Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for Cross Site Scripting Rule vulnerabilities #24029

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix for Cross Site Scripting Rule vulnerabilities #24029

wants to merge 1 commit into from
+94 −3

Conversation

sumi-mathew
Copy link

@sumi-mathew sumi-mathew commented Nov 13, 2024
edited
Loading

Description

This PR addressing a Cross-Site Scripting (XSS) vulnerability discovered during a static scan.

Motivation and Context

Fixing XSS vulnerabilities is critical to securing web applications and protecting both user data and website integrity.

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security
* Fix Cross Site Scripting Rule vulnerabilities. :pr:`24029`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Nov 13, 2024
@sumi-mathew sumi-mathew force-pushed the static_cve_cross_site_fix branch 3 times, most recently from 04362c8 to 8104d78 Compare November 13, 2024 09:56
@sumi-mathew sumi-mathew marked this pull request as ready for review November 13, 2024 11:10
@sumi-mathew sumi-mathew requested review from shangxinli and a team as code owners November 13, 2024 11:10
yingsu00
yingsu00 reviewed Nov 14, 2024
View reviewed changes
Copy link
Contributor

@yingsu00 yingsu00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Release note:

* Fix provided for Cross Site Scripting Rule vulnerabilities. :pr:24029--->* Fix Cross Site Scripting Rule vulnerabilities. :pr:24029

presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java Outdated Show resolved Hide resolved
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Nov 14, 2024
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@sumi-mathew sumi-mathew force-pushed the static_cve_cross_site_fix branch 4 times, most recently from 3b84318 to acb2def Compare November 14, 2024 13:53
@steveburnett
Copy link
Contributor

Minor nits for the release note entry.

== RELEASE NOTES ==

Security Changes
* Fix Cross Site Scripting Rule vulnerabilities. :pr:`24029`

tdcmeehan
tdcmeehan requested changes Nov 14, 2024
View reviewed changes
presto-main/pom.xml Outdated Show resolved Hide resolved
@sumi-mathew sumi-mathew force-pushed the static_cve_cross_site_fix branch 2 times, most recently from 9868ca2 to 60d8810 Compare November 20, 2024 07:37
@steveburnett
Copy link
Contributor

Thanks for the release note entry! A few formatting notes to follow the Release Note Guidelines.

== RELEASE NOTES ==

Security Changes
* Fix Cross Site Scripting Rule vulnerabilities. :pr:`24029`

@sumi-mathew sumi-mathew force-pushed the static_cve_cross_site_fix branch 4 times, most recently from 86a2f97 to 4f5f268 Compare November 21, 2024 09:28
tdcmeehan
tdcmeehan reviewed Nov 22, 2024
View reviewed changes
Copy link
Contributor

@tdcmeehan tdcmeehan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM % nit

presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java Outdated Show resolved Hide resolved
@sumi-mathew sumi-mathew force-pushed the static_cve_cross_site_fix branch 3 times, most recently from 83e437f to c539f90 Compare November 23, 2024 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shangxinli shangxinli Awaiting requested review from shangxinli

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

@yingsu00 yingsu00 Awaiting requested review from yingsu00

@tdcmeehan tdcmeehan Awaiting requested review from tdcmeehan

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sumi-mathew @steveburnett @tdcmeehan @yingsu00 @prestodb-ci