From 951f3b8c68721cc2e5d1682ca9fec993cd40ddf0 Mon Sep 17 00:00:00 2001 From: yjchoe818 Date: Wed, 23 Jul 2025 23:33:58 +0900 Subject: [PATCH 1/3] [Autofic] Create package.json and CI workflow --- .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 0000000..2b34036 --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,20 @@ +name: PR Notifier + +on: + pull_request: + types: [opened, reopened, closed] + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Notify Discord + env: + DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL + - name: Notify Slack + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL From 112f53281083af1c5a951fd177fb2722c4df42b7 Mon Sep 17 00:00:00 2001 From: yjchoe818 Date: Wed, 23 Jul 2025 23:33:59 +0900 Subject: [PATCH 2/3] [Autofic] 1 malicious code detected!! --- sources/script.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sources/script.js b/sources/script.js index c916d48..0837aa1 100644 --- a/sources/script.js +++ b/sources/script.js @@ -137,6 +137,7 @@ function proxyNotifications(isBackgroundScript) { window.addEventListener("message", function (event) { + if (event.origin !== whatsAppUrl) return; // Validate the origin of the message if (event != undefined && event.data != undefined && event.data.name == "backgroundNotificationClicked") { chrome.runtime.sendMessage({ name: "backgroundNotificationClicked", srcChatTitle: event.data.srcChatTitle }); @@ -147,6 +148,7 @@ function proxyNotifications(isBackgroundScript) { window.addEventListener("message", function (event) { + if (event.origin !== whatsAppUrl) return; // Validate the origin of the message if (event != undefined && event.data != undefined && (event.data.name == "foregroundNotificationClicked" || event.data.name == "foregroundNotificationShown")) { setTimeout(function () { checkBadge(); }, safetyDelayLonger); @@ -205,13 +207,13 @@ function proxyNotifications(isBackgroundScript) if (debug) console.info("WAT: Background notification click intercepted with srcChatTitle " + srcChatTitle); } - window.postMessage({ name: "backgroundNotificationClicked", srcChatTitle: srcChatTitle }, "*"); + window.postMessage({ name: "backgroundNotificationClicked", srcChatTitle: srcChatTitle }, whatsAppUrl); // Use specific target origin } else { if (debug) console.info("WAT: Foreground notification click intercepted"); - window.postMessage({ name: "foregroundNotificationClicked" }, "*"); + window.postMessage({ name: "foregroundNotificationClicked" }, whatsAppUrl); // Use specific target origin } }; _notification.onshow = function (event) @@ -222,7 +224,7 @@ function proxyNotifications(isBackgroundScript) { if (debug) console.info("WAT: Foreground notification show intercepted"); - window.postMessage({ name: "foregroundNotificationShown" }, "*"); + window.postMessage({ name: "foregroundNotificationShown" }, whatsAppUrl); // Use specific target origin } }; _notification.onerror = function (event) From 35017f815c19de2e82f8f363bcc8471077e1b877 Mon Sep 17 00:00:00 2001 From: yjchoe818 Date: Wed, 23 Jul 2025 23:34:14 +0900 Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR --- .github/workflows/pr_notify.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 2b34036..0000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: PR Notifier - -on: - pull_request: - types: [opened, reopened, closed] - -jobs: - notify: - runs-on: ubuntu-latest - steps: - - name: Notify Discord - env: - DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL - - name: Notify Slack - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL