-
Notifications
You must be signed in to change notification settings - Fork 544
return address type for contractoptions #5874
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
return address type for contractoptions #5874
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
How to use the Graphite Merge QueueAdd either label to this PR to merge it via the merge queue:
You must have a Graphite account in order to use the merge queue. Sign up using this link. An organization admin has enabled the Graphite Merge Queue in this repository. Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue. This stack of pull requests is managed by Graphite. Learn more about stacking. |
This reverts commit d778bb8.
const validApiKey = (apiKeys.data || []).find( | ||
(apiKey) => | ||
(apiKey.domains.includes("*") || | ||
apiKey.domains.includes("embed.ipfscdn.io") || |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
embed.ipfscdn.io
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix the problem, we need to ensure that the domain check is performed on the parsed host value of the URL rather than using a substring match. This involves parsing the URL and checking if the host matches the allowed domains explicitly.
- Parse the URL to extract the host value.
- Use an explicit whitelist of allowed hosts to perform the check.
- Update the relevant code to use this new approach.
-
Copy modified lines R220-R227 -
Copy modified lines R231-R233
@@ -219,7 +219,10 @@ | ||
|
||
const validApiKey = (apiKeys.data || []).find( | ||
(apiKey) => | ||
(apiKey.domains.includes("*") || | ||
apiKey.domains.includes("embed.ipfscdn.io") || | ||
apiKey.domains.includes("*.ipfscdn.io")) && | ||
const validApiKey = (apiKeys.data || []).find((apiKey) => { | ||
const allowedHosts = ["embed.ipfscdn.io", "*.ipfscdn.io"]; | ||
const isValidDomain = apiKey.domains.some((domain) => { | ||
const parsedUrl = new URL(domain); | ||
return allowedHosts.includes(parsedUrl.host); | ||
}); | ||
return ( | ||
(apiKey.domains.includes("*") || isValidDomain) && | ||
(apiKey.services || []) | ||
@@ -227,4 +230,5 @@ | ||
?.actions.includes("read") && | ||
!!(apiKey.services || []).find((service) => service.name === "rpc"), | ||
); | ||
!!(apiKey.services || []).find((service) => service.name === "rpc") | ||
); | ||
}); | ||
|
81efdbb
to
df0cc31
Compare
size-limit report 📦
|
Signed-off-by: greg <gregfromstl@gmail.com>
Signed-off-by: greg <gregfromstl@gmail.com>
title: "[SDK/Dashboard/Portal] Feature/Fix: Concise title for the changes"
If you did not copy the branch name from Linear, paste the issue tag here (format is TEAM-0000):
Notes for the reviewer
Anything important to call out? Be sure to also clarify these in your comments.
How to test
Unit tests, playground, etc.
PR-Codex overview
This PR primarily focuses on correcting a typo in the regex for validating Ethereum addresses and enhancing type definitions for contract options to include an
address
type.Detailed summary
ADRESS_REGEX
toADDRESS_REGEX
inpackages/thirdweb/src/utils/address.ts
.isAddress
function.ContractOptions
type to include a genericaddress
type.ThirdwebContract
type to use the newaddress
type.getContract
function to returnThirdwebContract<abi, Address>
.