Merge pull request #4584 from communitybridge/unicron-fix-dependabot-alerts

Address code scanning issues

Author: lukaszgryglicki

cla-backend-go/gitlab_api/client.go

@@ -66,6 +66,9 @@ func EncryptAuthInfo(oauthResp *OauthSuccessResponse, gitLabApp *App) (string, e
 	if err != nil {
 		return "", fmt.Errorf("problem marshalling oauth resp json, error: %v", err)
 	}
+	if len(b) > 64*1024*1024 { // 64 MB limit
+		return "", fmt.Errorf("oauth response size too large")
+	}
 	authInfo := string(b)
 	//log.Infof("auth info before encrypting : %s", authInfo)
 

cla-backend-go/v2/gitlab-activity/service.go

@@ -722,7 +722,7 @@ func (s *service) checkGitLabGroupApproval(ctx context.Context, userName, URL st
 
 	log.WithFields(f).Debugf("checking approval list gitlab org criteria : %s for user: %s ", URL, userName)
 	var searchURL = URL
-	params := getParams(`(?P<base>\bhttps://gitlab.com/\b)(?P<group>\bgroups\/\b)?(?P<name>\w+)`, URL)
+	params := getParams(`(?P<base>\bhttps://gitlab\.com/\b)(?P<group>\bgroups\/\b)?(?P<name>\w+)`, URL)
 	if params[`group`] == "" {
 		params[`group`] = "groups/"
 		updated := fmt.Sprintf("%s%s%s", params[`base`], params[`group`], params[`name`])

cla-backend/cla/utils.py

@@ -1209,13 +1209,13 @@ def fetch_token(client_id, state, token_url, client_secret, code, redirect_uri=N
         oauth2 = OAuth2Session(client_id, state=state, scope=["user:email"], redirect_uri=redirect_uri)
     else:
         oauth2 = OAuth2Session(client_id, state=state, scope=["user:email"])
-    cla.log.debug(
-        f"{fn} - oauth2.fetch_token - "
-        f"token_url: {token_url}, "
-        f"client_id: {client_id}, "
-        f"client_secret: {client_secret}, "
-        f"code: {code}"
-    )
+    #cla.log.debug(
+    #    f"{fn} - oauth2.fetch_token - "
+    #    f"token_url: {token_url}, "
+    #    f"client_id: {client_id}, "
+    #    f"client_secret: {client_secret}, "
+    #    f"code: {code}"
+    #)
     return oauth2.fetch_token(token_url, client_secret=client_secret, code=code)