Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NJWE-2584: implemented backend validation for valid email and domain #3172

Merged
merged 24 commits into from
Feb 11, 2025
Merged

NJWE-2584: implemented backend validation for valid email and domain #3172

merged 24 commits into from
Feb 11, 2025

Conversation

denish-fearless
Copy link
Collaborator

@denish-fearless denish-fearless commented Jan 15, 2025
edited
Loading

NJWE-2584

TEST THIS ADDING MAILCHIMP KEYS TO YOUR BACKEND ENV
#MAILCHIMP
MAILCHIMP_API_KEY
MAILCHIMP_LIST_ID

This PR includes the full working for the signup form
https://fearless.jira.com/browse/NJWE-2654

denish-fearless and others added 14 commits January 15, 2025 12:03
@denish-fearless
implemented backend validation for valid email and domain
37b3b2b
@denish-fearless
edge case, where subdomains exist, will break it to domain and check …
4b5cef8 
…the mx for the domain as it would have returned false if it had checked for subdomains because mx records are checked against root domain
@denish-fearless
after some research found out that some subdomains do have mx records…
f25bd69 
…, this will fall back to root domain if subdomain fails
@denish-fearless
good fence :)
48d3ff3
@denish-fearless
validate phone number
676ad92
@denish-fearless
added test for phone validation
058c3b2
@ChelseaKR
Merge branch 'main' into NJWE-2584
bdc802b
@denish-fearless
changed to in house validation logic
95f1388
@denish-fearless
Merge branch 'NJWE-2584' of https://github.com/newjersey/dol-mcnj-main
a81878c 
…into NJWE-2584
@denish-fearless
removing unused libraries from package
9025e62
@denish-fearless
locking file
8c26205
@ChelseaKR
Merge branch 'main' into NJWE-2584
8032cfb
@denish-fearless
Merge branch 'main' into NJWE-2584
02fb7c0
added full working mechanism for signupform
b875e9b
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 7, 2025
View reviewed changes
backend/src/helpers/emailValidator.ts Fixed Show fixed Hide fixed
backend/src/helpers/emailValidator.ts Fixed Show fixed Hide fixed
backend/src/helpers/emailValidator.ts Fixed Show fixed Hide fixed
backend/src/helpers/emailValidator.ts Fixed Show fixed Hide fixed
@ChelseaKR
Copy link
Collaborator

Hey @denish-fearless,

CodeQL flagged a potential tainted format string issue in emailValidator.ts. The concern is that domain and rootDomain—which originate from user input—are being directly embedded in template literals inside console.error and console.log. This can introduce unintended format specifiers if the input contains special characters.

Suggested Fix:

Instead of using template literals, pass variables as separate arguments:

console.error("DNS error while resolving MX for domain:", domain, "-", err.message);
console.log("Valid MX records found for", domain, ":", addresses);

This ensures safe logging without unexpected behavior. Let me know if you have any questions! 🚀

@denish-fearless denish-fearless merged commit db54057 into main Feb 11, 2025
5 checks passed
@denish-fearless denish-fearless deleted the NJWE-2584 branch February 11, 2025 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChelseaKR ChelseaKR ChelseaKR approved these changes

@scwambach scwambach Awaiting requested review from scwambach

@mflymfly mflymfly Awaiting requested review from mflymfly

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@denish-fearless @ChelseaKR