Skip to content

Fix security issue.#1892

Merged
chensuyue merged 2 commits into
mainfrom
fix-sec
Apr 29, 2025
Merged

Fix security issue.#1892
chensuyue merged 2 commits into
mainfrom
fix-sec

Conversation

@ZePan110
Copy link
Copy Markdown
Collaborator

@ZePan110 ZePan110 commented Apr 29, 2025
edited
Loading

Description

Fix security issue.

Issues

https://github.com/opea-project/GenAIExamples/security/code-scanning/30

Type of change

List the type of change like below. Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds new functionality)
  • Breaking change (fix or feature that would break existing design and interface)
  • Others (enhancement, documentation, validation, etc.)

Dependencies

List the newly introduced 3rd party dependency if exists.

Tests

https://github.com/opea-project/GenAIExamples/actions/runs/14658733798/job/41138357893 test passed

@ZePan110
Fix Sec issue
11b5c92 
Signed-off-by: ZePan110 <ze.pan@intel.com>
Copilot AI review requested due to automatic review settings April 29, 2025 05:47
@ZePan110 ZePan110 requested a review from chensuyue as a code owner April 29, 2025 05:47
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Files

None

Copilot AI reviewed Apr 29, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses a security issue by updating the input validation logic and variable generation used in the Helm end-to-end workflow.

  • Replaces folder existence validation with strict regex‐based input checks.
  • Generates “safe” environment variables by prepending a safe prefix and generating a random suffix.
Comments suppressed due to low confidence (2)

.github/workflows/_helm-e2e.yml:138

  • [nitpick] The compound input validation condition is critical for security; please add inline comments or refactor it into multiple checks to improve readability and maintainability.
if [[ ! "$example" =~ ^[a-z0-9-]{1,20}$ ]] || [[ "$example" =~ \.{2} ]] || [[ "$example" == -* || "$example" == *- ]]; then

.github/workflows/_helm-e2e.yml:139

  • [nitpick] Consider expanding the error message to detail all validation constraints (e.g., maximum length, prohibition of leading/trailing hyphens, and no consecutive periods) to assist users in troubleshooting input issues.
echo "Error: Invalid input - only lowercase alphanumeric and internal hyphens allowed"

@ZePan110 ZePan110 changed the title Fix Sec issue Fix security issue. Apr 29, 2025
@ZePan110
Enhance
81c8a7c 
Signed-off-by: ZePan110 <ze.pan@intel.com>
@chensuyue chensuyue merged commit 670d9f3 into main Apr 29, 2025
24 checks passed
@chensuyue chensuyue deleted the fix-sec branch April 29, 2025 11:44
yongfengdu pushed a commit to yongfengdu/GenAIExamples that referenced this pull request May 8, 2025
@ZePan110 @yongfengdu
Fix security issue. (opea-project#1892)
979d2c6 
Signed-off-by: ZePan110 <ze.pan@intel.com>
cogniware-devops pushed a commit to Cogniware-Inc/GenAIExamples that referenced this pull request Dec 19, 2025
@ZePan110 @cogniware-devops
Fix security issue. (opea-project#1892)
1c105c4 
Signed-off-by: ZePan110 <ze.pan@intel.com>
Signed-off-by: cogniware-devops <ambarish.desai@cogniware.ai>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lkk12014402 lkk12014402 lkk12014402 approved these changes

@chensuyue chensuyue chensuyue approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ZePan110 @lkk12014402 @chensuyue