Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug/VAS-11415: fix bug on upload project in collect #1318

Merged
merged 1 commit into from
May 4, 2023
Merged

Bug/VAS-11415: fix bug on upload project in collect #1318

merged 1 commit into from
May 4, 2023

Conversation

bbenaissa
Copy link
Collaborator

@bbenaissa bbenaissa commented Apr 24, 2023
edited
Loading

Description

L'objectif de cette PR est de corriger le bug sur le rattachement par clé/valeur à deux positions

Contributeur

VAS (Vitam Accessible en Service)

@TDevillechabrolle
Copy link
Contributor

TDevillechabrolle commented Apr 24, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details1e7782d8-e61e-45c8-afe6-3553c80589b9

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2016-10707 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
HIGH CVE-2020-28491 Maven-com.fasterxml.jackson.dataformat:jackson-dataformat-cbor-2.6.7 Vulnerable Package
HIGH CVE-2021-33813 Maven-org.jdom:jdom2-2.0.6 Vulnerable Package
HIGH CVE-2021-37136 Maven-io.netty:netty-codec-4.1.65.Final Vulnerable Package
HIGH CVE-2021-37137 Maven-io.netty:netty-codec-4.1.65.Final Vulnerable Package
HIGH CVE-2021-43466 Maven-org.thymeleaf:thymeleaf-spring5-3.0.12.RELEASE Vulnerable Package
HIGH CVE-2022-0265 Maven-com.hazelcast:hazelcast-4.2.2 Vulnerable Package
HIGH CVE-2022-36437 Maven-com.hazelcast:hazelcast-4.2.2 Vulnerable Package
MEDIUM CVE-2007-2379 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2015-9251 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2019-11358 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2020-11022 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2020-11023 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2021-41182 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2021-41183 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2021-41184 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2022-24823 Maven-io.netty:netty-common-4.1.65.Final Vulnerable Package
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3286 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3283 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3286 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-external-client/src/main/java/fr/gouv/vitamui/iam/external/client/CasExternalRestClient.java: 135 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-external-client/src/main/java/fr/gouv/vitamui/iam/external/client/CasExternalRestClient.java: 135 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 109 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/TransactionInternalController.java: 149 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/TransactionController.java: 169 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/GroupController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/ProfileController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/SearchCriteriaHistoryController.java: 97 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserController.java: 127 Attack Vector
LOW Log_Forging /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/ArchivalProfileUnitController.java: 190 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/AgencyController.java: 159 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/FileFormatController.java: 190 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/ContextController.java: 152 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/TenantController.java: 113 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/OwnerController.java: 105 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 103 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/OntologyController.java: 159 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/SecurityProfileController.java: 156 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectArchiveUnitController.java: 82 Attack Vector
LOW Log_Forging /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/ProfileController.java: 226 Attack Vector
LOW Log_Forging /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/SubrogationController.java: 90 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 138 Attack Vector
LOW Log_Forging /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/AccessionRegisterInternalController.java: 112 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 86 Attack Vector
LOW Log_Forging /ui/ui-ingest/src/main/java/fr/gouv/vitamui/ingest/rest/IngestController.java: 118 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 128 Attack Vector
LOW Log_Forging /api/api-collect/collect-external/src/main/java/fr/gouv/vitamui/collect/external/server/rest/SearchCriteriaHistoryExternalController.java: 94 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/OntologyExternalController.java: 162 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-external/src/main/java/fr/gouv/vitamui/archives/search/external/server/rest/SearchCriteriaHistoryExternalController.java: 108 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/SearchCriteriaHistoryController.java: 106 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 86 Attack Vector
LOW Log_Forging /ui/ui-ingest/src/main/java/fr/gouv/vitamui/ingest/rest/IngestController.java: 118 Attack Vector
LOW Log_Forging /api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/SubrogationExternalController.java: 189 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/OntologyController.java: 191 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/SecurityProfileController.java: 190 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/SecurityProfileExternalController.java: 160 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectArchiveUnitController.java: 106 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/FileFormatExternalController.java: 175 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/FileFormatController.java: 219 Attack Vector
LOW Use_Of_Hardcoded_Password /deployment/lib/mitogen-0.2.9/mitogen/core.py: 845 Attack Vector

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/service/ProviderService.java: 214 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 111 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 110 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ContextExternalController.java: 123 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/IngestContractExternalController.java: 124 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/FileFormatExternalController.java: 145 Attack Vector
LOW Log_Forging /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/ExternalParamProfileController.java: 108 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/AccessContractController.java: 143 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/ProviderController.java: 152 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 136 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/IngestContractController.java: 144 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ManagementContractExternalController.java: 135 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/AgencyExternalController.java: 137 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ArchivalProfileUnitExternalController.java: 145 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/ManagementContractController.java: 143 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/SecurityProfileExternalController.java: 130 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/OntologyExternalController.java: 144 Attack Vector
LOW Log_Forging

More results are available on AST platform

@bbenaissa bbenaissa requested review from oussamasic, mohatizaoui and abdelmoez-guetat and removed request for oussamasic April 26, 2023 14:45
@bbenaissa bbenaissa self-assigned this Apr 26, 2023
@bbenaissa bbenaissa added bug Something isn't working small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer labels Apr 26, 2023
@bbenaissa bbenaissa added this to the IT 118 milestone Apr 26, 2023
@bbenaissa bbenaissa marked this pull request as ready for review April 26, 2023 14:46
@bbenaissa bbenaissa changed the title Bug/VAS-11355: fix bug on upload project in collect Bug/VAS-11415: fix bug on upload project in collect May 2, 2023
@bbenaissa bbenaissa force-pushed the bug/vas-11355-fix-upload-bugs-on-collect branch from 349b26b to aeaa556 Compare May 4, 2023 09:22
@GiooDev GiooDev merged commit 3e0e6e3 into develop May 4, 2023
@GiooDev GiooDev deleted the bug/vas-11355-fix-upload-bugs-on-collect branch May 4, 2023 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Regzox Regzox Regzox approved these changes

@oussamasic oussamasic oussamasic approved these changes

@laedanrex laedanrex laedanrex approved these changes

@mohatizaoui mohatizaoui Awaiting requested review from mohatizaoui

@abdelmoez-guetat abdelmoez-guetat Awaiting requested review from abdelmoez-guetat

Assignees

@bbenaissa bbenaissa

Labels
bug Something isn't working small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer
Projects
None yet
Milestone
IT 118
Development

Successfully merging this pull request may close these issues.
6 participants
@bbenaissa @TDevillechabrolle @laedanrex @oussamasic @Regzox @GiooDev