Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

story #11387 fix(referential): fix bad behavior in usage and service… #1328

Merged
merged 1 commit into from
May 4, 2023
Merged

story #11387 fix(referential): fix bad behavior in usage and service… #1328

merged 1 commit into from
May 4, 2023

Conversation

Regzox
Copy link
Contributor

@Regzox Regzox commented May 2, 2023

… tab of access contracts

Description

  • Réinitialise les changements non enregistrés dans usage et service du service de gestion des contract d'accès.
  • Clean code.

Type de changement:

Indiquer le ou les types de changements

  • Build

  • PKI

  • Ansiblerie

  • Nouveau Code

  • Correction

  • Refactorisation de code

  • Autre

Documentation:

Indiquer la documentation mise à jour

[ ] Quels sont les nouvelles documentations ?

[ ] Quels sont les modifications existantes ?

[ ] Quels sont les documentations ou sections de documentations supprimés ?

Tests:

Indiquer comment le code à été testé (manuel, environnement, TU, etc)

manuel

environnement

TU

Migration:

Indiquer si les modifications apportées impliquent une migration sur l'existant et comment la faire

Checklist:

Sélectionner les éléments de la checklist

[ ] Mon code suit le style de code de ce projet.

[ ] J'ai commenté mon code, en particulier dans les classes et les méthodes difficile à comprendre.

[ ] J'ai fait les changements correspondant dans la documentation RAML.

[ ] J'ai fait les changements correspondant dans la documentation Métier.

[ ] J'ai fait les changements correspondant dans la documentation Technique.

[ ] J'ai rajouté les tests unitaires vérifiant mes fonctionnalités.

[ ] J'ai rajouté les tests de non régression vérifiant mes fonctionnalités.

[ ] Les tests unitaires nouveaux et existants passent avec succès localement.

[ ] Toutes les dépendances ont été mergées en priorité

Contributeur

Indiquer qui a développé cette fonctionnalité

VAS (Vitam Accessible en Service)

CEA (Commissariat à l'énergie atomique et aux énergies alternatives)

@Regzox Regzox requested review from oussamasic and benemart May 2, 2023 08:08
@oussamasic oussamasic requested review from a team and removed request for benemart May 2, 2023 08:18
@TDevillechabrolle
Copy link
Contributor

TDevillechabrolle commented May 2, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details8f521872-93d0-45f8-94c3-be54a6968359

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2020-28491 Maven-com.fasterxml.jackson.dataformat:jackson-dataformat-cbor-2.6.7 Vulnerable Package
HIGH CVE-2021-37136 Maven-io.netty:netty-codec-4.1.65.Final Vulnerable Package
HIGH CVE-2021-37137 Maven-io.netty:netty-codec-4.1.65.Final Vulnerable Package
HIGH CVE-2021-43466 Maven-org.thymeleaf:thymeleaf-spring5-3.0.12.RELEASE Vulnerable Package
HIGH CVE-2022-0265 Maven-com.hazelcast:hazelcast-4.2.2 Vulnerable Package
HIGH CVE-2022-36437 Maven-com.hazelcast:hazelcast-4.2.2 Vulnerable Package
HIGH Cx8bc13cba-30bf Maven-org.bitbucket.b_c:jose4j-0.7.9 Vulnerable Package
MEDIUM CVE-2021-41182 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2021-41183 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2021-41184 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2022-24823 Maven-io.netty:netty-common-4.1.65.Final Vulnerable Package
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3286 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3283 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3286 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-external-client/src/main/java/fr/gouv/vitamui/iam/external/client/CasExternalRestClient.java: 135 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-external-client/src/main/java/fr/gouv/vitamui/iam/external/client/CasExternalRestClient.java: 135 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 109 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/TransactionInternalController.java: 149 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/TransactionController.java: 169 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/GroupController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/ProfileController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/SearchCriteriaHistoryController.java: 97 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserController.java: 127 Attack Vector
LOW Log_Forging /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/ArchivalProfileUnitController.java: 190 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/AgencyController.java: 159 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/FileFormatController.java: 190 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/ContextController.java: 152 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/TenantController.java: 113 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/OwnerController.java: 105 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 103 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/OntologyController.java: 159 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/SecurityProfileController.java: 156 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectArchiveUnitController.java: 82 Attack Vector
LOW Log_Forging /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/ProfileController.java: 226 Attack Vector
LOW Log_Forging /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/SubrogationController.java: 90 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 138 Attack Vector
LOW Log_Forging /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/AccessionRegisterInternalController.java: 112 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 86 Attack Vector
LOW Log_Forging /ui/ui-ingest/src/main/java/fr/gouv/vitamui/ingest/rest/IngestController.java: 118 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 128 Attack Vector
LOW Log_Forging /api/api-collect/collect-external/src/main/java/fr/gouv/vitamui/collect/external/server/rest/SearchCriteriaHistoryExternalController.java: 94 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/OntologyExternalController.java: 162 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-external/src/main/java/fr/gouv/vitamui/archives/search/external/server/rest/SearchCriteriaHistoryExternalController.java: 108 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/SearchCriteriaHistoryController.java: 106 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 86 Attack Vector
LOW Log_Forging /ui/ui-ingest/src/main/java/fr/gouv/vitamui/ingest/rest/IngestController.java: 118 Attack Vector
LOW Log_Forging /api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/SubrogationExternalController.java: 189 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/OntologyController.java: 191 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/SecurityProfileController.java: 190 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/SecurityProfileExternalController.java: 160 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectArchiveUnitController.java: 106 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/FileFormatExternalController.java: 175 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/FileFormatController.java: 219 Attack Vector
LOW Use_Of_Hardcoded_Password /deployment/lib/mitogen-0.2.9/mitogen/core.py: 845 Attack Vector

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2019-10768 Npm-angular-1.5.3 Vulnerable Package
HIGH CVE-2023-26116 Npm-angular-1.5.3 Vulnerable Package
HIGH CVE-2023-26117 Npm-angular-1.5.3 Vulnerable Package
HIGH CVE-2023-26118 Npm-angular-1.5.3 Vulnerable Package
MEDIUM CVE-2016-10735 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2018-14040 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2018-14042 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2018-20676 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2018-20677 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2019-8331 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2020-7676 Npm-angular-1.5.3 Vulnerable Package
MEDIUM CVE-2022-25869 Npm-angular-1.5.3 Vulnerable Package
MEDIUM Cx18bb8d98-18e8 Npm-angular-1.5.3 Vulnerable Package
MEDIUM Cxc6dff9ba-ff4a Npm-angular-1.5.3 Vulnerable Package
MEDIUM Cxcad95f4c-ad21 Npm-angular-1.5.3 Vulnerable Package
MEDIUM Cxd034cc8e-79f3 Npm-angular-1.5.3 Vulnerable Package
MEDIUM Cxf013a387-1fbe Npm-angular-1.5.3 Vulnerable Package
MEDIUM Cxf0b588a3-5c6f Npm-jquery-2.2.4 Vulnerable Package
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/service/ProviderService.java: 214 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 111 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 110 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ContextExternalController.java: 123 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/IngestContractExternalController.java: 124 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/FileFormatExternalController.java: 145 Attack Vector
LOW Log_Forging /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/ExternalParamProfileController.java: 108 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/AccessContractController.java: 143 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/ProviderController.java: 152 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 136

More results are available on AST platform

@Regzox Regzox force-pushed the story_#11387_access_contract_usage_and_service_bad_behavior branch 3 times, most recently from eaf58a2 to 5a13512 Compare May 2, 2023 09:27
@oussamasic oussamasic added this to the IT 118 milestone May 2, 2023
@oussamasic oussamasic added bug Something isn't working small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer VAS VAS contribution labels May 2, 2023
@Regzox Regzox force-pushed the story_#11387_access_contract_usage_and_service_bad_behavior branch 3 times, most recently from be4bbf4 to 66f540d Compare May 3, 2023 12:59
@Regzox Regzox changed the title story #11387 fix(referencial): fix bad behavior in usange and service… story #11387 fix(referential): fix bad behavior in usange and service… May 3, 2023
@Regzox Regzox force-pushed the story_#11387_access_contract_usage_and_service_bad_behavior branch from 66f540d to e2f90fc Compare May 3, 2023 13:00
@Regzox Regzox changed the title story #11387 fix(referential): fix bad behavior in usange and service… story #11387 fix(referential): fix bad behavior in usage and service… May 3, 2023
@GiooDev GiooDev merged commit ef9b5e9 into develop May 4, 2023
@GiooDev GiooDev deleted the story_#11387_access_contract_usage_and_service_bad_behavior branch May 4, 2023 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhameg mhameg mhameg approved these changes

@oussamasic oussamasic oussamasic approved these changes

Assignees

@Regzox Regzox

Labels
bug Something isn't working small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer VAS VAS contribution
Projects
None yet
Milestone
IT 118
Development

Successfully merging this pull request may close these issues.
5 participants
@Regzox @TDevillechabrolle @oussamasic @mhameg @GiooDev