Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CodeQL #1885

Open
wants to merge 248 commits into
base: main
Choose a base branch
from
Open

Add CodeQL #1885

wants to merge 248 commits into from

Conversation

jennantilla
Copy link
Contributor

@jennantilla jennantilla commented Oct 27, 2023
edited by niels-s

Description

One Line Summary

Add the CodeQL GitHub security scanning action to this repository.

Details

Add the CodeQL GitHub security scanning action to the this repository. This action will run on PRs into user-model/main and main branches.

Motivation

Security scanning

Scope

Static analysis

Checklist

Overview

  • I have filled out all REQUIRED sections above
  • PR does one thing
    • If it is hard to explain how any codes changes are related to each other then it most likely needs to be more than one PR
  • Any Public API changes are explained in the PR details and conform to existing APIs

Testing

  • I have included test coverage for these changes, or explained why they are not needed
  • All automated tests pass, or I explained why that is not possible
  • I have personally tested this on my device, or explained why that is not possible

Final pass

  • Code is as readable as possible.
    • Simplify with less code, followed by splitting up code into well named functions and variables, followed by adding comments to the code.
  • I have reviewed this PR myself, ensuring it meets each checklist item
    • WIP (Work In Progress) is ok, but explain what is still in progress and what you would like feedback on. Start the PR title with "WIP" to indicate this.

This change is Reviewable

brismithers and others added 30 commits October 17, 2022 14:52
@brismithers
Merge from main
9ae7158
@brismithers
Merge pull request #1670 from OneSignal/user-model/merge-from-main
1266cbd 
[User Model] merge from main
@brismithers
[User Model] notification_types and model event rework
66d0311 
* Update `ISingletonModelStore.get()` function to be `ISingletonModelStore.model` property
* Rework the model store change event system to always fire, using tags to differentiate why changes occurred.
* Add `SubscriptionModel.status` to capture the subscription status, for when retrieving push token fails for some reason.
* Drive event callback when app killed during request notification permission activity.
@brismithers
Merge pull request #1673 from OneSignal/user-model/notification-types…
86af18f 
…-model-event-rework

[User Model] notification_types and model event rework
@brismithers
[User Model] Visual logging and other TODOs
4bdaa8b 
* Implement visual logging
* Remove IInfluenceManager.addSessionData which is no longer required, as session influence is captured via outcome.
* Ensure IAM repository is cleaned on startup.
* Create dummy IAMManager when <4.4
@brismithers
[User Model] Session Manager
96fb6c4 
* Move outcome calls over to new ISessionManager (OneSignal.session)
* Add OneSignal.disableGMSMissingPrompt
@brismithers
* Align preferences with config model store, removing preferences now…
60dbb5a 
… moved to config model.

* Document IPreferencesService
* Document ITime
@brismithers
Merge pull request #1674 from OneSignal/user-model/visual-logging-and…
a12b55c 
…-todos

[User Model] Visual logging and other TODOs
@brismithers
Merge pull request #1675 from OneSignal/user-model/session-manager
a0b4a74 
[User Model] Session Manager
@brismithers
[User Model] Modularize IAM/Notification/Location
5e9019e 
* Move IAM/Notification/Location to their own gradle modules. AndroidManifest/proguard has now been split across the 4 modules.
* Load modules dynamically using reflection within OneSignalImpl, falling back to "Misconfigured" versions if the modules weren't specified in the application.
* Make internal classes required by a OS module no longer defined as `internal` (but keep in internal namespace).
@brismithers
Merge pull request #1678 from OneSignal/user-model/gradle-modularization
698b14f 
[User Model] Modularize IAM/Notification/Location
@brismithers
[User Model] New login process and operation repo updates
77793e8 
* local ID -> remote ID now get changed directly against the model. There is no longer an in-memory translation, which did not work in the event of an app restart.  Each operation now has a `translateId` method to drive updating their IDs.
* Rename `CreateUserOperation` to be `LoginUserOperation` and now has the ability to "identity" an existing user as the user being logged in, rather than always upserting a new user.
* Update `OperationRepo` and supporting executors to properly handle error conditions.
* Update `IOperationRepo.execute` to be `enqueueAndWait` which supports the change in behavior,,execution of an operation always happens on the background thread and does *not* jump the queue.
* Update operation executors to now ensure the model is in a correct state post-backend execution.
@brismithers
Merge pull request #1681 from OneSignal/user-model/login-identity
f2ec786 
[User Model] New login process and operation repo updates
@brismithers
[User Model] Core Unit Tests
9fd560e
@brismithers
Merge pull request #1684 from OneSignal/user-model/core-unit-tests
460a7d6 
[User Model] Core Unit Tests
@brismithers
[User Model] Move and rename
edb2c18 
* Renamed/moved `iam` module to be `inAppMessages` module
* Renamed/moved `notification` module to be `notifications` module
* Renamed `sendOutcomes` to be `addOutcomes`
* Renamed `setTags` to be `addTags`
* Moved triggers to be within `inAppMessages` module
@brismithers
Merge pull request #1685 from OneSignal/user-model/renames-and-moves
95fd7c1 
[User Model] Move and rename
@brismithers
[User Model] Track Session Start
86b872e 
* Add `TrackSessionStartOperation`
* Update executor to count sessions refresh device metadata on `TrackSessionStartOperation`
@brismithers
Merge pull request #1687 from OneSignal/user-model/track-session-start
6816df4 
[User Model] Track Session Start
@brismithers
[User Model] Push notification/subscription alignment
6ded6a2 
* Use SubscriptionStatus enum for subscription status across the codebase.
* IUserManager.subscriptions.push can no longer be null. If there isn't a push subscription a "dummy" one is now returned.
* Add `fallbackToSettings` parameter for `ILocationManager.requestPermission` and `INotificationsManager.requestPermission`
* Renamed `INotificationsManager.permissionsStatus` to `permission` and made it a simple Boolean.
* Added `INotificationsManager.canRequestPermission` as a flag to indicate when permissions can be requested.
* Added `ISubscription.addChangeHandler` to allow user to listen for changes to the subscription.
@brismithers
Merge pull request #1688 from OneSignal/user-model/notification-subsc…
4fa327f 
…ription-alignment

[User model] notification/subscription alignment
@brismithers
[User Model] Minor cleanup
7fe6aca 
* Changed `IDeviceService.deviceType` to return an enum rather than int
* Added `EventProducer.fireOnMain` and `CallbackProducer.fireOnMain` for easy firing of callbacks on main thread.
@brismithers
Merge pull request #1689 from OneSignal/user-model/minor-cleanup
78383da 
[User Model] Minor cleanup
@brismithers
[User Model] Notifications Unit Tests
8bf8651 
* Added various unit tests for notifications module
* removed high level unittest module from solution
@brismithers
Merge pull request #1692 from OneSignal/user-model/notification-unit-…
67f40a9 
…tests

[User Model] Notifications Unit Tests
@brismithers
[User Model] Notification Clicked Handler
7c6d8be 
* Rename from notification opened to notification clicked
* Remove INotificationsManager.postNotification
* Small notification bug fixes
@brismithers
Merge pull request #1695 from OneSignal/user-model/notification-clicked
3d2b5b0 
[User Model] Notification Clicked Handler
@brismithers
[User Model] Backend Integration
7fa1ff4 
* Implement `UserBackendService`, `IdentityBackendService`, and `SubscriptionBackendService`
* Tweak `OutcomeEventsBackendService` to provide `subscriptionId`
@brismithers
[User Model] Location Unit Tests
2f5926a
@brismithers
Simplify gradle testImplementation addition
222cb85
@jennantilla
Copy link
Contributor Author

Great catch @shepherd-l! Looks like this was accidentally added and unused so I removed it.

nan-li
nan-li requested changes Nov 2, 2023
View reviewed changes
.github/workflows/codeql.yml Outdated Show resolved Hide resolved
.github/workflows/codeql.yml Outdated Show resolved Hide resolved
@jennantilla
Revert "Add additional synchronized blocks to get methods"
1847cb4 
This reverts commit df534d5.
@jennantilla
Add synchronized blocks to model get and set methods
ae758cf
@jennantilla
Merge pull request #1876 from OneSignal/fix/concurrent_modification_e…
d8abaee 
…xception

Fix: Add synchronized blocks to prevent ConcurrentModificationException
@jennantilla
Merge pull request #1883 from OneSignal/fix/unitTests
5df036a 
Fix SDK Unit Test failing in GitHub Actions build test workflow
@jennantilla
Merge pull request #1890 from OneSignal/fix/work-runtime_dependency_bump
7d994a9 
Update work-runtime dependency version
@jennantilla
Merge pull request #1891 from OneSignal/fix/PropertiesModelTests_linting
a86c887 
Update comment linting errors on PropertiesModelTests
@jennantilla
Merge pull request #1887 from /issues/1871-protect-thread-exceptions
9d66a3d 
General protection against exceptions that occur on a thread.
@jennantilla
Update version for v5.0.4 release
f8162dc
@jennantilla
Update formatting to pass lint test
3f00ac1
@jennantilla
Merge pull request #1899 from OneSignal/rel/5.0.4
ff841f9 
Release 5.0.4
@jennantilla
add codeql action for security scanning
9a32cf7
@jennantilla
Add intent verification to BroadcastReceiver classes
48eb818 
Update onReceive methods to check for correct action before proceeding. This prevents potential risk of third-party applications to send explicit intents to this receiver to cause a denial of service.
@jinliu9508 jinliu9508 deleted the branch main January 31, 2024 21:21
@jinliu9508 jinliu9508 closed this Jan 31, 2024
@jennantilla
Copy link
Contributor Author

jennantilla commented Jan 31, 2024
edited

Oops, @jinliu9508 this work should eventually get merged (it became stagnant due to a build error). But I think it will be easier for me to just create a new PR once we update to main.

@nan-li
Copy link
Contributor

nan-li commented Jan 31, 2024

Re-opening so we don't lose this, we can always refactor later. The deletion of the usermodel branch (now recovered) caused the PRs to close.

@nan-li nan-li reopened this Jan 31, 2024
@jinliu9508 jinliu9508 force-pushed the user-model/main branch 3 times, most recently from 2072eac to d73bfc6 Compare February 6, 2024 16:38
Base automatically changed from user-model/main to main February 6, 2024 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nan-li nan-li nan-li requested changes

@jkasten2 jkasten2 Awaiting requested review from jkasten2

@emawby emawby Awaiting requested review from emawby

@shepherd-l shepherd-l Awaiting requested review from shepherd-l

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@jennantilla @nan-li @shepherd-l @jinliu9508 @brismithers @emawby