Production Release 2024-03-07

[IanKrieger]

Features

• 1108

• 1115

Chores

• 1113

[github-actions[bot]]

[puLL-Merge] - brave/ads-ui@1114

Description

This PR introduces several key changes to enhance the registration and validation processes for Brave Ads campaigns, specifically related to search ads. It also updates dependencies, refactors certain components for code cleanliness, and implements new security updates.

Changes

### Changes #### Updated Dependencies - `.github/workflows/codeql-analysis.yml`: Updated CodeQL actions to version `v3.24.6` for improved security scanning. #### Improved Registration Process - `src/auth/registration/types.ts`: Updated the `RegistrationForm` type to include new fields such as `country`, `mediaSpend`, and `domain` to better support search ads registration. - `src/auth/registration/AccountChoice.tsx`: Introduced two options for campaign types - "Browser ads" and "Search ads", and provided links to learn more about each campaign type. - `src/auth/registration/BrowserForm.tsx` and `src/auth/registration/SearchForm.tsx`: Created separate forms for browser and search ads registration, including specific fields relevant to each type. - `src/auth/registration/Register.tsx`: Implemented a switch case to handle different registration paths for browser and search ads, using React Router. - `src/auth/registration/RegistrationContainer.tsx` and `src/auth/registration/AdvertiserRegistered.tsx`: Introduced new components for a cleaner registration process display, including success messaging. - `src/validation/RegistrationSchema.tsx` and `src/validation/UserSchema.tsx`: Added validation schemas for the registration form, ensuring data integrity and matching domains for search ads. #### Security and Cleanup - `src/components/Creatives/NewsPreview.tsx` and `src/user/ads/NotificationAd.tsx`: Minor UI adjustments including messaging about including brand names in ads to prevent rejections. - Deleted `src/search/SearchLandingPage.tsx` and `src/search/SearchTalkingPoints.tsx`: Removed unused components to clean up the codebase. - Enhanced `src/locales/` translations for the newly added messages and form fields. #### Test and Configuration Updates - Added tests for new validation logic in `src/validation/RegistrationSchema.test.ts`. - Updated `.test.ts` files to conform with the new campaign registration structure and fields.

Security Hotspots

• SQL Injection Risk: If user inputs are not properly sanitized before constructing SQL queries, there could be a risk of SQL injection, particularly with new fields added for registration.

  • Risk Assessment: Low, given that the backend should handle sanitization. However, this needs to be explicitly verified.

• Cross-Site Scripting (XSS): With the introduction of new input fields (country, mediaSpend, and domain), there's potential for XSS if user input is rendered directly to the DOM without proper escaping or sanitization.

  • Risk Assessment: Medium, depending on how user input from these fields is handled in the frontend.

• User Input Validation: The current validation using Regex (e.g., for email and domain validation) might not catch all edge cases, potentially allowing malicious input to pass through.

  • Risk Assessment: Medium, recommending thorough testing with a wide range of inputs to ensure robustness.