orcs-oss/orcs-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: address remaining code scanning alerts (#253)

Browse Source
This commit is contained in:
Vasanth T
2026-04-03 20:16:53 +05:30
committed by GitHub
parent c1e5e363cd
commit 931ee96f5a
10 changed files with 87 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/services/oauth/crypto.test.ts Normal file
View File

@@ -0,0 +1,27 @@
import assert from 'node:assert/strict'
import test from 'node:test'
import {
generateCodeChallenge,
generateCodeVerifier,
generateState,
} from './crypto.ts'
test('generateCodeChallenge returns the RFC 7636 S256 challenge', async () => {
const challenge = await generateCodeChallenge(
'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk',
)
assert.equal(challenge, 'E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM')
})
test('generateCodeVerifier returns a URL-safe random string', () => {
const verifier = generateCodeVerifier()
assert.match(verifier, /^[A-Za-z0-9_-]+$/)
assert.ok(verifier.length >= 43)
})
test('generateState returns a URL-safe random string', () => {
const state = generateState()
assert.match(state, /^[A-Za-z0-9_-]+$/)
assert.ok(state.length >= 43)
})

10
src/services/oauth/crypto.ts
View File

@@ -1,4 +1,4 @@
import { createHash, randomBytes } from 'crypto'
import { randomBytes, webcrypto } from 'crypto'
function base64URLEncode(buffer: Buffer): string {
return buffer
@@ -12,10 +12,10 @@ export function generateCodeVerifier(): string {
return base64URLEncode(randomBytes(32))
}
export function generateCodeChallenge(verifier: string): string {
const hash = createHash('sha256')
hash.update(verifier)
return base64URLEncode(hash.digest())
export async function generateCodeChallenge(verifier: string): Promise<string> {
const encoded = new TextEncoder().encode(verifier)
const digest = await webcrypto.subtle.digest('SHA-256', encoded)
return base64URLEncode(Buffer.from(digest))
}
export function generateState(): string {

2
src/services/oauth/index.ts
View File

@@ -52,7 +52,7 @@ export class OAuthService {
this.port = await this.authCodeListener.start()
// Generate PKCE values and state
const codeChallenge = crypto.generateCodeChallenge(this.codeVerifier)
const codeChallenge = await crypto.generateCodeChallenge(this.codeVerifier)
const state = crypto.generateState()
// Build auth URLs for both automatic and manual flows