hackucf / onboardlite Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
If the size of a payload reaches the DynamoDB maximum size restriction, there is no frontend notification of such a failure. This should be checked for before navigating to another page on the frontend and/or truncated on the backend to an acceptable character limit.
Instead, deserializing the YAML to a Pydantic model and accessing features from there would be cleaner and would also allow for validation over the config in the case of improper inputs.
Probably just a typo at https://github.com/HackUCF/OnboardLite/blob/main/util/approve.py#L47 but http://discordapp.... instead of https://discordapp....
Create a notification module, to handle switching between emails and discord notification and any other notification provider.
All database calls should be abstracted in a different module that should allow easier switching to MongoDB in the future
This was originally found from SemGrep:
index.py
python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret
Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials
weakness: https://cwe.mitre.org/data/definitions/522.html Consider using an appropriate
security mechanism to protect the credentials (e.g. keeping secrets in environment
variables)
Details: https://sg.run/l2E9
196┆ options.get("jwt").get("secret"),
⋮┆----------------------------------------
196┆ options.get("jwt").get("secret"),
Instead, the JWT secret should be generated each time the app is started (unless there are clustering plans but I don't think that's necessary to plan for atm.
Maybe just generate some long random string using https://docs.python.org/3/library/secrets.html each time the app starts. All sessions are terminated with the application but IMHO this is an easy idea to never have to deal with session secret compromise aside from variable theft during runtime.
on https://github.com/HackUCF/OnboardLite/blob/main/util/approve.py#L62, there's a massive structure to essentially validate a new user.
This is what the pydantic models are for so we can create a new model object with the provided data and then slap a https://docs.pydantic.dev/latest/usage/validators/ on that
After filling out the form at least once, and clicking "Edit" from the "my information" page, if a user has a class standing of "Other" it will be reset to "Freshman" on the edit screen.
https://github.com/HackUCF/OnboardLite/blob/main/util/horsepass.py#L31C19-L31C19 super call is not required as HorsePass does not inherit
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.