Skip to content

fix(amazonq): For security reasons, disabled auto linkify for pure text links #5306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rli merged 1 commit into from
Jan 28, 2025
Merged

fix(amazonq): For security reasons, disabled auto linkify for pure text links #5306

rli merged 1 commit into from
Jan 28, 2025

Conversation

@dogusata
Copy link
Contributor

@dogusata dogusata commented Jan 28, 2025

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Description

Problem

  • Links incoming from Q responses can redirect to a vulnerable site depending on the used context from the files.

Solution

  • Linkify strategy is updated to only accept links with [TEXT](URL) format. (through MynahUI version 4.21.6)

MynahUI PR:

aws/mynah-ui#226
Screenshot 2025-01-23 at 20 13 48

Checklist

  • My code follows the code style of this project
  • I have added tests to cover my changes
  • A short description of the change has been added to the CHANGELOG if the change is customer-facing in the IDE.
  • I have added metrics for my changes (if required)

License

I confirm that my contribution is made under the terms of the Apache 2.0 license.

@dogusata dogusata requested review from a team as code owners January 28, 2025 17:20
@dogusata dogusata changed the title fixed: disabled auto linkify for pure link texts fix(amazonq): For security reasons, disabled auto linkify for pure text links Jan 28, 2025
@github-actions
Copy link

github-actions bot commented Jan 28, 2025

Qodana Community for JVM

It seems all right 👌

No new problems were found according to the checks applied

💡 Qodana analysis was run in the pull request mode: only the changed files were checked
☁️ View the detailed Qodana report

Contact Qodana team

Contact us at [email protected]

@rli rli merged commit f9547e8 into main Jan 28, 2025
15 checks passed
@rli rli deleted the dogusata/update-linkify-for-link-texts branch January 28, 2025 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rli rli rli approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dogusata @rli