DEV Community

Devansh Shah
Devansh Shah

Posted on

Telescope: a high severity vulnerability

So, I was trying to run telescope locally and I ran it and it had a high severity vulnerability in one of the npm packages. The Package that was of issue was passport-saml. The issue was having an outdated version and it needed an update I ran the npm fix command and it was fixed. This could have been very bad as I did not know if this would break telescope local login. I ran the tests and It worked.

I still did not know that I needed to test the local login system and had no clue as to how to. I submitted a pull request. I received a great review letting me know to test this the local login in order to test whether or not this update broke anything. I read the docs and found how to login locally using passport-saml. run docker build and get the SAML2 server up and running. Then, I needed to start backend and frontend. Then login with the fake user data to test passport-saml and I was able to login confirming that the update did not break anything.

Overall, I learned I probably should not update packages I don't know about, before knowing how it is being used and what is causing the issue. This experience did let me gain a greater insight in the telescope workflows and overall was not to diffcult.

Discussion (0)