Skip to content

Merge preview to main#119

Merged
zhiyuanliang-ms merged 18 commits into
mainfrom
preview
May 20, 2025
Merged

Merge preview to main#119
zhiyuanliang-ms merged 18 commits into
mainfrom
preview

Conversation

@zhiyuanliang-ms

Copy link
Copy Markdown
Member

No description provided.

zhiyuanliang-ms and others added 18 commits December 19, 2024 18:47
* support targeting context accessor

* add test

* fix lint

* update

* update

* export targeting context

* add comments

* update

* update

* fix lint
* support targeting context accessor

* add test

* fix lint

* update

* update

* export targeting context

* add comments

* update

* add express example

* update

* update

* fix lint

* update

* update example in README

* update script

* update
* support targeting context accessor

* add test

* fix lint

* update

* update

* export targeting context

* add comments

* support telemetry processor & initializer

* update

* update
}
else {
users.push({ username, password });
localStorage.setItem("users", JSON.stringify(users));

Check failure

Code scanning / CodeQL

Clear text storage of sensitive information

This stores sensitive data returned by [an access to password](1) as clear text.

Copilot Autofix

AI about 1 year ago

To fix the issue, we need to ensure that passwords are not stored in clear text. Instead, we should hash the password before storing it in localStorage. Hashing is a one-way operation that ensures the password cannot be easily retrieved in its original form. A library like bcryptjs can be used to hash the password securely.

Steps to fix:

  1. Install the bcryptjs library to hash passwords.
  2. Update the handleRegister function to hash the password before storing it in localStorage.
  3. Ensure that the hashed password is stored instead of the plain text password.
Suggested changeset 2
examples/quote-of-the-day/client/src/pages/Register.jsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/examples/quote-of-the-day/client/src/pages/Register.jsx b/examples/quote-of-the-day/client/src/pages/Register.jsx
--- a/examples/quote-of-the-day/client/src/pages/Register.jsx
+++ b/examples/quote-of-the-day/client/src/pages/Register.jsx
@@ -6,2 +6,3 @@
 import { useNavigate } from "react-router-dom";
+import bcrypt from "bcryptjs";
 
@@ -28,3 +29,4 @@
     else {
-      users.push({ username, password });
+      const hashedPassword = bcrypt.hashSync(password, 10); // Hash the password
+      users.push({ username, password: hashedPassword });
       localStorage.setItem("users", JSON.stringify(users));
EOF
@@ -6,2 +6,3 @@
import { useNavigate } from "react-router-dom";
import bcrypt from "bcryptjs";

@@ -28,3 +29,4 @@
else {
users.push({ username, password });
const hashedPassword = bcrypt.hashSync(password, 10); // Hash the password
users.push({ username, password: hashedPassword });
localStorage.setItem("users", JSON.stringify(users));
examples/quote-of-the-day/client/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/examples/quote-of-the-day/client/package.json b/examples/quote-of-the-day/client/package.json
--- a/examples/quote-of-the-day/client/package.json
+++ b/examples/quote-of-the-day/client/package.json
@@ -10,3 +10,4 @@
     "react-router-dom": "^6.27.0",
-    "react-icons": "5.3.0"
+    "react-icons": "5.3.0",
+    "bcryptjs": "^3.0.2"
   },
EOF
@@ -10,3 +10,4 @@
"react-router-dom": "^6.27.0",
"react-icons": "5.3.0"
"react-icons": "5.3.0",
"bcryptjs": "^3.0.2"
},
This fix introduces these dependencies
Package Version Security advisories
bcryptjs (npm) 3.0.2 None
Copilot is powered by AI and may make mistakes. Always verify output.
@zhiyuanliang-ms zhiyuanliang-ms merged commit 9201d32 into main May 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants