fix: prevent TypeError in RadioButtonSelect component#22
Closed
let5sne wants to merge 1 commit into
Closed
Conversation
…s undefined - Add validation for initialIndex parameter in RadioButtonSelect component - Handle cases where findIndex() returns -1 in parent components - Add null checks before accessing items[activeIndex] in keyboard handlers - Fix ThemeDialog and AuthDialog to validate initial index values Resolves: TypeError: Cannot read properties of undefined (reading 'value') at RadioButtonSelect.use_input_default.isActive
Collaborator
|
Thank you for your support and quick pull request! We have just merge one of the solutions in #46 . We have just released a hotfix to resolve this issue. Please update to the latest version by running: Then, verify the installation by running Thank you again for your feedback! |
ranpox
pushed a commit
that referenced
this pull request
Aug 1, 2025
* Introduce a config module to manage configuration * Remove public modifier
halfaipg
pushed a commit
to AIPowerGrid/grid-code
that referenced
this pull request
Aug 16, 2025
* Introduce a config module to manage configuration * Remove public modifier
jeffreysblake
added a commit
to jeffreysblake/foragen-cli
that referenced
this pull request
Nov 9, 2025
Fix 8 CodeQL security alerts in files we modified during development: **Regex Vulnerabilities (Alerts QwenLM#25, QwenLM#17)** - loopDetectionService.ts:309,314: Fix character class ranges by placing hyphens at start (e.g., [-+|] instead of [|+-]) - shell.ts:354: Replace ReDoS-vulnerable pattern with unrolled loop pattern for git commit message extraction (prevents exponential backtracking) **URL Sanitization (Alerts QwenLM#24, QwenLM#9, QwenLM#30)** - deepseek.ts:25: Use URL.hostname instead of includes() to prevent bypass (e.g., evil.com/api.deepseek.com would have passed) - web-fetch.ts:63: Use URL.hostname for GitHub URL detection - coreToolScheduler.ts:30 (fixed by user in da5759c) **Clear-text Logging (Alerts QwenLM#23, QwenLM#22, QwenLM#21, QwenLM#20, QwenLM#19, QwenLM#18)** - errors.ts: Add sanitizeSensitiveData() function to redact API keys, tokens, passwords, and OAuth codes from error messages before logging - errors.ts:112,115: Sanitize all console.error outputs - validateNonInterActiveAuth.ts:69: Sanitize error messages before logging - index.ts:21,26,28: Sanitize FatalError messages and stack traces Security Impact: - Prevents ReDoS attacks via malicious git commit messages - Blocks URL validation bypass attempts - Protects API keys/tokens from appearing in logs All fixes maintain backward compatibility and existing functionality. Resolves CodeQL alerts: QwenLM#25, QwenLM#24, QwenLM#23, QwenLM#22, QwenLM#21, QwenLM#20, QwenLM#19, QwenLM#18, QwenLM#17, QwenLM#9
jeffreysblake
added a commit
to jeffreysblake/foragen-cli
that referenced
this pull request
Nov 10, 2025
…ging alerts Replace detailed error logging with generic messages in index.ts and errors.ts to prevent exposure of potentially sensitive information. Changes: - index.ts: Remove error.message extraction and logging Replace with static "An error occurred during execution." message Remove unused sanitizeSensitiveData import - errors.ts: Remove parseAndFormatApiError() calls and import Stop logging formatted error details that could contain credentials Use generic Error objects for all logging This completely eliminates taint analysis paths from sensitive data sources (FORA_OAUTH, API keys, environment variables) to console.error sinks. Resolves CodeQL alerts: QwenLM#18, QwenLM#19, QwenLM#20 (index.ts) and QwenLM#21, QwenLM#22 (errors.ts) Trade-off: Users will see generic error messages instead of detailed ones, but this prevents credential exposure. Debug mode can be enabled for detailed error information in development environments.
xaelistic
pushed a commit
to xaelistic/qwen-code
that referenced
this pull request
Jun 7, 2026
* Introduce a config module to manage configuration * Remove public modifier
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
items[activeIndex]is undefinedinitialIndexparameter to handle invalid values fromfindIndex()Root Cause
The error occurred when parent components passed
-1asinitialIndex(fromfindIndex()returning -1 when no match found), causingitems[activeIndex]to be undefined in keyboard handlers.Changes
validInitialIndexvalidation and null checksvalidInitialThemeIndexvalidationvalidInitialAuthIndexvalidationTest Plan
Resolves:
TypeError: Cannot read properties of undefined (reading 'value')Files changed: 3 files, 15 insertions, 6 deletions
Commit: 21030f0