Skip to content

Commit

Permalink
GDB-8975 Remove vulnerable code (#1142)
Browse files Browse the repository at this point in the history 
## What
Remove/replace vulnerable code from reported vulnerabilities

## Why
So the WB is less vulnerable

## How
- replace angular.copy() with _.cloneDeep()
- remove type from input type="url"
  • Loading branch information
@yordanalexandrov
yordanalexandrov authored Nov 16, 2023
1 parent 40ce0bd commit 3d87366
Show file tree
Hide file tree
Showing 22 changed files with 46 additions and 47 deletions.
2 changes: 1 addition & 1 deletion src/js/angular/autocomplete/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ function AutocompleteCtrl($scope, $interval, toastr, $repositories, $licenseServ
AddLabelCtrl.$inject = ['$scope', '$uibModalInstance', '$timeout', 'data'];

function AddLabelCtrl($scope, $uibModalInstance, $timeout, data) {
$scope.label = angular.copy(data.label);
$scope.label = _.cloneDeep(data.label);
$scope.isNew = data.isNew;

$scope.ok = function () {
Expand Down
4 changes: 2 additions & 2 deletions src/js/angular/clustermanagement/controllers/add-nodes.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ angular
AddNodesDialogCtrl.$inject = ['$scope', '$uibModalInstance', 'data', '$uibModal', 'RemoteLocationsService'];

function AddNodesDialogCtrl($scope, $uibModalInstance, data, $uibModal, RemoteLocationsService) {
const clusterConfiguration = angular.copy(data.clusterConfiguration);
const clusterModel = angular.copy(data.clusterModel);
const clusterConfiguration = _.cloneDeep(data.clusterConfiguration);
const clusterModel = _.cloneDeep(data.clusterModel);
$scope.nodes = [];

$scope.clusterNodes = clusterModel.nodes.map((node) => ({rpcAddress: node.address, endpoint: node.endpoint}));
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/clustermanagement/controllers/edit-cluster.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ EditClusterCtrl.$inject = ['$scope', '$uibModalInstance', '$timeout', 'ClusterRe
function EditClusterCtrl($scope, $uibModalInstance, $timeout, ClusterRestService, toastr, $translate, data) {
$scope.pageTitle = $translate.instant('cluster_management.cluster_page.edit_page_title');
$scope.errors = [];
$scope.clusterConfiguration = angular.copy(data.clusterConfiguration);
$scope.clusterConfiguration = _.cloneDeep(data.clusterConfiguration);
$scope.loader = false;

$scope.updateCluster = function () {
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/clustermanagement/controllers/remove-nodes.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ angular
RemoveNodesDialogCtrl.$inject = ['$scope', '$uibModalInstance', 'data'];

function RemoveNodesDialogCtrl($scope, $uibModalInstance, data) {
const clusterModel = angular.copy(data.clusterModel);
const clusterModel = _.cloneDeep(data.clusterModel);

$scope.clusterNodes = clusterModel.nodes;
$scope.clusterNodes.forEach((node) => node.shouldRemove = false);
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/core/directives/queryeditor/query-editor.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -918,7 +918,7 @@ function QuerySampleModalCtrl($scope, $uibModalInstance, data, $sce) {
if (data.queryExists) {
$scope.queryExists = true;
}
$scope.query = angular.copy(data.query);
$scope.query = _.cloneDeep(data.query);
$scope.title = data.title;
$scope.edit = data.edit;
$scope.okButtonText = data.okButtonText;
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/explore/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -549,7 +549,7 @@ function EditResourceCtrl($scope, $http, $location, toastr, $repositories, $uibM
$scope.newRowObject.$setSubmitted();
$scope.newRowContext.$setSubmitted();
if ($scope.newRowPredicate.$valid && $scope.newRowObject.$valid && $scope.newRowContext.$valid) {
$scope.statements.push(angular.copy($scope.newRow));
$scope.statements.push(_.cloneDeep($scope.newRow));
$scope.newRow = {
subject: $scope.uriParam,
object: {
Expand Down
8 changes: 4 additions & 4 deletions src/js/angular/externalsync/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ function createConnectorQuery(name, prefix, fields, options, reportError) {
newObject[option.__name].push(sortObject(childOption, option.__childOptions));
});
} else {
newObject[option.__name] = angular.copy(obj[option.__name]);
newObject[option.__name] = _.cloneDeep(obj[option.__name]);
}
}
});
Expand Down Expand Up @@ -437,7 +437,7 @@ function ConnectorsCtrl($scope, $http, $repositories, $uibModal, toastr, ModalSe
$scope.copyConnector = function (connector, values) {
let newValues;
if (!angular.isUndefined(values)) {
newValues = angular.copy(values);
newValues = _.cloneDeep(values);
newValues.name = newValues.name + '-copy';
}
const modal = $uibModal.open({
Expand Down Expand Up @@ -595,7 +595,7 @@ function ExtendNewConnectorCtrl($scope, $uibModalInstance, connector, $uibModal,
$scope.connector = connector;

$scope.addField = function (index, optionName) {
const newField = angular.copy($scope.defaultValues[optionName][0]);
const newField = _.cloneDeep($scope.defaultValues[optionName][0]);
$scope.values[optionName].splice(index + 1, 0, newField);
};

Expand Down Expand Up @@ -668,7 +668,7 @@ function CreateConnectorCtrl($scope, $controller, $http, $uibModalInstance, conn
if (!values.skipConversion) {
$scope.values = mapCreateValuesToUiValues($scope.values, $scope.options);
}
$scope.defaultValues = angular.copy($scope.values);
$scope.defaultValues = _.cloneDeep($scope.values);
}

// Note that this is a fancy controller: it's used both for a modal and for a directive.
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/graphexplore/controllers/graphs-config.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -705,7 +705,7 @@ function GraphConfigCtrl($scope, $timeout, $location, toastr, $repositories, Spa
});
// end of query tab operations

$scope.currentQuery = angular.copy(defaultTabConfig);
$scope.currentQuery = _.cloneDeep(defaultTabConfig);
// $scope.state = {};
$scope.showSampleQueries = false;
$scope.savedQuery = {};
Expand Down
22 changes: 11 additions & 11 deletions src/js/angular/graphexplore/controllers/graphs-visualizations.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,7 @@ function GraphsVisualizationsCtrl($scope, $rootScope, $repositories, $licenseSer
includeSchema: true
};
// Static defaults before we do the actual dynamic default settings in initSettings
$scope.saveSettings = angular.copy($scope.defaultSettings);
$scope.saveSettings = _.cloneDeep($scope.defaultSettings);

function initSettings(principal) {
const settingsFromPrincipal = principal.appSettings;
Expand All @@ -295,11 +295,11 @@ function GraphsVisualizationsCtrl($scope, $rootScope, $repositories, $licenseSer
$scope.saveSettings['rejectedPredicates'] = [...$scope.saveSettings['rejectedPredicates'], ...$scope.defaultSettings['rejectedPredicates']].unique();
}
} catch (e) {
$scope.saveSettings = angular.copy($scope.defaultSettings);
$scope.saveSettings = _.cloneDeep($scope.defaultSettings);
LocalStorageAdapter.set(LSKeys.GRAPHS_VIZ, $scope.saveSettings);
}
} else {
$scope.saveSettings = angular.copy($scope.defaultSettings);
$scope.saveSettings = _.cloneDeep($scope.defaultSettings);
}
}

Expand Down Expand Up @@ -330,7 +330,7 @@ function GraphsVisualizationsCtrl($scope, $rootScope, $repositories, $licenseSer
}

$scope.resetSettings = function () {
$scope.settings = angular.copy($scope.defaultSettings);
$scope.settings = _.cloneDeep($scope.defaultSettings);
$scope.validateLinksLimit();
renderSettings();
};
Expand All @@ -356,9 +356,9 @@ function GraphsVisualizationsCtrl($scope, $rootScope, $repositories, $licenseSer
$scope.showNodeInfo = false;
$scope.showPredicates = false;
if (!$scope.saveSettings) {
$scope.settings = angular.copy($scope.defaultSettings);
$scope.settings = _.cloneDeep($scope.defaultSettings);
} else {
$scope.settings = angular.copy($scope.saveSettings);
$scope.settings = _.cloneDeep($scope.saveSettings);
}
renderSettings();
};
Expand Down Expand Up @@ -795,8 +795,8 @@ function GraphsVisualizationsCtrl($scope, $rootScope, $repositories, $licenseSer
iri: node.iri,
isTriple: node.isTriple,
size: node.size,
labels: angular.copy(node.labels),
types: angular.copy(node.types),
labels: _.cloneDeep(node.labels),
types: _.cloneDeep(node.types),
rdfRank: node.rdfRank,
x: node.x,
y: node.y,
Expand Down Expand Up @@ -832,7 +832,7 @@ function GraphsVisualizationsCtrl($scope, $rootScope, $repositories, $licenseSer
$scope.nodeSelected = true;
$scope.searchVisible = false;

this.nodes = angular.copy(state.nodes);
this.nodes = _.cloneDeep(state.nodes);
// check if triples exists is needed for old configs
this.tripleNodes = state.tripleNodes ? new Map(JSON.parse(state.tripleNodes)) : new Map();
this.links = [];
Expand All @@ -847,7 +847,7 @@ function GraphsVisualizationsCtrl($scope, $rootScope, $repositories, $licenseSer

if (angular.isDefined(state.colorIndex) && angular.isDefined(state.type2color)) {
colorIndex = state.colorIndex;
type2color = angular.copy(state.type2color);
type2color = _.cloneDeep(state.type2color);
}

if (angular.isDefined(state.transform)) {
Expand Down Expand Up @@ -3004,7 +3004,7 @@ SaveGraphModalCtrl.$inject = ['$scope', '$uibModalInstance', 'data', '$translate

function SaveGraphModalCtrl($scope, $uibModalInstance, data, $translate) {
$scope.mode = data.mode;
$scope.graph = angular.copy(data.graph);
$scope.graph = _.cloneDeep(data.graph);
$scope.graphExists = data.graphExists;

switch ($scope.mode) {
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/graphexplore/directives/domain-range-graph.directive.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ function domainRangeGraphDirective($rootScope, $window, $repositories, GraphData

scope.$watch('domainRangeGraphData', function () {
if (scope.domainRangeGraphData) {
var graph = angular.copy(scope.domainRangeGraphData);
var graph = _.cloneDeep(scope.domainRangeGraphData);

const nodes = graph.nodes;
const links = graph.links;
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/graphexplore/directives/rdf-class-hierarchy.directive.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -676,7 +676,7 @@ function classHierarchyDirective($rootScope, $location, GraphDataRestService, $w
if (scope.classHierarchyData.classCount) {
sendSliderData();

var rootData = angular.copy(scope.classHierarchyData);
var rootData = _.cloneDeep(scope.classHierarchyData);

var root = d3.hierarchy(rootData);

Expand Down
6 changes: 3 additions & 3 deletions src/js/angular/guides/guides.service.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -410,11 +410,11 @@ function GuidesService($http, $rootScope, $translate, $interpolate, ShepherdServ
if (predefinedStepDescription) {
const options = angular.extend({}, predefinedStepDescription.options, complexStep.options, parentOptions);
if (predefinedStepDescription.getSteps) {
steps = steps.concat(this._getSteps(angular.copy(predefinedStepDescription.getSteps(options, services)), parentOptions));
steps = steps.concat(this._getSteps(_.cloneDeep(predefinedStepDescription.getSteps(options, services)), parentOptions));
} else if (predefinedStepDescription.getStep) {
steps.push(angular.copy(predefinedStepDescription.getStep(options, services)));
steps.push(_.cloneDeep(predefinedStepDescription.getStep(options, services)));
} else {
steps = steps.concat(this._getSteps(angular.copy(predefinedStepDescription, predefinedStepDescription.options), parentOptions));
steps = steps.concat(this._getSteps(_.cloneDeep(predefinedStepDescription, predefinedStepDescription.options), parentOptions));
}
}
}
Expand Down
6 changes: 3 additions & 3 deletions src/js/angular/import/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ importCtrl.controller('CommonCtrl', ['$scope', '$http', 'toastr', '$interval', '
if (!withDefaultSettings && !_.isEmpty(fileName) && !_.isEmpty($scope.savedSettings[fileName])) {
return $scope.savedSettings[fileName];
} else {
return angular.copy($scope.defaultSettings);
return _.cloneDeep($scope.defaultSettings);
}
};

Expand All @@ -195,7 +195,7 @@ importCtrl.controller('CommonCtrl', ['$scope', '$http', 'toastr', '$interval', '
controller: 'SettingsModalCtrl',
resolve: {
settings: function () {
return angular.copy($scope.settings);
return _.cloneDeep($scope.settings);
},
hasParserSettings: $scope.isLocalLocation,
defaultSettings: function () {
Expand Down Expand Up @@ -782,7 +782,7 @@ importCtrl.controller('SettingsModalCtrl', ['$scope', '$uibModalInstance', 'toas
};

$scope.reset = function () {
$scope.settings = angular.copy(defaultSettings);
$scope.settings = _.cloneDeep(defaultSettings);
$scope.target = 'data';
};

Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/import/templates/urlImport.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ <h4 class="modal-title">{{'import.data.from.url' | translate}}</h4>
<div class="modal-body">
<form name="urlForm" class="url-import-form" ng-submit="importUrlForm($event)" ng-hide="loader" novalidate>
<div class="input-group mb-1">
<input required validate-uri id="dataUrl" name="dataUrl" placeholder="{{'url.import.input.placeholder' | translate}}" type="url"
<input required validate-uri id="dataUrl" name="dataUrl" placeholder="{{'url.import.input.placeholder' | translate}}"
ng-model="dataUrl" class="form-control"
uib-popover="{{'import.supported.url.with.rdf' | translate}} {{fileFormatsHuman}}. "
popover-placement="bottom"
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/jdbc/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,7 @@ function JdbcCreateCtrl($scope, $location, toastr, $repositories, $window, $time

function setQueryFromTabConfig() {
$scope.tabsData = $scope.tabs = [defaultTabConfig];
$scope.currentQuery = angular.copy(defaultTabConfig);
$scope.currentQuery = _.cloneDeep(defaultTabConfig);

resetYasqeYasr();

Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/repositories/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -467,7 +467,7 @@ EditLocationCtrl.$inject = ['$scope', '$uibModalInstance', 'location', 'productI

function EditLocationCtrl($scope, $uibModalInstance, location, productInfo) {

$scope.editedLocation = angular.copy(location);
$scope.editedLocation = _.cloneDeep(location);
$scope.docBase = getDocBase(productInfo);

$scope.ok = function () {
Expand Down
4 changes: 2 additions & 2 deletions src/js/angular/repositories/ontop-repo.directive.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ function ontopRepoDirective($uibModal, RepositoriesRestService, toastr, Upload,
$scope.selectedDriver = $scope.supportedDriversData.find((driver) => driver.driverType === driverType);
$scope.isGenericDriver = OntopDriverData.isGenericDriver($scope.selectedDriver.driverType);
if ($scope.editRepoPage && $scope.currentOntopRepoInfo && $scope.currentOntopRepoInfo.connectionInformation.driverType === driverType) {
$scope.formData = angular.copy($scope.currentOntopRepoInfo);
$scope.formData = _.cloneDeep($scope.currentOntopRepoInfo);
} else {
clearFormData();
$scope.formData.connectionInformation.driverType = $scope.selectedDriver.driverType;
Expand Down Expand Up @@ -405,7 +405,7 @@ function ontopRepoDirective($uibModal, RepositoriesRestService, toastr, Upload,
ontopFile.fileName = getFileName(ontopFileInfo.value);
}
});
$scope.currentOntopRepoInfo = angular.copy($scope.formData);
$scope.currentOntopRepoInfo = _.cloneDeep($scope.formData);
})
.error((data) => {
showErrorMsg($translate.instant('common.error'), data);
Expand Down
4 changes: 2 additions & 2 deletions src/js/angular/security/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -779,7 +779,7 @@ securityCtrl.controller('ChangeUserPasswordSettingsCtrl', ['$scope', 'toastr', '
$scope.getPrincipal = function () {
return $jwtAuth.getPrincipal()
.then((principal) => {
$scope.currentUserData = angular.copy(principal);
$scope.currentUserData = _.cloneDeep(principal);
});
};

Expand All @@ -803,7 +803,7 @@ securityCtrl.controller('ChangeUserPasswordSettingsCtrl', ['$scope', 'toastr', '

const initUserData = function (scope) {
// Copy needed so that Cancel would work correctly, need to call updateCurrentUserData on OK
scope.userData = angular.copy(scope.currentUserData);
scope.userData = _.cloneDeep(scope.currentUserData);
scope.user = {username: scope.userData.username};
scope.user.password = '';
scope.user.confirmpassword = '';
Expand Down
5 changes: 2 additions & 3 deletions src/js/angular/similarity/controllers/create-index.controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ function CreateSimilarityIdxCtrl($scope, toastr, $uibModal, $timeout, Similarity
defaultTabConfig.inference = !($location.search().infer === 'false');
defaultTabConfig.sameAs = !($location.search().sameAs === 'false');
$scope.tabsData = $scope.tabs = [defaultTabConfig];
$scope.currentQuery = angular.copy(defaultTabConfig);
$scope.currentQuery = _.cloneDeep(defaultTabConfig);
$scope.allSamples = samples;
initForViewType();
});
Expand Down Expand Up @@ -725,8 +725,7 @@ function CreateSimilarityIdxCtrl($scope, toastr, $uibModal, $timeout, Similarity
});
// end of query tab operations

$scope.currentQuery = angular.copy(defaultTabConfig);
// $scope.state = {};
$scope.currentQuery = _.cloneDeep(defaultTabConfig);
$scope.showSampleQueries = false;
$scope.savedQuery = {};
$scope.sampleQueries = {};
Expand Down
2 changes: 1 addition & 1 deletion src/js/angular/sparql-template/controllers.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,7 +260,7 @@ function SparqlTemplateCreateCtrl($scope, $location, toastr, $repositories, $win

function setQueryFromTabConfig() {
$scope.tabsData = $scope.tabs = [defaultTabConfig];
$scope.currentQuery = angular.copy(defaultTabConfig);
$scope.currentQuery = _.cloneDeep(defaultTabConfig);

if (window.editor) {
$scope.setQuery($scope.currentQuery.query);
Expand Down
2 changes: 1 addition & 1 deletion src/pages/namespaces.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ <h1>
</div>
<div class="form-group" style="width: 260px;">
<input required id="wb-namespaces-namespace" name="namespace"
type="url" ng-model="namespace.namespace"
ng-model="namespace.namespace"
placeholder="http://example.com/data#" class="form-control"
gdb-tooltip="{{'namespace.label' | translate}}" style="width: 260px;"/>
</div>
Expand Down
8 changes: 4 additions & 4 deletions test/lib/angularjs/1.3.8/angular-mocks.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ angular.mock.$Browser.prototype = {
if (url) {
this.$$url = url;
// Native pushState serializes & copies the object; simulate it.
this.$$state = angular.copy(state);
this.$$state = _.cloneDeep(state);
return this;
}

Expand All @@ -182,8 +182,8 @@ angular.mock.$Browser.prototype = {
}
} else {
if (!angular.equals(this.cookieHash, this.lastCookieHash)) {
this.lastCookieHash = angular.copy(this.cookieHash);
this.cookieHash = angular.copy(this.cookieHash);
this.lastCookieHash = _.cloneDeep(this.cookieHash);
this.cookieHash = _.cloneDeep(this.cookieHash);
}
return this.cookieHash;
}
Expand Down Expand Up @@ -1141,7 +1141,7 @@ function createHttpBackendMock($rootScope, $timeout, $delegate, $browser) {
expectations = [],
responses = [],
responsesPush = angular.bind(responses, responses.push),
copy = angular.copy;
copy = _.cloneDeep;

function createResponse(status, data, headers, statusText) {
if (angular.isFunction(status)) return status;
Expand Down

0 comments on commit 3d87366

Please sign in to comment.