From ad0b49b8dd20d41bc30013b29c082e46232b4ffd Mon Sep 17 00:00:00 2001 From: soonnae Date: Thu, 24 Jul 2025 21:24:30 +0900 Subject: [PATCH 1/3] [Autofic] Create package.json and CI workflow --- .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 0000000..2b34036 --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,20 @@ +name: PR Notifier + +on: + pull_request: + types: [opened, reopened, closed] + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Notify Discord + env: + DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL + - name: Notify Slack + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL From a5e647c742a85478f0162a71775513938809476f Mon Sep 17 00:00:00 2001 From: soonnae Date: Thu, 24 Jul 2025 21:24:33 +0900 Subject: [PATCH 2/3] [Autofic] 4 malicious code detected!! --- code/plugins/webgui/index.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/code/plugins/webgui/index.js b/code/plugins/webgui/index.js index 5929b25..f69bf1c 100644 --- a/code/plugins/webgui/index.js +++ b/code/plugins/webgui/index.js @@ -14,9 +14,17 @@ const KnexSessionStore = require('connect-session-knex')(session); const store = new KnexSessionStore({ knex }); const sessionParser = session({ secret: '5E14cd8749A', + name: 'customSessionId', // Custom session cookie name resave: false, saveUninitialized: true, - cookie: { secure: false, httpOnly: true, maxAge: 5 * 24 * 60 * 60 * 1000 }, + cookie: { + secure: true, // Ensure cookies are only sent over HTTPS + httpOnly: true, + maxAge: 5 * 24 * 60 * 60 * 1000, + domain: 'example.com', // Set the domain for the cookie + path: '/', // Set the path for the cookie + expires: new Date(Date.now() + 5 * 24 * 60 * 60 * 1000) // Set expiration date + }, store, }); const bodyParser = require('body-parser'); From 77d0a1970d362b4d995c1a1c6aa45fcb26509797 Mon Sep 17 00:00:00 2001 From: soonnae Date: Thu, 24 Jul 2025 21:24:54 +0900 Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR --- .github/workflows/pr_notify.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 2b34036..0000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: PR Notifier - -on: - pull_request: - types: [opened, reopened, closed] - -jobs: - notify: - runs-on: ubuntu-latest - steps: - - name: Notify Discord - env: - DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL - - name: Notify Slack - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL