Commit 7c485d1
* #699 planetcantile p1
* #699 Add planetcantile
* #699 Add untested EPSG:3413 TileMatrixSet
* #699 Update Feature Branch (#747)
* Use PolyMeasure to draw great circle lines with Measure Tool
* Round meters to two digits on Measure tool x-axis
* Added option to not display PolylineMeasure tooltips
* Fix bug with noDataValue for single banded COGs (#700)
* Fixed issue where rubberline is not drawn with first click or after zoom
* Fix critical security vulnerabilities identified in SonarQube analysis (#701)
* Fix critical security vulnerabilities identified in SonarQube analysis
This commit addresses 8 legitimate security vulnerabilities while documenting
13 false positives that had adequate existing protections.
Security fixes implemented:
**Path Injection Vulnerabilities (3 issues fixed):**
- middleware.js: Added URL validation requiring /Missions prefix and blocking
directory traversal sequences (../ and ..\)
- configs.js: Fixed flawed validation logic (AND→OR) and added directory
traversal protection for mission names
**Cross-Site Scripting (1 issue fixed):**
- configs.js: Added sanitizeInput() function to escape HTML entities in error
messages containing user-controlled data, preventing reflected XSS attacks
**Insecure Temporary File Creation (4 sample fixes):**
- Replaced insecure tempfile.mktemp() with tempfile.mkstemp() in:
- auxiliary/demtiles/gdal2demtiles.py (lines 839, 874)
- auxiliary/gdal2tiles4extent/gdal2tiles4extent.py (line 521)
- auxiliary/gdal2customtiles/legacy/gdal2customtiles.py (line 601)
- Eliminates race condition vulnerabilities in GDAL processing scripts
**False Positives Documented:**
- SQL Injection (5 issues): Existing parameterized queries and input
sanitization provide adequate protection
- Analysis details in reviewed_findings.md
All fixes maintain backward compatibility while significantly improving
security posture. Remaining auxiliary Python scripts follow the same
tempfile pattern for completion.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Tweaks to critical security vulnerability fixes
* Support .. as long as it stays within /Missions
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Tariq Soliman <Tariq.K.Soliman@jpl.nasa.gov>
* Minor fix: sort geodataset results
* Make sure polyline measurements are cleared on reset
* #702 Fix LayersTool filtering on non-dynamicExtent props-on-click geodatasets (#703)
* Minor fix: more versatile Help root pathing
* #704 Upgrade All Adjacent Servers (#705)
* Don't use polyline with LOS or else it results in two lines
* Make sure rubberline gets drawn in continuous modes
* Ensure line of sight follows great circle and polyline display cleanup
* Update Dockerfile to update certs
* Use LOS technique to draw great circle lines with varying colors
* Show great circle line even if no DEM #52
* #708 User Account Management (#711)
* #708 User Account Management 1
* #708 user account control part 2
* #708 user account management part 3
* User account control part 4
* #708 minor style tweaks
* Minor resetPassword link fix
* Use contours on all login pages
* #712 Fix some security issues (#713)
* #714 Configurable Wrapping for 2D Map (#715)
* #714 Map maxbounds
* #714 apply to projected maps too
* #716 Per Mission Permissions (#717)
* #716 Per-Mission Permission part 1
* #716 Per Mission Permissions
* #718 Globe Controls clash with Separated Tool buttons in the UI (#719)
* Added multi-platform build to support arm64 architecture
* Fix ensureUser for new Admins
* Separate platform builds and append -arm64 to the end of arm64 images
* Use separate ARM64 runner for faster ARM64 Docker builds
* Fix arm64 tag assignment syntax
* Use a prerendered image for the layer legend #658
* #721 Show, Delete, and Search for individual STAC items (#723)
* #721 STAC item UI part 1
* #721 STAC item UI part 2
* Bump version 4.0.0 -> 4.1.0
* Adjust legend width based on legend image up to 300px
* #724 Legends Max on top (#725)
* Add feature to set Layer header expanded state individually (#726)
* Expand layers feature
* Fix bug with keeping header expanded/unexpanded state
* Expand individual headers only if LayersTool.vars.expanded is not set to true
* #727 STAC item regex search and bulk delete (#728)
* #727 Stac item regex, bbox, bulk delete support part 1
* #727 Support 32bit stac items in map
* #729 Default configuration for live mode (#730)
* #731 Projection Tab Autocomplete, Case Insensitive Mission Sorting, Smart field dsiabling in /configure (#732)
* Filter out blank csv entries in csvToJSON function (#734)
* Add amd64 image suffix and build it last
* Use regular docker build instead of buildx
* Add Legend tool display options (#735)
* Add configuration options
* Add header options for legend tool
* Improve syntax
* #736 Configure Required Field Indicators (#737)
* #738 Fix GeoDataset LOCAL (#739)
* #740 Add mission planet radii (#741)
* Add legend-based property styling for vector layers
* #742 Configure Preview iframe to respect subpaths (#744)
* #709 Improved Continuous Legend Symbology Styling
* #745 Live Follow Mode (#746)
---------
Co-authored-by: Joe Roberts <joe.t.roberts@jpl.nasa.gov>
Co-authored-by: ac-61 <ac-61@users.noreply.github.com>
Co-authored-by: Jeff Leach <jl-0@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Joe T. Roberts <5315956+jtroberts@users.noreply.github.com>
* #699 Add EPSG:3413
---------
Co-authored-by: Joe Roberts <joe.t.roberts@jpl.nasa.gov>
Co-authored-by: ac-61 <ac-61@users.noreply.github.com>
Co-authored-by: Jeff Leach <jl-0@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Joe T. Roberts <5315956+jtroberts@users.noreply.github.com>
1 parent a0c647e commit 7c485d1
File tree
1,043 files changed
+756449
-28
lines changed- adjacent-servers
- resources/tilematrixsets/planetcantile_v4
- titiler-pgstac
- titiler
- auxiliary/stac/create-stac-items
- configure/src
- components/Tabs/Coordinates
- core
- metaconfigs
- docs/pages/Configure/Projections
- src/essence/Basics/Map_
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
1,043 files changed
+756449
-28
lines changedLines changed: 291 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
| 155 | + | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
| 161 | + | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
| 176 | + | |
| 177 | + | |
| 178 | + | |
| 179 | + | |
| 180 | + | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
| 184 | + | |
| 185 | + | |
| 186 | + | |
| 187 | + | |
| 188 | + | |
| 189 | + | |
| 190 | + | |
| 191 | + | |
| 192 | + | |
| 193 | + | |
| 194 | + | |
| 195 | + | |
| 196 | + | |
| 197 | + | |
| 198 | + | |
| 199 | + | |
| 200 | + | |
| 201 | + | |
| 202 | + | |
| 203 | + | |
| 204 | + | |
| 205 | + | |
| 206 | + | |
| 207 | + | |
| 208 | + | |
| 209 | + | |
| 210 | + | |
| 211 | + | |
| 212 | + | |
| 213 | + | |
| 214 | + | |
| 215 | + | |
| 216 | + | |
| 217 | + | |
| 218 | + | |
| 219 | + | |
| 220 | + | |
| 221 | + | |
| 222 | + | |
| 223 | + | |
| 224 | + | |
| 225 | + | |
| 226 | + | |
| 227 | + | |
| 228 | + | |
| 229 | + | |
| 230 | + | |
| 231 | + | |
| 232 | + | |
| 233 | + | |
| 234 | + | |
| 235 | + | |
| 236 | + | |
| 237 | + | |
| 238 | + | |
| 239 | + | |
| 240 | + | |
| 241 | + | |
| 242 | + | |
| 243 | + | |
| 244 | + | |
| 245 | + | |
| 246 | + | |
| 247 | + | |
| 248 | + | |
| 249 | + | |
| 250 | + | |
| 251 | + | |
| 252 | + | |
| 253 | + | |
| 254 | + | |
| 255 | + | |
| 256 | + | |
| 257 | + | |
| 258 | + | |
| 259 | + | |
| 260 | + | |
| 261 | + | |
| 262 | + | |
| 263 | + | |
| 264 | + | |
| 265 | + | |
| 266 | + | |
| 267 | + | |
| 268 | + | |
| 269 | + | |
| 270 | + | |
| 271 | + | |
| 272 | + | |
| 273 | + | |
| 274 | + | |
| 275 | + | |
| 276 | + | |
| 277 | + | |
| 278 | + | |
| 279 | + | |
| 280 | + | |
| 281 | + | |
| 282 | + | |
| 283 | + | |
| 284 | + | |
| 285 | + | |
| 286 | + | |
| 287 | + | |
| 288 | + | |
| 289 | + | |
| 290 | + | |
| 291 | + | |
0 commit comments