Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nebula 6 #19

Merged
merged 13 commits into from
Feb 13, 2023
Merged

Nebula 6 #19

merged 13 commits into from
Feb 13, 2023

Conversation

martastain
Copy link
Member

@martastain martastain commented Feb 6, 2023
edited
Loading

Nebula 6 is a major release which breaks compatibility with the old API and settings (DB structure as well as the rest of the data remain the same tho, so it is possible to just update settings and upgrade).

nebulabroadcast/nebula becomes a monorepo of nebula-server, which is the API part of the system. Along with the API, it provides React-based web interface for the MAM part.
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 6, 2023
View reviewed changes
backend/server/__init__.py
# TODO: authentication using a path parameter

video_path = f"/mnt/nebula_01/.nx/proxy/{int(id_asset/1000):04d}/{id_asset}.mp4"
if not os.path.exists(video_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression

This path depends on a [user-provided value](1).
backend/server/video.py
def range_requests_response(request: Request, file_path: str, content_type: str):
"""Returns StreamingResponse using Range Requests of a given file"""

file_size = os.stat(file_path).st_size

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression

This path depends on a [user-provided value](1).
backend/server/video.py
status_code = status.HTTP_206_PARTIAL_CONTENT

return StreamingResponse(
send_bytes_range_requests(open(file_path, mode="rb"), start, end),

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression

This path depends on a [user-provided value](1).
backend/nebula/objects/user.py

def hash_password(password: str):
if config.password_hashing == "legacy":
return hashlib.sha256(password.encode("ascii")).hexdigest()

Check failure

Code scanning / CodeQL

Use of a broken or weak cryptographic hashing algorithm on sensitive data

[Sensitive data (password)](1) is used in a hashing algorithm (SHA256) that is insecure for password hashing, since it is not a computationally expensive hash function. [Sensitive data (password)](2) is used in a hashing algorithm (SHA256) that is insecure for password hashing, since it is not a computationally expensive hash function. [Sensitive data (password)](3) is used in a hashing algorithm (SHA256) that is insecure for password hashing, since it is not a computationally expensive hash function. [Sensitive data (password)](4) is used in a hashing algorithm (SHA256) that is insecure for password hashing, since it is not a computationally expensive hash function.
@martastain martastain marked this pull request as ready for review February 13, 2023 17:46
@martastain martastain merged commit 9275133 into main Feb 13, 2023
martastain added a commit that referenced this pull request Feb 13, 2023
@martastain
Merge pull request #20 from nebulabroadcast/main
3151593 
Merge pull request #19 from nebulabroadcast/develop
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
1 participant
@martastain