Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
33 changes: 0 additions & 33 deletions .github/workflows/android-custom-build.yml

This file was deleted.

53 changes: 0 additions & 53 deletions .github/workflows/tag.yaml

This file was deleted.

21 changes: 21 additions & 0 deletions .github/workflows/use-pr-linker.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Auto link PR to Issues

on:
pull_request_target:
types:
- opened
- edited
- synchronize
- reopened
- closed

permissions:
contents: read
issues: write
pull-requests: read

jobs:
call-linker:
uses: mosip/kattu/.github/workflows/link-pr-to-issue.yml@develop
secrets:
ACTION_PAT: ${{ secrets.ACTION_PAT }}
Comment on lines +19 to +21

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Pin the reusable workflow before forwarding ACTION_PAT.

@develop is mutable, so the code receiving this repository secret can change without review. With pull_request_target, this becomes a privileged secret boundary; pin to a reviewed commit SHA or immutable release tag.

🔒 Proposed hardening
-    uses: mosip/kattu/.github/workflows/link-pr-to-issue.yml@develop
+    uses: mosip/kattu/.github/workflows/link-pr-to-issue.yml@<reviewed-commit-sha>
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: mosip/kattu/.github/workflows/link-pr-to-issue.yml@develop
secrets:
ACTION_PAT: ${{ secrets.ACTION_PAT }}
uses: mosip/kattu/.github/workflows/link-pr-to-issue.yml@<reviewed-commit-sha>
secrets:
ACTION_PAT: ${{ secrets.ACTION_PAT }}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/use-pr-linker.yml around lines 19 - 21, The reusable
workflow reference in use-pr-linker should not point at the mutable develop
branch while forwarding ACTION_PAT under pull_request_target. Update the uses
target in the workflow to a pinned, immutable ref such as a reviewed commit SHA
or release tag so the secret boundary stays fixed. Keep the secret forwarding
as-is, but ensure the referenced workflow source cannot change without review.

Source: Linters/SAST tools

3 changes: 0 additions & 3 deletions .gitignore

This file was deleted.

1 change: 1 addition & 0 deletions .npmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
legacy-peer-deps=true
Binary file removed APKs/FaceRegSBI-v0.9.5.2.apk
Binary file not shown.
Binary file removed APKs/FaceRegSBITest-v1.1.apk
Binary file not shown.
Loading