From 4db7785f298857f54a30cf6c7486bc7f6b4231bc Mon Sep 17 00:00:00 2001 From: seoonju Date: Thu, 24 Jul 2025 11:54:04 +0900 Subject: [PATCH 1/3] [Autofic] Create package.json and CI workflow --- .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 0000000..2b34036 --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,20 @@ +name: PR Notifier + +on: + pull_request: + types: [opened, reopened, closed] + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Notify Discord + env: + DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL + - name: Notify Slack + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL From b0feb0655a9c82ca724ee358898b0320d0859d84 Mon Sep 17 00:00:00 2001 From: seoonju Date: Thu, 24 Jul 2025 11:54:07 +0900 Subject: [PATCH 2/3] [Autofic] 2 malicious code detected!! --- src/diff.js | 6 +++++- src/diff/worker.js | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/diff.js b/src/diff.js index 7f50a19..2448fa1 100644 --- a/src/diff.js +++ b/src/diff.js @@ -6,7 +6,11 @@ const { Node } = root; function diffWorker (src, tar, { done }) { const worker = new DiffWorker(); - worker.addEventListener('message', e => done(e.data)); + worker.addEventListener('message', e => { + if (e.origin === 'trusted-origin.com') { // Replace 'trusted-origin.com' with the actual trusted origin + done(e.data); + } + }); worker.postMessage([ src, tar ]); } diff --git a/src/diff/worker.js b/src/diff/worker.js index 3101049..897cfc4 100644 --- a/src/diff/worker.js +++ b/src/diff/worker.js @@ -2,6 +2,9 @@ import diff from './main'; // eslint-disable-next-line no-undef self.addEventListener('message', e => { + const trustedOrigin = 'https://your-trusted-origin.com'; // Replace with your trusted origin + if (e.origin !== trustedOrigin) return; // Check the origin of the message + const instructions = diff.apply(null, e.data); // eslint-disable-next-line no-undef self.postMessage(instructions); From d9fe53fab06c3957332afef21b4b2a8872887ba1 Mon Sep 17 00:00:00 2001 From: seoonju Date: Thu, 24 Jul 2025 11:54:24 +0900 Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR --- .github/workflows/pr_notify.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 2b34036..0000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: PR Notifier - -on: - pull_request: - types: [opened, reopened, closed] - -jobs: - notify: - runs-on: ubuntu-latest - steps: - - name: Notify Discord - env: - DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL - - name: Notify Slack - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL