Bug/Vas-11487: fix downloading objects issue #1383

bbenaissa · 2023-06-21T08:48:38Z

Description

L'objectif de cette PR est de corriger un bug de téléchargement des objets dans le module collect sur la version V6

Contributeur

VAS (Vitam Accessible en Service)

TDevillechabrolle · 2023-06-21T09:20:13Z

Checkmarx One – Scan Summary & Details – 4e4c6bc8-c4e4-4763-b8ee-ccbb6dc7878f

New Issues

Issue	Source File / Package	Checkmarx Insight
Privacy_Violation	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110	Attack Vector
Privacy_Violation	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118	Attack Vector
Log_Forging	/api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 137	Attack Vector
Log_Forging	/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 180	Attack Vector
Log_Forging	/ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectObjectGroupController.java: 82	Attack Vector
Log_Forging	/ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectObjectGroupController.java: 84	Attack Vector
Log_Forging	/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 180	Attack Vector
Log_Forging	/ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectObjectGroupController.java: 82	Attack Vector
Log_Forging	/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 181	Attack Vector
Log_Forging	/tmp/CxSrc/4ef45b94-3983-44f1-9934-413e36e07431/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 226	Attack Vector
Log_Forging	/tmp/CxSrc/4ef45b94-3983-44f1-9934-413e36e07431/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 275	Attack Vector
Log_Forging	/tmp/CxSrc/4ef45b94-3983-44f1-9934-413e36e07431/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 309	Attack Vector
Log_Forging	/tmp/CxSrc/4ef45b94-3983-44f1-9934-413e36e07431/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 237	Attack Vector
Log_Forging	/tmp/CxSrc/4ef45b94-3983-44f1-9934-413e36e07431/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 320	Attack Vector
Log_Forging	/tmp/CxSrc/4ef45b94-3983-44f1-9934-413e36e07431/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 226	Attack Vector
Log_Forging	/tmp/CxSrc/4ef45b94-3983-44f1-9934-413e36e07431/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 275	Attack Vector
Log_Forging	/tmp/CxSrc/4ef45b94-3983-44f1-9934-413e36e07431/ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 309	Attack Vector

Fixed Issues

Issue	Source File / Package	Checkmarx Insight
Reflected_XSS_All_Clients	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
Reflected_XSS_All_Clients	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
Privacy_Violation	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150	Attack Vector
Privacy_Violation	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
SSRF	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
Log_Forging	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 114	Attack Vector
Log_Forging	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116	Attack Vector
Log_Forging	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 127	Attack Vector
Log_Forging	/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115	Attack Vector
Log_Forging	/api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/TransactionArchiveUnitInternalController.java: 162	Attack Vector

bbenaissa force-pushed the bug/vas-11487-download-error-v7 branch from 5bcd599 to 3cced54 Compare June 21, 2023 08:54

GiooDev changed the title ~~fix forgetten param~~ Bug/Vas-11487: fix forgotten param for downloading objects Jun 21, 2023

bbenaissa force-pushed the bug/vas-11487-download-error-v7 branch from 3cced54 to ad18e1c Compare June 22, 2023 09:20

bbenaissa changed the title ~~Bug/Vas-11487: fix forgotten param for downloading objects~~ Bug/Vas-11487: fix downloading objects bug Jun 26, 2023

bbenaissa marked this pull request as ready for review June 26, 2023 10:51

bbenaissa force-pushed the bug/vas-11487-download-error-v7 branch 2 times, most recently from b0c0531 to b7f256a Compare June 26, 2023 16:21

bbenaissa self-assigned this Jun 26, 2023

bbenaissa added bug Something isn't working small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer VAS VAS contribution labels Jun 26, 2023

Bug/Vas-11487: fix downloading objects issue

2937b8b

bbenaissa force-pushed the bug/vas-11487-download-error-v7 branch from b7f256a to 2937b8b Compare June 26, 2023 16:44

mohatizaoui approved these changes Jun 27, 2023

View reviewed changes

laedanrex approved these changes Jun 27, 2023

View reviewed changes

TDevillechabrolle merged commit b4cafa1 into develop Jun 27, 2023

GiooDev deleted the bug/vas-11487-download-error-v7 branch June 27, 2023 14:55

GiooDev added this to the IT 121 milestone Jun 27, 2023

GiooDev changed the title ~~Bug/Vas-11487: fix downloading objects bug~~ Bug/Vas-11487: fix downloading objects issue Jul 4, 2023

laedanrex pushed a commit that referenced this pull request Jul 18, 2023

Bug/Vas-11487: fix downloading objects issue (#1383)

90b1837

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bug/Vas-11487: fix downloading objects issue #1383

Bug/Vas-11487: fix downloading objects issue #1383

bbenaissa commented Jun 21, 2023 •

edited

Loading

TDevillechabrolle commented Jun 21, 2023 •

edited

Loading

Bug/Vas-11487: fix downloading objects issue #1383

Bug/Vas-11487: fix downloading objects issue #1383

Conversation

bbenaissa commented Jun 21, 2023 • edited Loading

Description

Contributeur

TDevillechabrolle commented Jun 21, 2023 • edited Loading

New Issues

Fixed Issues

bbenaissa commented Jun 21, 2023 •

edited

Loading

TDevillechabrolle commented Jun 21, 2023 •

edited

Loading