From 4a733d44095205d6a44ba12ff05bed08f044bc8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9D=80=EC=86=94?= Date: Wed, 30 Jul 2025 10:33:36 +0900 Subject: [PATCH 1/3] [ AutoFiC ] Create package.json and CI workflow --- .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 00000000..2b34036d --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,20 @@ +name: PR Notifier + +on: + pull_request: + types: [opened, reopened, closed] + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Notify Discord + env: + DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL + - name: Notify Slack + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL From ce09a8e6c79b995d65bae5fdfd1e07cf386a4ee1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9D=80=EC=86=94?= Date: Wed, 30 Jul 2025 10:33:39 +0900 Subject: [PATCH 2/3] [ AutoFiC ] 12 malicious code detected!! --- callautomation-live-transcription/src/app.ts | 2 ++ .../issue-communication-access-token.js | 5 ++--- tpe-token-and-access-management/server/server.js | 10 ++++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/callautomation-live-transcription/src/app.ts b/callautomation-live-transcription/src/app.ts index 9e2e55c4..95b5d7c6 100644 --- a/callautomation-live-transcription/src/app.ts +++ b/callautomation-live-transcription/src/app.ts @@ -1,6 +1,7 @@ import { config } from 'dotenv'; import express, { Application } from 'express'; import http from 'http'; +import helmet from 'helmet'; // Import helmet for security headers import { PhoneNumberIdentifier, createIdentifierFromRawId } from "@azure/communication-common"; import { CallAutomationClient, CallConnection, AnswerCallOptions, CallMedia, @@ -21,6 +22,7 @@ config(); const PORT = process.env.PORT; const app: Application = express(); app.use(express.json()); +app.use(helmet()); // Use helmet to secure Express app by setting various HTTP headers // Create common server for app and websocket const server = http.createServer(app); diff --git a/manage-teams-identity-mobile-and-desktop/issue-communication-access-token.js b/manage-teams-identity-mobile-and-desktop/issue-communication-access-token.js index fd7ab0ab..739e233f 100644 --- a/manage-teams-identity-mobile-and-desktop/issue-communication-access-token.js +++ b/manage-teams-identity-mobile-and-desktop/issue-communication-access-token.js @@ -1,4 +1,3 @@ - require('dotenv').config({path: __dirname + '/.env' }) const { CommunicationIdentityClient } = require('@azure/communication-identity'); const { PublicClientApplication, CryptoProvider } = require('@azure/msal-node'); @@ -80,8 +79,8 @@ app.get('/redirect', async (req, res) => { res.sendStatus(200); }).catch((error) => { console.log(error); - res.status(500).send(error); + res.status(500).send('An error occurred while processing your request.'); }); }); -app.listen(SERVER_PORT, () => console.log(`Communication access token application started on ${SERVER_PORT}!`)) +app.listen(SERVER_PORT, () => console.log(`Communication access token application started on ${SERVER_PORT}!`)) \ No newline at end of file diff --git a/tpe-token-and-access-management/server/server.js b/tpe-token-and-access-management/server/server.js index 5c08817a..21d58817 100644 --- a/tpe-token-and-access-management/server/server.js +++ b/tpe-token-and-access-management/server/server.js @@ -8,15 +8,25 @@ const cors = require('cors'); const path = require('path'); const config = require('./config'); const TeamsExtensionAccessManager = require('./teams-extension-access-manager'); +const helmet = require('helmet'); // Added Helmet for security headers +const rateLimit = require('express-rate-limit'); // Added rate limiting const app = express(); const PORT = config.server.port; // Middleware +app.use(helmet()); // Use Helmet to secure the app by setting various HTTP headers app.use(cors()); app.use(express.json()); app.use(express.static(path.join(__dirname, '..', 'dist'))); +// Rate limiting middleware +const limiter = rateLimit({ + windowMs: 15 * 60 * 1000, // 15 minutes + max: 100 // Limit each IP to 100 requests per windowMs +}); +app.use(limiter); // Apply rate limiting to all requests + // Initialize manager const accessManager = new TeamsExtensionAccessManager(); From 049b04545ef6d590117173607a4f07c653488833 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9D=80=EC=86=94?= Date: Wed, 30 Jul 2025 10:33:54 +0900 Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR --- .github/workflows/pr_notify.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 2b34036d..00000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: PR Notifier - -on: - pull_request: - types: [opened, reopened, closed] - -jobs: - notify: - runs-on: ubuntu-latest - steps: - - name: Notify Discord - env: - DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL - - name: Notify Slack - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL