 更新编译器实现,使用临时文件进行语法检查。
- 修正convolve.cpp中的编译警告。
AstroAir
AstroAir commented Aug 27, 2024
View reviewed changes
src/task/manager.cpp Outdated
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TaskInterpreter仍然难以使用,存在大量神奇的错误,基础语法也有问题!

@AstroAir AstroAir self-assigned this Aug 29, 2024
@AstroAir AstroAir added this to the 组件与服务器 milestone Aug 29, 2024
AstroAir and others added 4 commits August 29, 2024 20:48
@AstroAir
refactor(typeinfo): 更新类型信息检测并改进bit操作函数
e13ebf1 
- 重构`atom::meta::TypeInfo`以使用新的检测逻辑,现在可以正确检测各种类型的属性,包括指针和引用。
- 改进`atom::utils`中的位操作函数,如`createMask`、`countBytes`、`reverseBits`和旋转函数,提高其效率和灵活性。
- 修正`fieldCountOf`和`isBracesConstructible`函数,允许它们在constexpr上下文中更有效地运行,不抛出异常。

BREAKING CHANGE: `TypeInfo`的更改可能会影响依赖于旧类型检测方法的代码。需要更新依赖代码以兼容新检测逻辑。
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
1a0061d 
for more information, see https://pre-commit.ci
@AstroAir
feat: ⚡ 将所有python组件移动到pysrc中
2cfe5ac 
增加天体搜索模块
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
2a5edbf 
for more information, see https://pre-commit.ci
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 31, 2024
View reviewed changes
pysrc/plugins/backup_plugin.py
logger.debug(
f"Received request to create backup for file: {file_path}, compress={compress}")

if not os.path.exists(file_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pysrc/plugins/backup_plugin.py
logger.info(
f"File {file_path} backed up and compressed to {backup_path}")
else:
shutil.copy(file_path, backup_path)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pysrc/plugins/backup_plugin.py
logger.info(
f"File {file_path} backed up and compressed to {backup_path}")
else:
shutil.copy(file_path, backup_path)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pysrc/plugins/backup_plugin.py
shutil.copy(file_path, backup_path)
logger.info(f"File {file_path} backed up to {backup_path}")

backup_size = os.path.getsize(backup_path)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pysrc/plugins/backup_plugin.py
f"Received request to restore backup: {file_name}, decompress={decompress}, restore_dir={restore_dir}")

backup_path = os.path.join(BACKUP_DIR, file_name)
if not os.path.exists(backup_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pysrc/plugins/backup_plugin.py
logger.debug(f"Received request to delete backup: {file_name}")

backup_path = os.path.join(BACKUP_DIR, file_name)
if not os.path.exists(backup_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pysrc/plugins/backup_plugin.py
raise HTTPException(status_code=404, detail="Backup not found")

try:
os.remove(backup_path)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pysrc/plugins/cli_tool_plugin.py
logger.info(f"Executing command: {' '.join(full_command)}, attempt {attempt + 1}")

# 使用 subprocess 运行命令行工具
result = subprocess.run(full_command, capture_output=True, text=True, check=True, timeout=timeout, env=env)

Check failure

Code scanning / CodeQL

Uncontrolled command line Critical

This command line depends on a
user-provided value
Loading
.
This command line depends on a
user-provided value
Loading
.
pysrc/plugins/logging_plugin.py

logger.debug(f"Request to delete log file: {file_name}")

if not exists(file_name):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
pysrc/plugins/logging_plugin.py
raise HTTPException(status_code=404, detail="Log file not found")

try:
remove(file_name)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 31, 2024
View reviewed changes
pysrc/main.py
"""
file_location = f"/dev/shm/{file.filename}"
try:
with open(file_location, "wb+") as file_object:

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks

<!--SONAR_ISSUE_KEY:AZGmYSauFFmecEscu2Yp-->Change this code to not construct the path from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=ElementAstro_Lithium&issues=AZGmYSauFFmecEscu2Yp&open=AZGmYSauFFmecEscu2Yp&pullRequest=37">SonarCloud</a></p>
pysrc/plugins/backup_plugin.py
raise HTTPException(status_code=404, detail="Backup not found")

if not os.path.exists(restore_dir):
os.makedirs(restore_dir)

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks

<!--SONAR_ISSUE_KEY:AZGmYSZYFFmecEscu2Yc-->Change this code to not construct the path from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=ElementAstro_Lithium&issues=AZGmYSZYFFmecEscu2Yc&open=AZGmYSZYFFmecEscu2Yc&pullRequest=37">SonarCloud</a></p>
pysrc/plugins/backup_plugin.py
raise HTTPException(status_code=404, detail="Backup not found")

try:
os.remove(backup_path)

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks

<!--SONAR_ISSUE_KEY:AZGmYSZYFFmecEscu2Yb-->Change this code to not construct the path from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=ElementAstro_Lithium&issues=AZGmYSZYFFmecEscu2Yb&open=AZGmYSZYFFmecEscu2Yb&pullRequest=37">SonarCloud</a></p>
pysrc/plugins/cli_tool_plugin.py
logger.info(f"Executing command: {' '.join(full_command)}, attempt {attempt + 1}")

# 使用 subprocess 运行命令行工具
result = subprocess.run(full_command, capture_output=True, text=True, check=True, timeout=timeout, env=env)

Check failure

Code scanning / SonarCloud

OS commands should not be vulnerable to command injection attacks

<!--SONAR_ISSUE_KEY:AZGmYSYuFFmecEscu2YW-->Change this code to not construct the OS command from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=ElementAstro_Lithium&issues=AZGmYSYuFFmecEscu2YW&open=AZGmYSYuFFmecEscu2YW&pullRequest=37">SonarCloud</a></p>
pysrc/plugins/logging_plugin.py
raise HTTPException(status_code=404, detail="Log file not found")

try:
remove(file_name)

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks

<!--SONAR_ISSUE_KEY:AZGmYSZDFFmecEscu2YY-->Change this code to not construct the path from user-controlled data. <p>See more on <a href="https://sonarcloud.io/project/issues?id=ElementAstro_Lithium&issues=AZGmYSZDFFmecEscu2YY&open=AZGmYSZDFFmecEscu2YY&pullRequest=37">SonarCloud</a></p>
AstroAir and others added 2 commits September 2, 2024 08:29
@AstroAir AstroAir merged commit 08f4a14 into master Sep 2, 2024
3 of 7 checks passed
@AstroAir AstroAir deleted the 24m08b branch September 2, 2024 00:40
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Sep 2, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
11 Security Hotspots
E Security Rating on New Code (required ≥ A)
E Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

@AstroAir AstroAir

Labels
greeted needs-triage
Projects
ElementAstro Update Plan
Status: Done
Milestone
组件与服务器
Development

Successfully merging this pull request may close these issues.
1 participant
@AstroAir