vrr/eigent
2
0
Fork 0
mirror of https://github.com/eigent-ai/eigent.git synced 2026-06-01 14:29:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: resolve CodeQL security issues in oauth and install scripts

Browse source
This commit is contained in:
eigent-ai 2026-01-27 14:00:30 +08:00
parent bb71281693
commit 37d4cf10c7
3 changed files with 25 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

3
resources/scripts/install-bun.js
View file

@ -14,7 +14,6 @@
/* global console, process */
import AdmZip from 'adm-zip';
import { execSync } from 'child_process';
import fs from 'fs';
import os from 'os';
import path from 'path';
@ -178,7 +177,7 @@ function detectPlatformAndArch() {
function detectIsMusl() {
try {
// Simple check for Alpine Linux which uses MUSL
const output = execSync('cat /etc/os-release').toString();
const output = fs.readFileSync('/etc/os-release', 'utf8');
return output.toLowerCase().includes('alpine');
} catch (error) {
console.error(`Error detecting MUSL: ${error}`);

3
resources/scripts/install-uv.js
View file

@ -15,7 +15,6 @@
/* global console, process */
// @ts-check
import AdmZip from 'adm-zip';
import { execSync } from 'child_process';
import fs from 'fs';
import os from 'os';
import path from 'path';
@ -175,7 +174,7 @@ function detectPlatformAndArch() {
function detectIsMusl() {
try {
// Simple check for Alpine Linux which uses MUSL
const output = execSync('cat /etc/os-release').toString();
const output = fs.readFileSync('/etc/os-release', 'utf8');
return output.toLowerCase().includes('alpine');
} catch (error) {
console.error(`Error detecting MUSL: ${error}`);

27
src/lib/oauth.ts
View file

@ -246,10 +246,29 @@ export class OAuth {
async random(size: number) {
const mask =
'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~';
const randomUints = crypto.getRandomValues(new Uint8Array(size));
return Array.from(randomUints)
.map((i) => mask[i % mask.length])
.join('');
const maskLength = mask.length;
const result = [];
// Use rejection sampling to avoid modulo bias
// Generate extra random values to account for rejections
let randomValues = crypto.getRandomValues(new Uint8Array(size * 2));
let index = 0;
while (result.length < size) {
if (index >= randomValues.length) {
// Need more random values
randomValues = crypto.getRandomValues(new Uint8Array(size * 2));
index = 0;
}
const value = randomValues[index++];
// Only use values that don't cause modulo bias
if (value < 256 - (256 % maskLength)) {
result.push(mask[value % maskLength]);
}
}
return result.join('');
}
}