Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VAS] 11397 : commonize read ontology fields service #1331

Merged
merged 1 commit into from
May 4, 2023
Merged

[VAS] 11397 : commonize read ontology fields service #1331

merged 1 commit into from
May 4, 2023

Conversation

oussamasic
Copy link
Contributor

L'objectif de cette PR est de traiter l'US 11397

@oussamasic oussamasic self-assigned this May 3, 2023
@oussamasic oussamasic added this to the IT 118 milestone May 3, 2023
@oussamasic oussamasic added enhancement New feature or request VAS VAS contribution Highlight Important feature for release note labels May 3, 2023
@oussamasic oussamasic force-pushed the feature/vas_item_11397_ontologies_collect_archive_search branch 3 times, most recently from 9db3ee2 to 219c68d Compare May 3, 2023 15:23
@TDevillechabrolle
Copy link
Contributor

TDevillechabrolle commented May 3, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details7f63baac-bbd1-467c-a810-a7083e62104e

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2016-10707 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
HIGH CVE-2020-28491 Maven-com.fasterxml.jackson.dataformat:jackson-dataformat-cbor-2.6.7 Vulnerable Package
HIGH CVE-2021-33813 Maven-org.jdom:jdom2-2.0.6 Vulnerable Package
HIGH CVE-2021-37136 Maven-io.netty:netty-codec-4.1.65.Final Vulnerable Package
HIGH CVE-2021-37137 Maven-io.netty:netty-codec-4.1.65.Final Vulnerable Package
HIGH CVE-2021-43466 Maven-org.thymeleaf:thymeleaf-spring5-3.0.12.RELEASE Vulnerable Package
HIGH CVE-2022-0265 Maven-com.hazelcast:hazelcast-4.2.2 Vulnerable Package
HIGH CVE-2022-36437 Maven-com.hazelcast:hazelcast-4.2.2 Vulnerable Package
MEDIUM CVE-2007-2379 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2015-9251 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2019-11358 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2020-11022 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2020-11023 Maven-org.webjars:jquery-1.12.0 Vulnerable Package
MEDIUM CVE-2021-41182 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2021-41183 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2021-41184 Maven-org.webjars:jquery-ui-1.12.1 Vulnerable Package
MEDIUM CVE-2022-24823 Maven-io.netty:netty-common-4.1.65.Final Vulnerable Package
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3286 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3283 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3286 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-external-client/src/main/java/fr/gouv/vitamui/iam/external/client/CasExternalRestClient.java: 135 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal-client/src/main/java/fr/gouv/vitamui/iam/internal/client/UserInternalRestClient.java: 84 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-external-client/src/main/java/fr/gouv/vitamui/iam/external/client/CasExternalRestClient.java: 135 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/OntologyController.java: 191 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/OntologyExternalController.java: 169 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 292 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 270 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/TransactionArchiveUnitInternalController.java: 162 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 258 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 281 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 109 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/TransactionInternalController.java: 149 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/GroupController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/ProfileController.java: 98 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/SearchCriteriaHistoryController.java: 97 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserController.java: 127 Attack Vector
LOW Log_Forging /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/ArchivalProfileUnitController.java: 190 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/AgencyController.java: 159 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/FileFormatController.java: 190 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/ContextController.java: 152 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/TenantController.java: 113 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/OwnerController.java: 105 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 103 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/OntologyController.java: 159 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/SecurityProfileController.java: 156 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectArchiveUnitController.java: 82 Attack Vector
LOW Log_Forging /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/ProfileController.java: 226 Attack Vector
LOW Log_Forging /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/SubrogationController.java: 90 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/ProjectInternalController.java: 138 Attack Vector
LOW Log_Forging /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/AccessionRegisterInternalController.java: 112 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 86 Attack Vector
LOW Log_Forging /ui/ui-ingest/src/main/java/fr/gouv/vitamui/ingest/rest/IngestController.java: 118 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 128 Attack Vector
LOW Log_Forging /api/api-collect/collect-external/src/main/java/fr/gouv/vitamui/collect/external/server/rest/SearchCriteriaHistoryExternalController.java: 94 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-external/src/main/java/fr/gouv/vitamui/archives/search/external/server/rest/SearchCriteriaHistoryExternalController.java: 108 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/SearchCriteriaHistoryController.java: 106 Attack Vector
LOW Log_Forging /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/UserInfoController.java: 86 Attack Vector
LOW Log_Forging /ui/ui-ingest/src/main/java/fr/gouv/vitamui/ingest/rest/IngestController.java: 118 Attack Vector
LOW Log_Forging /api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/SubrogationExternalController.java: 189 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/SecurityProfileController.java: 190 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/SecurityProfileExternalController.java: 160 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectArchiveUnitController.java: 106 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/FileFormatExternalController.java: 175 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/FileFormatController.java: 219 Attack Vector
LOW Use_Of_Hardcoded_Password /deployment/lib/mitogen-0.2.9/mitogen/core.py: 845 Attack Vector

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Privacy_Violation /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/service/ProviderService.java: 214 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 111 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 110 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ContextExternalController.java: 123 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/IngestContractExternalController.java: 124 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/FileFormatExternalController.java: 145 Attack Vector
LOW Log_Forging /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/ExternalParamProfileController.java: 108 Attack Vector
LOW Log_Forging /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/AccessContractController.java: 143

More results are available on AST platform

@oussamasic oussamasic force-pushed the feature/vas_item_11397_ontologies_collect_archive_search branch from 219c68d to 1d1493b Compare May 4, 2023 12:19
@TDevillechabrolle TDevillechabrolle merged commit 029cb64 into develop May 4, 2023
@GiooDev GiooDev deleted the feature/vas_item_11397_ontologies_collect_archive_search branch July 11, 2023 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anasstsdi anasstsdi anasstsdi approved these changes

@laedanrex laedanrex laedanrex approved these changes

Assignees

@oussamasic oussamasic

Labels
enhancement New feature or request Highlight Important feature for release note VAS VAS contribution
Projects
None yet
Milestone
IT 118
Development

Successfully merging this pull request may close these issues.
4 participants
@oussamasic @TDevillechabrolle @anasstsdi @laedanrex