Skip to content

Fix #110 rn 0.75 buffer issue with android, added new core tests #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Gioee merged 4 commits into from
Oct 3, 2024
Merged

Fix #110 rn 0.75 buffer issue with android, added new core tests #111

Gioee merged 4 commits into from
Oct 3, 2024

Conversation

@Gioee
Copy link
Member

@Gioee Gioee commented Oct 3, 2024

Description of change

fix #110 and added new core tests

Pull-Request Checklist

  • Code is up-to-date with the main branch
  • npm run lint passes with this change
  • npm run test passes with this change
  • This pull request links relevant issues as Fixes #0000
  • There are new or updated unit tests validating the change
  • Documentation has been updated to reflect this change
  • The new commits follow conventions outlined in the conventional commit spec

@Gioee Gioee added bug Something isn't working enhancement New feature or request labels Oct 3, 2024
@Gioee Gioee requested a review from TizianoT October 3, 2024 13:46
@Gioee Gioee self-assigned this Oct 3, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 3, 2024
View reviewed changes
test/core/built-in-commands.test.ts

it(`should${ok ? '' : "n't"} auth with hash`, done => {
const chinook = getConnection()
chinook.sendCommands(`AUTH USER ${username} HASH ${createHash('sha256').update(password).digest('base64')}`, test(done, chinook, ok))

Check failure

Code scanning / CodeQL

Use of password hash with insufficient computational effort

Password from [an access to password](1) is hashed insecurely.

Copilot Autofix

AI over 1 year ago

To fix the problem, we need to replace the use of sha256 with a more secure password hashing algorithm like bcrypt. This change will ensure that the password hashing is computationally intensive and secure against brute-force attacks.

  • Replace the createHash('sha256') method with bcrypt.hashSync.
  • Import the bcrypt library at the beginning of the file.
  • Update the hashing logic to use bcrypt with a salt.
Suggested changeset 2
test/core/built-in-commands.test.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/test/core/built-in-commands.test.ts b/test/core/built-in-commands.test.ts
--- a/test/core/built-in-commands.test.ts
+++ b/test/core/built-in-commands.test.ts
@@ -4,3 +4,3 @@
 
-import { createHash } from 'crypto'
+import bcrypt from 'bcrypt'
 import {
@@ -396,3 +396,5 @@
     const chinook = getConnection()
-    chinook.sendCommands(`AUTH USER ${username} HASH ${createHash('sha256').update(password).digest('base64')}`, test(done, chinook, ok))
+    const saltRounds = 10;
+    const hashedPassword = bcrypt.hashSync(password, saltRounds);
+    chinook.sendCommands(`AUTH USER ${username} HASH ${hashedPassword}`, test(done, chinook, ok))
   })
EOF
@@ -4,3 +4,3 @@

import { createHash } from 'crypto'
import bcrypt from 'bcrypt'
import {
@@ -396,3 +396,5 @@
const chinook = getConnection()
chinook.sendCommands(`AUTH USER ${username} HASH ${createHash('sha256').update(password).digest('base64')}`, test(done, chinook, ok))
const saltRounds = 10;
const hashedPassword = bcrypt.hashSync(password, saltRounds);
chinook.sendCommands(`AUTH USER ${username} HASH ${hashedPassword}`, test(done, chinook, ok))
})
package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -53,3 +53,4 @@
     "socket.io-client": "^4.7.5",
-    "whatwg-url": "^14.0.0"
+    "whatwg-url": "^14.0.0",
+    "bcrypt": "^5.1.1"
   },
EOF
@@ -53,3 +53,4 @@
"socket.io-client": "^4.7.5",
"whatwg-url": "^14.0.0"
"whatwg-url": "^14.0.0",
"bcrypt": "^5.1.1"
},
This fix introduces these dependencies
Package Version Security advisories
bcrypt (npm) 5.1.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
@Gioee Gioee merged commit b64e67b into main Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TizianoT TizianoT TizianoT approved these changes

Assignees

@Gioee Gioee

Labels

bug Something isn't working enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for Android in React Native 0.75

3 participants

@Gioee @TizianoT