Skip to content

Setup eslint airbnb base and fix errors #408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vivek-gofynd wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Setup eslint airbnb base and fix errors #408

vivek-gofynd wants to merge 9 commits into from

Conversation

@vivek-gofynd
Copy link
Collaborator

@vivek-gofynd vivek-gofynd commented Jul 16, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 16, 2025
View reviewed changes
src/__tests__/themeContext.spec.ts
const req = request(app);
await program.parseAsync(['ts-node', './src/fdk.ts', 'login', '--host', 'api.fyndx1.de']);
return await req.post('/token').send(tokenData);
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; // Disable SSL verification

Check failure

Code scanning / CodeQL

Disabling certificate validation High test

Disabling certificate validation is strongly discouraged.

Copilot Autofix

AI 5 months ago

The best way to fix this problem is to avoid globally disabling certificate validation by setting process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'. Instead, use mocking libraries (such as nock or axios-mock-adapter, which is already imported) to intercept and mock HTTP(S) requests in tests, so that no real network requests are made and certificate validation is not an issue. If you must disable certificate validation for a specific request, do so only for that request, not globally.

In this specific case, since axios-mock-adapter is already imported, you should mock the HTTP(S) requests made during the login process, so that no real TLS connections are made and there is no need to disable certificate validation. Remove or comment out the line that sets process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; in the login function.

Required changes:

  • Remove or comment out line 63: process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
  • Ensure that all network requests in tests are properly mocked (this is already being done with axios-mock-adapter in the test setup).
Suggested changeset 1
src/__tests__/themeContext.spec.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/__tests__/themeContext.spec.ts b/src/__tests__/themeContext.spec.ts
--- a/src/__tests__/themeContext.spec.ts
+++ b/src/__tests__/themeContext.spec.ts
@@ -62,3 +62,3 @@
 export async function login() {
-  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; // Disable SSL verification
+  // process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; // Disabled to avoid insecure global SSL configuration
   const port = await getRandomFreePort([]);
EOF
@@ -62,3 +62,3 @@
export async function login() {
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; // Disable SSL verification
// process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; // Disabled to avoid insecure global SSL configuration
const port = await getRandomFreePort([]);
Copilot is powered by AI and may make mistakes. Always verify output.
src/helper/serve.utils.ts
httpsAgent = { ca };
}
if (process.env.FDK_SSL_NO_VERIFY == 'true') {
httpsAgent = { rejectUnauthorized: false };

Check failure

Code scanning / CodeQL

Disabling certificate validation High

Disabling certificate validation is strongly discouraged.

Copilot Autofix

AI 5 months ago

To fix the issue, we need to ensure that rejectUnauthorized: false is never used in production environments. The best approach is to add a safeguard that checks the application's environment (e.g., NODE_ENV) and throws an error or logs a warning if FDK_SSL_NO_VERIFY is set to 'true' in production. This ensures that disabling certificate validation is restricted to non-production environments.

Steps to implement the fix:

  1. Add a check for the NODE_ENV environment variable to determine if the application is running in production.
  2. If NODE_ENV is set to 'production' and FDK_SSL_NO_VERIFY is 'true', throw an error or log a warning to prevent insecure configurations.
  3. Retain the ability to disable SSL verification in non-production environments for testing purposes.
Suggested changeset 1
src/helper/serve.utils.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/helper/serve.utils.ts b/src/helper/serve.utils.ts
--- a/src/helper/serve.utils.ts
+++ b/src/helper/serve.utils.ts
@@ -75,2 +75,5 @@
   if (process.env.FDK_SSL_NO_VERIFY == 'true') {
+    if (process.env.NODE_ENV === 'production') {
+      throw new Error("Disabling SSL verification is not allowed in production.");
+    }
     httpsAgent = { rejectUnauthorized: false };
EOF
@@ -75,2 +75,5 @@
if (process.env.FDK_SSL_NO_VERIFY == 'true') {
if (process.env.NODE_ENV === 'production') {
throw new Error("Disabling SSL verification is not allowed in production.");
}
httpsAgent = { rejectUnauthorized: false };
Copilot is powered by AI and may make mistakes. Always verify output.
@vivek-gofynd vivek-gofynd committed this autofix suggestion 5 months ago.
src/lib/ExtensionSection.ts
spinner.start();
const isNodeVersionIsGreaterThan18 = +process.version.split('.')[0].slice(1) >= 18;
const b = exec(
`node ${VUE_CLI_PATH} build --target lib src/index.js --name ${bundleName}`,

Check failure

Code scanning / CodeQL

Uncontrolled command line Critical

This command line depends on a
user-provided value
Loading
.
cursoragent and others added 7 commits July 16, 2025 17:28
@cursoragent @vivek-gofynd
Implement ESLint with airbnb-base config and fix code quality issues
b0a5e21 
Co-authored-by: vivekprajapati <[email protected]>
@vivek-gofynd @github-advanced-security
Potential fix for code scanning alert no. 34: Disabling certificate v…
77ebfe6 
…alidation

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@vivek-gofynd @github-advanced-security
Potential fix for code scanning alert no. 35: Disabling certificate v…
35b5085 
…alidation

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@vivek-gofynd @github-advanced-security
Potential fix for code scanning alert no. 38: Disabling certificate v…
1b0e562 
…alidation

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@vivek-gofynd @github-advanced-security
Potential fix for code scanning alert no. 37: Disabling certificate v…
c6fc6f1 
…alidation

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@vivek-gofynd @github-advanced-security
Potential fix for code scanning alert no. 33: Disabling certificate v…
e6b00b4 
…alidation

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@vivek-gofynd @cursoragent
Refactor test setup, add nock types, and minor configuration updates (#…
a084b80 
…412)

Co-authored-by: Cursor Agent <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vivek-gofynd @cursoragent