Skip to content

Commit

Permalink
Merge pull request #1628 from forcedotcom/release-4.6.0
Browse files Browse the repository at this point in the history
RELEASE @W-16608399@: Conducting v4.6.0 release
  • Loading branch information
jag-j authored Sep 24, 2024
2 parents bee8a67 + be427d8 commit 85789b1
Show file tree
Hide file tree
Showing 9 changed files with 1,184 additions and 941 deletions.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@salesforce/sfdx-scanner",
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
"version": "4.5.0",
"version": "4.6.0",
"author": "Salesforce Code Analyzer Team",
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
"dependencies": {
Expand Down
2 changes: 1 addition & 1 deletion pmd7/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ repositories {
}

// Keep this in sync with src/Constants.ts > PMD7_VERSION
var pmd7Version = "7.4.0"
var pmd7Version = "7.5.0"

val pmdDist7Dir = "$buildDir/../../dist/pmd7"

Expand Down
164 changes: 163 additions & 1 deletion retire-js/RetireJsVulns.json
Original file line number Diff line number Diff line change
Expand Up @@ -3223,6 +3223,28 @@
"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"
]
},
{
"atOrAbove": "0",
"below": "1.8.4",
"cwe": [
"CWE-791"
],
"severity": "low",
"identifiers": {
"summary": "AngularJS allows attackers to bypass common image source restrictions",
"CVE": [
"CVE-2024-8373"
],
"githubID": "GHSA-mqm9-c95h-x2p6"
},
"info": [
"https://github.com/advisories/GHSA-mqm9-c95h-x2p6",
"https://nvd.nist.gov/vuln/detail/CVE-2024-8373",
"https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b",
"https://github.com/angular/angular.js",
"https://www.herodevs.com/vulnerability-directory/cve-2024-8373"
]
},
{
"atOrAbove": "1.3.0",
"below": "1.8.4",
Expand All @@ -3247,6 +3269,28 @@
"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"
]
},
{
"atOrAbove": "1.3.0-rc.4",
"below": "1.8.4",
"cwe": [
"CWE-1289"
],
"severity": "low",
"identifiers": {
"summary": "AngularJS allows attackers to bypass common image source restrictions",
"CVE": [
"CVE-2024-8372"
],
"githubID": "GHSA-m9gf-397r-hwpg"
},
"info": [
"https://github.com/advisories/GHSA-m9gf-397r-hwpg",
"https://nvd.nist.gov/vuln/detail/CVE-2024-8372",
"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017",
"https://github.com/angular/angular.js",
"https://www.herodevs.com/vulnerability-directory/cve-2024-8372"
]
},
{
"below": "1.999",
"severity": "low",
Expand Down Expand Up @@ -4318,6 +4362,54 @@
"info": [
"https://github.com/cure53/DOMPurify/releases"
]
},
{
"atOrAbove": "0",
"below": "2.5.4",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify allows tampering by prototype pollution",
"CVE": [
"CVE-2024-45801"
],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
},
{
"atOrAbove": "3.0.0",
"below": "3.1.3",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"severity": "high",
"identifiers": {
"summary": "DOMPurify allows tampering by prototype pollution",
"CVE": [
"CVE-2024-45801"
],
"githubID": "GHSA-mmhx-hmjr-r674"
},
"info": [
"https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"https://github.com/cure53/DOMPurify"
]
}
],
"extractors": {
Expand Down Expand Up @@ -5119,7 +5211,7 @@
},
{
"atOrAbove": "4.0.0",
"below": "4.6.3",
"below": "5.0.0",
"cwe": [
"CWE-79"
],
Expand Down Expand Up @@ -5723,6 +5815,27 @@
"info": [
"https://github.com/sveltejs/svelte/pull/7530"
]
},
{
"below": "4.2.19",
"cwe": [
"CWE-79"
],
"severity": "medium",
"identifiers": {
"summary": "Svelte has a potential mXSS vulnerability due to improper HTML escaping",
"CVE": [
"CVE-2024-45047"
],
"githubID": "GHSA-8266-84wp-wv5c"
},
"info": [
"https://github.com/advisories/GHSA-8266-84wp-wv5c",
"https://github.com/sveltejs/svelte/security/advisories/GHSA-8266-84wp-wv5c",
"https://nvd.nist.gov/vuln/detail/CVE-2024-45047",
"https://github.com/sveltejs/svelte/commit/83e96e044deb5ecbae2af361ae9e31d3e1ac43a3",
"https://github.com/sveltejs/svelte"
]
}
],
"extractors": {
Expand All @@ -5734,6 +5847,7 @@
],
"filecontent": [
"generated by Svelte v\\$\\{['\"](§§version§§)['\"]\\}",
"generated by Svelte v(§§version§§) \\*/",
"version: '(§§version§§)' [\\s\\S]{80,200}'SvelteDOMInsert'",
"VERSION = '(§§version§§)'[\\s\\S]{21,200}parse\\$[0-9][\\s\\S]{10,80}preprocess",
"var version\\$[0-9] = \"(§§version§§)\";[\\s\\S]{10,30}normalizeOptions\\(options\\)[\\s\\S]{80,200}'SvelteComponent.html'"
Expand Down Expand Up @@ -6536,6 +6650,30 @@
"https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
]
},
{
"atOrAbove": "13.5.1",
"below": "13.5.7",
"cwe": [
"CWE-349",
"CWE-639"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Cache Poisoning",
"CVE": [
"CVE-2024-46982"
],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "13.4.0",
"below": "14.1.1",
Expand All @@ -6558,6 +6696,30 @@
"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "14.0.0",
"below": "14.2.10",
"cwe": [
"CWE-349",
"CWE-639"
],
"severity": "high",
"identifiers": {
"summary": "Next.js Cache Poisoning",
"CVE": [
"CVE-2024-46982"
],
"githubID": "GHSA-gp8f-8m3g-qvj9"
},
"info": [
"https://github.com/advisories/GHSA-gp8f-8m3g-qvj9",
"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-46982",
"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3",
"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
"https://github.com/vercel/next.js"
]
}
],
"extractors": {
Expand Down
2 changes: 1 addition & 1 deletion src/Constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import os = require('os');
import path = require('path');

// Keep this in sync with <repoRoot>/pmd7/build.gradle.kts > pmd7Version
export const PMD7_VERSION = '7.4.0';
export const PMD7_VERSION = '7.5.0';

export const PMD_APPEXCHANGE_RULES_VERSION = '0.15';

Expand Down
14 changes: 13 additions & 1 deletion src/commands/scanner/run/dfa.ts
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,19 @@ export default class Dfa extends ScannerRunCommand {
summary: getMessage(BundleName.RunDfa, 'flags.pathexplimitSummary'),
description: getMessage(BundleName.RunDfa, 'flags.pathexplimitDescription'),
env: 'SFGE_PATH_EXPANSION_LIMIT'
})
}),
'enablecaching': Flags.boolean({
summary: '',
description: '',
env: 'SFGE_ENABLE_CACHING',
hidden: true
}),
'cachepath': Flags.string({
summary: '',
description: '',
env: 'SFGE_FILES_TO_ENTRIES_CACHE_LOCATION',
hidden: true
}),
// END: Config-overrideable engine flags.
};

Expand Down
6 changes: 6 additions & 0 deletions src/lib/EngineOptionsFactory.ts
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,12 @@ export class RunDfaEngineOptionsFactory extends CommonEngineOptionsFactory {
if (inputs['pathexplimit'] != null) {
sfgeConfig.pathexplimit = inputs['pathexplimit'] as number;
}
if (inputs['enablecaching'] != null) {
sfgeConfig.enablecaching = inputs['enablecaching'] as boolean;
}
if (inputs['cachepath'] != null) {
sfgeConfig.cachepath = inputs['cachepath'] as string;
}
sfgeConfig.ruleDisableWarningViolation = getBooleanEngineOption(inputs, RULE_DISABLE_WARNING_VIOLATION_FLAG);
engineOptions.set(CUSTOM_CONFIG.SfgeConfig, JSON.stringify(sfgeConfig));

Expand Down
18 changes: 17 additions & 1 deletion src/lib/sfge/SfgeWrapper.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ type SfgeExecuteOptions = SfgeWrapperOptions & {
ruleThreadCount?: number;
ruleThreadTimeout?: number;
ruleDisableWarningViolation?: boolean;
enablecaching?: boolean;
cachepath?: string;
}

type SfgeTarget = {
Expand All @@ -57,6 +59,8 @@ type SfgeInput = {
targets: SfgeTarget[];
projectDirs: string[];
rulesToRun: string[];
enablecaching?: boolean;
cachepath?: string;
};

class SfgeSpinnerManager extends AsyncCreatable implements SpinnerManager {
Expand Down Expand Up @@ -209,6 +213,8 @@ export class SfgeExecuteWrapper extends AbstractSfgeWrapper {
private ruleThreadCount: number;
private ruleThreadTimeout: number;
private ruleDisableWarningViolation: boolean;
private enablecaching: boolean;
private cachepath: string;

constructor(options: SfgeExecuteOptions) {
super(options);
Expand All @@ -218,6 +224,8 @@ export class SfgeExecuteWrapper extends AbstractSfgeWrapper {
this.ruleThreadCount = options.ruleThreadCount;
this.ruleThreadTimeout = options.ruleThreadTimeout;
this.ruleDisableWarningViolation = options.ruleDisableWarningViolation;
this.enablecaching = options.enablecaching;
this.cachepath = options.cachepath;
}

protected getSupplementalFlags(): string[] {
Expand All @@ -231,6 +239,12 @@ export class SfgeExecuteWrapper extends AbstractSfgeWrapper {
if (this.ruleDisableWarningViolation != null) {
flags.push(`-DSFGE_RULE_DISABLE_WARNING_VIOLATION=${this.ruleDisableWarningViolation.toString()}`);
}
if (this.enablecaching != null && this.enablecaching) {
flags.push(`-DSFGE_DISABLE_CACHING=false`);
}
if (this.cachepath != null) {
flags.push(`-DSFGE_FILES_TO_ENTRIES_CACHE_LOCATION=${this.cachepath}`);
}
return flags;
}

Expand Down Expand Up @@ -291,7 +305,9 @@ export class SfgeExecuteWrapper extends AbstractSfgeWrapper {
pathExpLimit: sfgeConfig.pathexplimit,
ruleThreadCount: sfgeConfig.ruleThreadCount,
ruleThreadTimeout: sfgeConfig.ruleThreadTimeout,
ruleDisableWarningViolation: sfgeConfig.ruleDisableWarningViolation
ruleDisableWarningViolation: sfgeConfig.ruleDisableWarningViolation,
cachepath: sfgeConfig.cachepath,
enablecaching: sfgeConfig.enablecaching
});
return wrapper.execute();
}
Expand Down
2 changes: 2 additions & 0 deletions src/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -204,4 +204,6 @@ export type SfgeConfig = {
ruleDisableWarningViolation?: boolean;
jvmArgs?: string;
pathexplimit?: number;
enablecaching?: boolean;
cachepath?: string;
};
Loading

0 comments on commit 85789b1

Please sign in to comment.