-
Notifications
You must be signed in to change notification settings - Fork 890
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE] Handle invalid query, index and date in vega charts filter handlers #1932
[CVE] Handle invalid query, index and date in vega charts filter handlers #1932
Conversation
…lers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks pretty good! Just some license headers stuff and we can probably backport this to the 1.x branch.
Signed-off-by: Bandini Bhopi <[email protected]>
Codecov Report
@@ Coverage Diff @@
## main #1932 +/- ##
==========================================
+ Coverage 67.48% 67.50% +0.01%
==========================================
Files 3076 3077 +1
Lines 59144 59184 +40
Branches 8989 9003 +14
==========================================
+ Hits 39915 39953 +38
- Misses 17044 17045 +1
- Partials 2185 2186 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…lers (#1932) * [CVE] Handle invalid query, index and date in vega charts filter handlers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]> * new license header for new files Signed-off-by: Bandini Bhopi <[email protected]> Co-authored-by: Kawika Avilla <[email protected]> (cherry picked from commit 9496da3)
…lers (#1932) * [CVE] Handle invalid query, index and date in vega charts filter handlers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]> * new license header for new files Signed-off-by: Bandini Bhopi <[email protected]> Co-authored-by: Kawika Avilla <[email protected]> (cherry picked from commit 9496da3)
…lers (#1932) (#2002) * [CVE] Handle invalid query, index and date in vega charts filter handlers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]> * new license header for new files Signed-off-by: Bandini Bhopi <[email protected]> Co-authored-by: Kawika Avilla <[email protected]> (cherry picked from commit 9496da3) Co-authored-by: Bandini <[email protected]>
…lers (#1932) * [CVE] Handle invalid query, index and date in vega charts filter handlers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]> * new license header for new files Signed-off-by: Bandini Bhopi <[email protected]> Co-authored-by: Kawika Avilla <[email protected]>
…lers (opensearch-project#1932) * [CVE] Handle invalid query, index and date in vega charts filter handlers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]> * new license header for new files Signed-off-by: Bandini Bhopi <[email protected]> Co-authored-by: Kawika Avilla <[email protected]>
…lers (#1932) * [CVE] Handle invalid query, index and date in vega charts filter handlers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]> * new license header for new files Signed-off-by: Bandini Bhopi <[email protected]> Co-authored-by: Kawika Avilla <[email protected]> (cherry picked from commit 9496da3)
…lers (#1932) (#2001) * [CVE] Handle invalid query, index and date in vega charts filter handlers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]> * new license header for new files Signed-off-by: Bandini Bhopi <[email protected]> Co-authored-by: Kawika Avilla <[email protected]> (cherry picked from commit 9496da3) Co-authored-by: Bandini <[email protected]>
…lers (#1932) (#2191) * [CVE] Handle invalid query, index and date in vega charts filter handlers Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration. CVE link: https://nvd.nist.gov/vuln/detail/CVE-2022-23713 Signed-off-by: Bandini Bhopi <[email protected]> * new license header for new files Signed-off-by: Bandini Bhopi <[email protected]> Co-authored-by: Kawika Avilla <[email protected]> (cherry picked from commit 9496da3) Co-authored-by: Bandini <[email protected]>
Description
Potential way to prevent XSS vulnerability discovered in the Vega charts OSD integration.
CVE link:
https://nvd.nist.gov/vuln/detail/CVE-2022-23713
Signed-off-by: Bandini Bhopi [email protected]
Testing:
Sanity testing by creating Vega visualization from Vega Example Gallery
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr