Closed MorningLightMountain713 closed 1 month ago
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.
š¦ GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Will redo against develop
Two things going on here.
First, the image parsing was missing a return statement if no match at all was made (edge case), which somehow allowed for an image starting with a / to be accepted. I'm not sure how this app even got registered, as I tested it on the home.runonflux.io register page, and it throws an error.
I will add some tests in for this tomorrow.
Second, when FluxOS goes to remove the app (the image doesn't exist) it's causing a dns lookup to fail somewhere for the hostname "images" I can't track this down at the moment, so have put a hack in place so we catch this error globally, and continue on.
With patch:
It has to be one of the axios calls as that is the only thing using cacheable lookups. I will try find this tomorrow - I can replicate the error by putting this blob back in the db: