Merge branch 'master' into dependabot/npm_and_yarn/next-14.2.12

catawiki · Sep 25, 2024 · 396d51e · 396d51e
2 parents a5bdc32 + 466cec8
commit 396d51e
Show file tree

Hide file tree

Showing 7 changed files with 135 additions and 79 deletions.
diff --git a/.github/workflows/detect-secrets.yml b/.github/workflows/detect-secrets.yml
@@ -3,8 +3,6 @@ name: Detect Secrets Scan
 on:
   workflow_dispatch:
   pull_request:
-env:
-  exclude: ''
 
 permissions:
   contents: read
@@ -23,22 +21,7 @@ jobs:
         run: chown root:root .
       - name: Install detect-secrets
         run: pip install detect-secrets
-      - name: Set --exclude-files arguments
-        if: ${{ env.exclude }} != ''
-        shell: bash
-        run: |
-          # Use a loop to parse the values in the exclude input and build the desired string
-          exclude_args=""
-          IFS=' ' read -a arr <<< $exclude
-          for ex in "${arr[@]}"
-          do
-            exclude_args="${exclude_args} --exclude-files '${ex}'"
-          done
-          echo "exclude_args=${exclude_args}" >> $GITHUB_ENV
       - name: Run detect-secrets-hook
         shell: bash
         run: |
-          detect-secrets-hook --baseline .secrets.baseline ${{ env.exclude_args }} * --json > /tmp/secrets.json
-      - name: Show detect-secrets differences
-        if: ${{ failure() }}
-        run: git diff
+          git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline *
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
   pull_request:
 env:
-  configs: "p/ci p/security-audit p/owasp-top-ten"
+  configs: "rules/ p/ci p/security-audit p/owasp-top-ten"
 
 permissions:
   contents: read
@@ -35,8 +35,7 @@ jobs:
           SEMGREP_SEND_METRICS: off
         shell: bash
         run: |
-          set +o pipefail
-          semgrep scan . --gitlab-sast -o /tmp/semgrep.json
+          semgrep scan . --error --gitlab-sast -o /tmp/semgrep.json
       - name: Show Semgrep report
         if: success() || failure()
-        run: cat /tmp/semgrep.json 
+        run: cat /tmp/semgrep.json 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,22 +1,24 @@
 repos:
   - repo: https://github.com/semgrep/semgrep
-    rev: "v1.86.0"
+    rev: '768d0f4c3ccb4b1740eef22bbbd57fc936450df2'  # frozen: v1.84.1
     hooks:
       - id: semgrep
         args:
-          [
-            "--config",
-            "p/ci",
-            "--error",
-            "--skip-unknown-extensions",
-            "--metrics",
-            "off",
-          ]
-        stages: [pre-push]
+          - --config
+          - rules/
+          - --error
+          - --skip-unknown-extensions
+          - --metrics
+          - 'off'
+        stages:
+          - pre-push
   - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.5.0
+    rev: '68e8b45440415753fff70a312ece8da92ba85b4a'  # frozen: v1.5.0
     hooks:
       - id: detect-secrets
-        stages: [pre-commit]
-        args: ["--baseline", ".secrets.baseline"]
-        exclude: yarn.lock
+        args:
+          - --baseline
+          - .secrets.baseline
+        stages:
+          - pre-commit
+        exclude: package-lock.json
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -1,5 +1,5 @@
 {
-  "version": "1.4.0",
+  "version": "1.5.0",
   "plugins_used": [
     {
       "name": "ArtifactoryDetector"
@@ -75,6 +75,10 @@
     {
       "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
     },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
     {
       "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
       "min_level": 2
@@ -107,6 +111,23 @@
       "path": "detect_secrets.filters.heuristic.is_templated_secret"
     }
   ],
-  "results": {},
-  "generated_at": "2024-09-11T10:26:17Z"
+  "results": {
+    ".pre-commit-config.yaml": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": ".pre-commit-config.yaml",
+        "hashed_secret": "23414c22063b86dd91d7570689f2da10d72ec4f8",
+        "is_verified": false,
+        "line_number": 3
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": ".pre-commit-config.yaml",
+        "hashed_secret": "86242b7a7b67c1fd83514757a6b319602d648e94",
+        "is_verified": false,
+        "line_number": 16
+      }
+    ]
+  },
+  "generated_at": "2024-09-23T17:27:01Z"
 }
diff --git a/pages/comments.js b/pages/comments.js
@@ -0,0 +1,52 @@
+// pages/comments.js
+
+import { useState, useEffect } from 'react';
+
+export default function Comments() {
+  const [comments, setComments] = useState([]);
+  const [newComment, setNewComment] = useState('');
+
+  useEffect(() => {
+    // Load comments from local storage when the component mounts
+    const savedComments = JSON.parse(localStorage.getItem('comments')) || [];
+    setComments(savedComments);
+  }, []);
+
+  const handleAddComment = () => {
+    if (newComment.trim() === '') return;
+
+    const updatedComments = [...comments, newComment];
+    setComments(updatedComments);
+    setNewComment('');
+    localStorage.setItem('comments', JSON.stringify(updatedComments));
+  };
+
+  const handleRemoveComment = (index) => {
+    const updatedComments = comments.filter((_, i) => i !== index);
+    setComments(updatedComments);
+    localStorage.setItem('comments', JSON.stringify(updatedComments));
+  };
+
+  return (
+    <div>
+      <h1>Comments</h1>
+      <div>
+        <input
+          type="text"
+          value={newComment}
+          onChange={(e) => setNewComment(e.target.value)}
+          placeholder="Add a comment"
+        />
+        <button onClick={handleAddComment}>Submit</button>
+      </div>
+      <ul>
+        {comments.map((comment, index) => (
+          <li key={index}>
+            {comment}
+            <button onClick={() => handleRemoveComment(index)}>Remove</button>
+          </li>
+        ))}
+      </ul>
+    </div>
+  );
+}
diff --git a/pages/index.js b/pages/index.js
@@ -1,7 +1,18 @@
 import Head from 'next/head';
+import Link from 'next/link';
+import { useState, useEffect } from 'react';
+
 import styles from '../styles/Home.module.css';
 
 export default function Home() {
+  const [comments, setComments] = useState([]);
+
+  useEffect(() => {
+    // Load comments from local storage when the component mounts
+    const savedComments = JSON.parse(localStorage.getItem('comments')) || [];
+    setComments(savedComments);
+  }, []);
+
   return (
     <div className={styles.container}>
       <Head>
@@ -11,53 +22,31 @@ export default function Home() {
 
       <main>
         <h1 className={styles.title}>
-          Welcome to <a href="https://nextjs.org">Next.js!</a>
+          Playground project
         </h1>
-
-        <p className={styles.description}>
-          Get started by editing <code>pages/index.js</code>
-        </p>
+        <nav>
+          <ul>
+            <li>
+              <Link href="/comments">
+                Add a comment            
+              </Link>
+            </li>
+          </ul>
+        </nav>
 
         <div className={styles.grid}>
-          <a href="https://nextjs.org/docs" className={styles.card}>
-            <h3>Documentation &rarr;</h3>
-            <p>Find in-depth information about Next.js features and API.</p>
-          </a>
-
-          <a href="https://nextjs.org/learn" className={styles.card}>
-            <h3>Learn &rarr;</h3>
-            <p>Learn about Next.js in an interactive course with quizzes!</p>
-          </a>
-
-          <a
-            href="https://github.com/vercel/next.js/tree/canary/examples"
-            className={styles.card}
-          >
-            <h3>Examples &rarr;</h3>
-            <p>Discover and deploy boilerplate example Next.js projects.</p>
-          </a>
-
-          <a
-            href="https://vercel.com/import?filter=next.js&utm_source=create-next-app&utm_medium=default-template&utm_campaign=create-next-app"
-            className={styles.card}
-          >
-            <h3>Deploy &rarr;</h3>
-            <p>
-              Instantly deploy your Next.js site to a public URL with Vercel.
-            </p>
-          </a>
+        </div>
+          <h2>Comments</h2>
+          <ul>
+            {comments.map((comment, index) => (
+              <li key={`${index}-comment`}>{comment}</li>
+            ))}
+          </ul>
+        <div>
         </div>
       </main>
 
       <footer>
-        <a
-          href="https://vercel.com?utm_source=create-next-app&utm_medium=default-template&utm_campaign=create-next-app"
-          target="_blank"
-          rel="noopener noreferrer"
-        >
-          Powered by{' '}
-          <img src="/vercel.svg" alt="Vercel" className={styles.logo} />
-        </a>
       </footer>
 
       <style jsx>{`

diff --git a/rules/dangerous_innerhtml.yaml b/rules/dangerous_innerhtml.yaml
@@ -0,0 +1,10 @@
+rules:
+  - id: detect-dangerous-innerhtml
+    pattern: |
+      <$_ dangerouslySetInnerHTML={ { __html: $VAL } } />
+    message: "Usage of 'dangerouslySetInnerHTML' can lead to XSS vulnerabilities. Avoid using it unless absolutely necessary."
+    severity: ERROR
+    languages: [javascript, typescript]
+    metadata:
+      category: security
+      technology: react