Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TEST PR #4986

Closed
wants to merge 1 commit into from
Closed

TEST PR #4986

wants to merge 1 commit into from

Conversation

vgrassia
Copy link
Member

@vgrassia vgrassia commented Nov 6, 2024

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@vgrassia vgrassia closed this Nov 6, 2024
@vgrassia vgrassia reopened this Nov 6, 2024
@vgrassia vgrassia closed this Nov 6, 2024
@vgrassia vgrassia reopened this Nov 6, 2024
@vgrassia vgrassia closed this Nov 6, 2024
@vgrassia vgrassia deleted the patch-test branch November 6, 2024 18:47
Copy link
Contributor

github-actions bot commented Nov 6, 2024

Logo
Checkmarx One – Scan Summary & Details28579fd8-5a02-460a-9a54-4757e5ff21b7

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Missing User Instruction /Dockerfile: 1 A user should be specified in the dockerfile, otherwise the image will run as root
HIGH Passwords And Secrets - Generic Password /test-database.yml: 123 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 203 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 207 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 200 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 129 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 110 Query to find passwords and secrets in infrastructure code.
HIGH Passwords And Secrets - Generic Password /test-database.yml: 98 Query to find passwords and secrets in infrastructure code.
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 1 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 7 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 1 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 7 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile-k8s: 8 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile-k8s: 8 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 1 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 5 When installing a package, its pin version should be defined
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 59 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 547 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 105 Attack Vector
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationsController.cs: 105 Attack Vector
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationsController.cs: 49 Attack Vector
MEDIUM CSRF /src/Billing/Controllers/RecoveryController.cs: 38 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 112 Attack Vector
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 171 Attack Vector
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 87 Attack Vector
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 143 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 603 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 553 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 574 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 574 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 553 Attack Vector
MEDIUM CSRF /src/Api/SecretsManager/Controllers/CountsController.cs: 37 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 921 Attack Vector
MEDIUM CSRF /src/Billing/Controllers/StripeController.cs: 164 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 574 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 574 Attack Vector
MEDIUM CSRF /src/Api/SecretsManager/Controllers/SecretsController.cs: 96 Attack Vector
MEDIUM CSRF /src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: 266 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 95 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProvidersController.cs: 72 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 553 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 553 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 121 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProvidersController.cs: 121 Attack Vector
MEDIUM CSRF /src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: 232 Attack Vector
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 442 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 150 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 150 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 237 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 376 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 376 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 638 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 614 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 685 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/FoldersController.cs: 45 Attack Vector
MEDIUM CSRF /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: 51 Attack Vector
MEDIUM CSRF /src/Api/Controllers/UsersController.cs: 22 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 92 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 49 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 142 Attack Vector
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: 64 Attack Vector
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/OrganizationsController.cs: 351 Attack Vector
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 64 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 517 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 43 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 42 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 62 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 469 Attack Vector
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 99 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 122 Attack Vector
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 119 Attack Vector
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 128 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 517 Attack Vector
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: 76 Attack Vector
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 367 Attack Vector
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 100 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 936 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 121 Attack Vector
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 167 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 263 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 344 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 361 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 107 Attack Vector
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: 48 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 75 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 145 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs: 48 Attack Vector
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 60 Attack Vector
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 73 Attack Vector
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/UsersController.cs: 47 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 161 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 80 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 107 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 175 Attack Vector
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 188 Attack Vector
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 748 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 217 Attack Vector
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 989 Attack Vector
MEDIUM

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant