Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VAS] Story 10410: update design #1440

Merged
merged 1 commit into from
Aug 23, 2023
Merged

[VAS] Story 10410: update design #1440

merged 1 commit into from
Aug 23, 2023

Conversation

laedanrex
Copy link
Contributor

Description

update design

Type de changement:

  • Nouveau Code

  • Correction

Tests:

manuel

Contributeur

VAS (Vitam Accessible en Service)

@laedanrex laedanrex added javascript Pull requests that update Javascript code small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer VAS VAS contribution labels Aug 21, 2023
@laedanrex laedanrex added this to the IT 123 milestone Aug 21, 2023
@laedanrex laedanrex self-assigned this Aug 21, 2023
@TDevillechabrolle
Copy link
Contributor

Logo
Checkmarx One – Scan Summary & Detailse68d3d64-872d-4995-aed4-8a79fa5514d0

New Issues

Severity Issue Source File / Package Checkmarx Insight
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 322 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 277 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 228 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 239 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 311 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 277 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 228 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 311 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 261 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 201 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 238 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 225 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 249 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 213 Attack Vector
LOW Log_Forging /ui/ui-collect/src/main/java/fr/gouv/vitamui/collect/rest/ProjectObjectGroupController.java: 82 Attack Vector

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
HIGH Reflected_XSS_All_Clients /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM SSRF /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
LOW Log_Forging /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
LOW Log_Forging /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
LOW Log_Forging

More results are available on AST platform

Regzox
Regzox approved these changes Aug 21, 2023
View reviewed changes
Copy link
Contributor

@Regzox Regzox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

J'ai l'impression qu'il existe des molécules pour les formulaires qu'il faudrait extraire en composant réutilisable.

@GiooDev GiooDev merged commit 7117de0 into develop Aug 23, 2023
@GiooDev GiooDev deleted the vas-10410-design-review branch August 23, 2023 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Regzox Regzox Regzox approved these changes

@bbenaissa bbenaissa bbenaissa approved these changes

Assignees

@laedanrex laedanrex

Labels
javascript Pull requests that update Javascript code small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer VAS VAS contribution
Projects
None yet
Milestone
IT 123
Development

Successfully merging this pull request may close these issues.
5 participants
@laedanrex @TDevillechabrolle @bbenaissa @Regzox @GiooDev