From fccf19ec24cf928d75fcea9e33459c92b9537667 Mon Sep 17 00:00:00 2001 From: seoonju Date: Thu, 24 Jul 2025 08:36:35 +0900 Subject: [PATCH 1/3] [Autofic] Create package.json and CI workflow --- .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 0000000..2b34036 --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,20 @@ +name: PR Notifier + +on: + pull_request: + types: [opened, reopened, closed] + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Notify Discord + env: + DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL + - name: Notify Slack + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL From 6227cf2bd15b4549e52a755369effa185f5c5024 Mon Sep 17 00:00:00 2001 From: seoonju Date: Thu, 24 Jul 2025 08:36:37 +0900 Subject: [PATCH 2/3] [Autofic] 1 malicious code detected!! --- src/app/avatar/route.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/app/avatar/route.js b/src/app/avatar/route.js index 4f5954a..02df895 100644 --- a/src/app/avatar/route.js +++ b/src/app/avatar/route.js @@ -3,7 +3,8 @@ import { NextResponse } from 'next/server'; export async function GET(request) { const { searchParams } = new URL(request.url); const query = searchParams.has('icon_url') ? searchParams.get('icon_url') : ''; - const iconUrl = query || 'https://github.com/hugovk.png?size=80'; + const allowedUrls = ['https://github.com/hugovk.png?size=80']; + const iconUrl = allowedUrls.includes(query) ? query : 'https://github.com/hugovk.png?size=80'; // Fetch the image and convert it to a Base64-encoded string. Revalidate cache every 30days. const imageResponse = await fetch(iconUrl, { next: { revalidate: 2592000 } }); @@ -33,7 +34,6 @@ export async function GET(request) { `; - const response = new NextResponse(svgContent); response.headers.set('Content-Type', 'image/svg+xml'); return response; From d49a00157e9a74c4e446ced64460d9988a45cd35 Mon Sep 17 00:00:00 2001 From: seoonju Date: Thu, 24 Jul 2025 08:36:52 +0900 Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR --- .github/workflows/pr_notify.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 2b34036..0000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: PR Notifier - -on: - pull_request: - types: [opened, reopened, closed] - -jobs: - notify: - runs-on: ubuntu-latest - steps: - - name: Notify Discord - env: - DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL - - name: Notify Slack - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL