Merge pull request #3631 from RedisInsight/codeql

Codeql

Author: ArtemHoruzhenko

api.Dockerfile

@@ -86,7 +86,8 @@ export class CustomTutorialFsProvider {
         return Promise.reject(new BadRequestException(ERROR_MESSAGES.CUSTOM_TUTORIAL_UNSUPPORTED_ORIGIN));
       }
 
-      const { data } = await axios.get(link, {
+      // false positive. we have whitelist checks above.
+      const { data } = await axios.get(link, { // lgtm[js/request-forgery]
         responseType: 'arraybuffer',
       });
 

redisinsight/api/src/modules/custom-tutorial/providers/custom-tutorial.fs.provider.ts

@@ -44,7 +44,8 @@ export class ApiRdiClient extends RdiClient {
       baseURL: rdi.url,
       timeout: RDI_TIMEOUT,
       httpsAgent: new https.Agent({
-        rejectUnauthorized: false,
+        // we might work with self-signed certificates for local builds
+        rejectUnauthorized: false, // lgtm[js/disabling-certificate-validation]
       }),
     });
   }

redisinsight/api/src/modules/rdi/client/api.rdi.client.ts

@@ -41,6 +41,7 @@ export class RedisEnterpriseService {
   // TODO: maybe find a workaround without Disabling certificate validation.
   private api = axios.create({
     httpsAgent: new https.Agent({
+      // we might work with self-signed certificates for local builds
       rejectUnauthorized: false, // lgtm[js/disabling-certificate-validation]
     }),
   });