Project description

This module integrate with the WalkMe. WalkMe developed the Digital Adoption Platform (DAP) for organizations to utilize the full potential of their digital assets.

Manual review of another projects

View Password
Config Patch
Popular Search Keywords

Project link

https://www.drupal.org/project/walkme_snippet

Git instructions

git clone --branch '8.x-1.x' https://git.drupalcode.org/project/walkme_snippet.git

PAReview checklist

http://pareview.net/r/309

Comments

vipin.mittal18 created an issue. See original summary.

avpaderno’s picture

vipin.mittal18’s picture

Hello Alberto Paderno,

No security or coding standard issues are found in the PAreview. so could you please do some action here on this. I am active contributor and now providing relevant comments on security issues.

Thanks
Vipin Mittal

vipin.mittal18’s picture

Issue summary: View changes
vipin.mittal18’s picture

Issue summary: View changes
avpaderno’s picture

Status: Needs review » Needs work
Issue tags: -PAreview: single application approval
  • What follows is a quick review of the project; it doesn't mean to be complete
  • For every point, I didn't make a complete list of where the files should be fixed, but an example of what is wrong
  • The review points report what should be changed to follow the Drupal coding standards, correctly use the Drupal API, or avoid any (possible) security issue; if a review point isn't about one of those topics, the point makes that clear

The Drupal\Core\Render\Markup class is an internal class not thought to be used from contributed modules.

  catch (\Exception $e) {
    return FALSE;
  }

hook_page_attachments() implementations aren't expected to return values.

vipin.mittal18’s picture

Thanks Alberto Paderno for your indispensable feedback!

I agree hook_page_attachments() doesn't return anything so will modify the exception code in my module but I believe Markup implementation is correct otherwise operators get escaped automatically due to core Drupal 8 feature.

Refer link: https://www.drupal.org/project/drupal/issues/2752283 and https://www.drupal.org/project/responsive_background_image module which has security coverage.

avpaderno’s picture

Only Drupal core can use a class that is marked as internal; that is what comment #27 is saying. That comment is also suggesting a way to avoid using the Markup class.

For what I can see, since the Markup class is using MarkupTrait and that Drupal 8 and 9 backwards compatibility and internal API policy (backend) doesn't say traits are implicitly internal, a class using that trait (which does all the work) would be sufficient.

vipin.mittal18’s picture

Yes Alberto Paderno it make sense and adding the MarkupInterface in my code and then forward you for further review.

vipin.mittal18’s picture

Issue summary: View changes
vipin.mittal18’s picture

Hello Alberto Paderno,

I have resolved the Markup and Exception issue from the project and updated the PAReview checklist of this issue. It was great learning addition to my knowledge base. Thanks very much!

Thanks
Vipin Mittal

vipin.mittal18’s picture

Status: Needs work » Needs review
vipin.mittal18’s picture

Issue summary: View changes
vipin.mittal18’s picture

Issue summary: View changes
vipin.mittal18’s picture

Issue summary: View changes
avpaderno’s picture

Priority: Normal » Critical

I changed the issue priority as described on Review process for security advisory coverage: What to expect / Application Review Timelines.

To reviewers: Please change back the priority to Normal after reviewing the project.

avpaderno’s picture

Assigned: Unassigned » avpaderno
Priority: Critical » Normal
Issue summary: View changes
Status: Needs review » Fixed

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.