Skip to content

feat: license engineering support, remove unused sections, fix code scanning alerts#9

Merged
kreinhar merged 6 commits intomainfrom
feat/license-engineering-support
May 4, 2026
Merged

feat: license engineering support, remove unused sections, fix code scanning alerts#9
kreinhar merged 6 commits intomainfrom
feat/license-engineering-support

Conversation

@kreinhar
Copy link
Copy Markdown
Collaborator

@kreinhar kreinhar commented May 4, 2026

Changes

fix: accept SWL_XCB_ENGINEERING_4H engineering license (ctrlX COREvirtual)

  • Added SWL_XCB_ENGINEERING_4H (Bosch variant) alongside SWL_XCR_ENGINEERING_4H

feat: remove System Information section

  • Removed unused section from UI (both index.html copies)

feat: remove Test Messages section

  • Removed UI block, JS functions (sendTestMessage, i18n keys), backend endpoint POST /api/test-message, TestMessageBody struct, chrono_like_ts helper

fix(security): fix XSS in CA registration link (alerts #24/#25)

  • _updateCaRegHint: validate URL with URL() constructor, enforce https: protocol before setting link.href

fix(security): move codeql[rust/path-injection] suppressions inline (alerts #8–#26)

  • CodeQL requires suppressions on the same line as the flagged operation, not the line above
  • Moved all 33 suppression comments to trailing inline position via automated script

Kai Reinhardt added 6 commits April 29, 2026 13:49
fix: add SWL_XCB_ENGINEERING_4H license name for ctrlX COREvirtual (B…
c83c93c 
…osch)

The ctrlX COREvirtual 4h engineering license uses XCB (Bosch) not XCR (Rexroth).
Keep both variants for compatibility.
chore: trailing comma consistency in app.js
edbadbb
fix: align license name comments to satisfy rustfmt check
477d773
feat: remove System Information section from UI
d458fbb
feat: remove Test Messages section (UI, JS, backend endpoint)
c026140
fix(security): fix XSS in CA reg link and move codeql suppressions in…
f016b4e 
…line

- _updateCaRegHint: validate c8y URL with URL() constructor and enforce
  https: protocol before setting link.href – prevents javascript: XSS
  (resolves code scanning alerts #24/#25 js/xss-through-dom)
- Move all codeql[rust/path-injection] suppression comments from preceding
  line to same-line trailing position (CodeQL requires inline comments)
@kreinhar kreinhar merged commit fd1429c into main May 4, 2026
4 of 5 checks passed
@kreinhar kreinhar deleted the feat/license-engineering-support branch May 4, 2026 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kreinhar