kunthawat/moreminimore-vibe
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
6235f7bb9d8d6c88c047114ef7dc6486e1c606a1
moreminimore-vibe/e2e-tests/snapshots/security_review.spec.ts_security-review---multi-select-and-fix-issues-1.aria.yml
Will Chen 369149b202 Security review: fix multiple issues (#1699) 
See #1692

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Adds multi-select with a "Fix X Issues" bulk action to Security Review
(severity-sorted, with animated header button), clears selections on
refresh, and improves streaming error logs; includes e2e coverage.
> 
> - **Security Review UI
(`src/components/preview_panel/SecurityPanel.tsx`)**:
>   - **Multi-select & Bulk Fix**:
> - Add per-row checkboxes and a "Select all" checkbox in
`FindingsTable`; sort by severity; ARIA labels.
> - Track `selectedFindings`; clear on new data; header shows animated
"Fix X Issues" button (`Wrench` icon) that creates one chat with a
combined prompt for selected issues.
> - **Fix Single Issue**: Preserve existing per-row "Fix Issue" flow
with loading states.
> - **Tests**:
> - Add e2e test `security review - multi-select and fix issues` and
snapshots for selection table and combined prompt.
> - **IPC (`src/ipc/ipc_client.ts`)**:
> - Enhance error logging (`console.error`) in `streamMessage` paths;
simplify `cancelChatStream` (remove stale cleanup).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
08b9f92814e2a676d0a8de1badf7dc79cd82a14a. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->



<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Add multi-select to the Security Review so you can select issues and fix
them in one go. Improves error handling in chat streaming and adds an
e2e test for the new flow.

- New Features
- Checkboxes per finding and a “Select all” checkbox, with
severity-sorted rows.
- Header shows an animated “Fix X Issues” button when items are
selected; creates one chat with a combined prompt; clears selection
after.
  - New e2e test: multi-select and bulk fix.

- Bug Fixes
  - Clear selections when new review results load.
- Better error logging in IpcClient for streaming failures; simplify
cancelChatStream to avoid false errors.

<sup>Written for commit 08b9f92814e2a676d0a8de1badf7dc79cd82a14a.
Summary will update automatically on new commits.</sup>

<!-- End of auto-generated description by cubic. -->
2025-11-03 19:58:26 -08:00

74 lines
2.3 KiB
YAML
Raw Blame History

- paragraph: "Please fix the following 2 security issues in a simple and effective way:"
- list:
- listitem:
- strong: SQL Injection in User Lookup
- text: (critical severity)
- strong: What
- text: ": User input flows directly into database queries without validation, allowing attackers to execute arbitrary SQL commands"
- paragraph:
- strong: Risk
- text: ": An attacker could steal all customer data, delete your entire database, or take over admin accounts by manipulating the URL"
- paragraph:
- strong: Potential Solutions
- text: ":"
- list:
- listitem:
- text: "Use parameterized queries:"
- code: "`db.query('SELECT * FROM users WHERE id = ?', [userId])`"
- listitem:
- text: Add input validation to ensure
- code: "`userId`"
- text: is a number
- listitem: Implement an ORM like Prisma or TypeORM that prevents SQL injection by default
- paragraph:
- strong: Relevant Files
- text: ":"
- code: "`src/api/users.ts`"
- list:
- listitem:
- strong: Hardcoded AWS Credentials in Source Code
- text: (critical severity)
- strong: What
- text: ": AWS access keys are stored directly in the codebase and committed to version control, exposing full cloud infrastructure access"
- paragraph:
- strong: Risk
- text: ": Anyone with repository access (including former employees or compromised accounts) could spin up expensive resources, access S3 buckets with customer data, or destroy production infrastructure"
- paragraph:
- strong: Potential Solutions
- text: ":"
- list:
- listitem: Immediately rotate the exposed credentials in AWS IAM
- listitem:
- text: Use environment variables and add
- code: "`.env`"
- text: to
- code: "`.gitignore`"
- listitem: Implement AWS Secrets Manager or similar vault solution
- listitem:
- text: Scan git history and purge the credentials using tools like
- code: "`git-filter-repo`"
- paragraph:
- strong: Relevant Files
- text: ":"
- code: "`src/config/aws.ts`"
- text: ","
- code: "`src/services/s3-uploader.ts`"
- img
- text: file1.txt
- button "Edit":
- img
- img
- text: file1.txt
- paragraph: More EOM
- button:
- img
- img
- text: Approved
- img
- text: less than a minute ago
- img
- text: wrote 1 file(s)
- button "Undo":
- img
- button "Retry":
- img
Reference in New Issue View Git Blame Copy Permalink