Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Xelians] - Recharting CEA apps #1599

Closed
wants to merge 7 commits into from
Closed

[Xelians] - Recharting CEA apps #1599

wants to merge 7 commits into from

Conversation

pyXelians
Copy link
Contributor

@pyXelians pyXelians commented Dec 26, 2023
edited
Loading

Cette PR contient le recharting des applications référentiels ainsi que certaines corrections de bug:

  • Service agent
  • Journal des opérations
  • Contrat d'accès
  • Opération de sécurisation
  • Contrat d'entrée
  • Requête DSL
  • Relevé de valeur probante
  • Audit
  • Format
  • Contexte applicatif
  • Profils de sécurité
  • Ontologie
  • Règles de gestion

Type de changement

  • Code et/ou Configuration : Correction, évolution

Tests

Suite au build un rapport de test est généré avec les vulnérabilités.

Migration

Quels sont les opérations supplémentaires à faire lors d’une migration de VITAM ?
De quel version à quel version s’appliquent ces modifications ?

Checklist

[ * ] Les tests unitaires nouveaux et existants passent avec succès localement.
[ * ] Toutes les dépendances ont été mergées en priorité

Contributeur

Xelians

@pyXelians pyXelians added enhancement New feature or request Xelians XELIANS contribution OPS REVIEW Mandatory if deployment/ directory is modified. labels Dec 26, 2023
@pyXelians pyXelians self-assigned this Dec 26, 2023
@vitam-devops
Copy link
Collaborator

vitam-devops commented Dec 26, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details24d73d25-796c-48f2-976f-ab64a7b719ad

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2019-15599 Npm-tree-kill-1.2.1 Vulnerable Package
HIGH CVE-2020-28502 Npm-xmlhttprequest-ssl-1.5.5 Vulnerable Package
HIGH CVE-2020-36048 Npm-engine.io-3.2.1 Vulnerable Package
HIGH CVE-2020-36049 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2020-7660 Npm-serialize-javascript-1.9.1 Vulnerable Package
HIGH CVE-2020-7788 Npm-ini-1.3.5 Vulnerable Package
HIGH CVE-2020-7793 Npm-ua-parser-js-0.7.22 Vulnerable Package
HIGH CVE-2021-27292 Npm-ua-parser-js-0.7.22 Vulnerable Package
HIGH CVE-2021-31597 Npm-xmlhttprequest-ssl-1.5.5 Vulnerable Package
HIGH CVE-2022-2421 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2022-25927 Npm-ua-parser-js-0.7.22 Vulnerable Package
HIGH CVE-2022-42252 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
HIGH CVE-2022-45143 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
HIGH CVE-2023-32695 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2023-32695 Npm-socket.io-parser-3.3.3 Vulnerable Package
HIGH CVE-2023-45859 Maven-com.hazelcast:hazelcast-5.1.3 Vulnerable Package
MEDIUM CVE-2019-16769 Npm-serialize-javascript-1.9.1 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-6.10.0 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-5.5.2 Vulnerable Package
MEDIUM CVE-2020-28481 Npm-socket.io-2.1.1 Vulnerable Package
MEDIUM CVE-2020-7693 Npm-sockjs-0.3.19 Vulnerable Package
MEDIUM CVE-2021-23364 Npm-browserslist-4.5.5 Vulnerable Package
MEDIUM CVE-2021-23495 Npm-karma-4.1.0 Vulnerable Package
MEDIUM CVE-2021-23495 Npm-karma-5.2.3 Vulnerable Package
MEDIUM CVE-2022-0437 Npm-karma-5.2.3 Vulnerable Package
MEDIUM CVE-2022-0437 Npm-karma-4.1.0 Vulnerable Package
MEDIUM CVE-2022-21704 Npm-log4js-4.5.1 Vulnerable Package
MEDIUM CVE-2022-41940 Npm-engine.io-3.2.1 Vulnerable Package
MEDIUM CVE-2023-26159 Npm-follow-redirects-1.15.3 Vulnerable Package
MEDIUM CVE-2023-28708 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
MEDIUM CVE-2024-25710 Maven-org.apache.commons:commons-compress-1.21 Vulnerable Package
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/user/service/UserEmailInternalService.java: 98 Attack Vector
MEDIUM Cx816df59e-1cc9 Npm-marked-0.7.0 Vulnerable Package
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /ui/ui-frontend-common/src/app/modules/error-dialog/error-dialog.component.ts: 57 Attack Vector
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /ui/ui-frontend-common/src/app/modules/components/navbar/navbar.component.ts: 88 Attack Vector
LOW Client_DOM_Open_Redirect /ui/ui-frontend-common/src/app/modules/authentication/services/oidc-authenticator.service.ts: 103 Attack Vector
LOW Client_DOM_Open_Redirect /ui/ui-frontend/projects/pastis/src/app/shared/pastis-breadcrumb-components/pastis-title-breadcrumb/pastis-title-breadcrumb.component.ts: 57 Attack Vector
LOW Client_DOM_Open_Redirect /ui/ui-frontend/projects/pastis/src/app/shared/pastis-popup-option/pastis-popup-option.component.ts: 107 Attack Vector
LOW Client_DOM_Open_Redirect /ui/ui-frontend-common/src/app/modules/components/vitamui-content-breadcrumb/vitamui-title-breadcrumb/vitamui-title-breadcrumb.component.ts: 59 Attack Vector
LOW Heap_Inspection /api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/user/service/UserInternalService.java: 496 Attack Vector
LOW Log_Forging /api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/rest/UserInternalController.java: 94 Attack Vector
LOW Log_Forging /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/AgencyInternalController.java: 179 Attack Vector
LOW Log_Forging /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/AgencyInternalController.java: 179 Attack Vector
LOW Log_Forging /api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/rest/UserInternalController.java: 94 Attack Vector
LOW Log_Forging /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/AgencyInternalController.java: 179 Attack Vector
LOW Log_Forging /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/AgencyInternalController.java: 179 Attack Vector
LOW Unsafe_Use_Of_Target_blank /ui/ui-frontend/projects/pastis/src/app/app.component.html: 16 Attack Vector
LOW Use_Of_Hardcoded_Password /ui/ui-frontend/projects/identity/src/app/customer/customer-preview/sso-tab/sso-tab.component.spec.ts: 142 Attack Vector
LOW Use_Of_Hardcoded_Password /ui/ui-frontend/projects/identity/src/app/customer/customer-preview/sso-tab/sso-tab.component.spec.ts: 141 Attack Vector
LOW Use_Of_Hardcoded_Password_In_Config /api/api-iam/iam-internal/src/main/resources/exported-data.properties: 19 Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2023-28857 Maven-org.apereo.cas:cas-server-support-x509-core-6.6.4
HIGH CVE-2023-2976 Maven-com.google.guava:guava-31.0.1-jre
HIGH CVE-2023-2976 Maven-com.google.guava:guava-31.1-jre
HIGH CVE-2023-2976 Maven-com.google.guava:guava-30.1.1-jre
HIGH CVE-2023-2976 Maven-com.google.guava:guava-25.0-jre
HIGH Missing User Instruction /Dockerfile: 10
HIGH Missing User Instruction /Dockerfile: 10
HIGH Missing User Instruction /Dockerfile: 11
HIGH Missing User Instruction /Dockerfile: 10
HIGH No New Privileges Not Set /vitam-recette.yml: 54
HIGH No New Privileges Not Set /vitam-dev.yml: 19
HIGH No New Privileges Not Set /vitam-recette.yml: 17
HIGH No New Privileges Not Set /docker-compose.yml: 10
HIGH Passwords And Secrets - Generic Password /application.yml: 31
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 141
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 36
HIGH Passwords And Secrets - Generic Password /application.yml: 52
HIGH Passwords And Secrets - Generic Password /application.yml: 97
HIGH Passwords And Secrets - Generic Password /application-integration.yml: 66
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 31
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 62
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 93
HIGH Passwords And Secrets - Generic Password /application.yml: 44
HIGH Passwords And Secrets - Generic Password /application.yml: 44
HIGH Passwords And Secrets - Generic Password /application.yml: 40
HIGH Passwords And Secrets - Generic Password /application.yml: 77
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 60
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 22
HIGH Passwords And Secrets - Generic Password /application.yml: 28
HIGH Passwords And Secrets - Generic Password /mongo_cluster.yml: 11
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 133
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 68
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 29
HIGH Passwords And Secrets - Generic Password /application.yml: 41
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 22
HIGH Passwords And Secrets - Generic Password /mongo_dev.yml: 37
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 19
HIGH Passwords And Secrets - Generic Password /application.yml: 31
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 91
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 32
HIGH Passwords And Secrets - Generic Password /application.yml: 77
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 118
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 62
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 24
HIGH Passwords And Secrets - Generic Password /application.yml: 40
HIGH Passwords And Secrets - Generic Password /logstash.yml: 227
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 62
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 55
HIGH Passwords And Secrets - Generic Password /application.yml: 97
HIGH Passwords And Secrets - Generic Password /application.yml: 51
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 56
HIGH Passwords And Secrets - Generic Password /application.yml: 30
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 66
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 71
HIGH Passwords And Secrets - Generic Password /application.yml: 76
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 9
HIGH Passwords And Secrets - Generic Password /application.yml: 64
HIGH Passwords And Secrets - Generic Password /application.yml: 44
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 180
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 23
HIGH Passwords And Secrets - Generic Password /application.yml: 40
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 47
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 78
HIGH Passwords And Secrets - Generic Password /application.yml: 42
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 104
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 22
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 75
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 58
HIGH Passwords And Secrets - Generic Password /application.yml: 39
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 22
HIGH Passwords And Secrets - Generic Password /application.yml: 57
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 124
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 27
HIGH Passwords And Secrets - Generic Password /application.yml: 65
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 29
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 33
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 23
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 13
HIGH Passwords And Secrets - Generic Password /application.yml: 76
HIGH Passwords And Secrets - Generic Password /application.yml: 37
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 36
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 76
HIGH Passwords And Secrets - Generic Password /application.yml: 27
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 75
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 52
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 149
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 131
HIGH Passwords And Secrets - Generic Password /application.yml: 76
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 108
HIGH Passwords And Secrets - Generic Password /mongo_cluster.yml: 34
HIGH Passwords And Secrets - Generic Password /application.yml: 33
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 22
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 52
HIGH Passwords And Secrets - Generic Password /application.yml: 85
HIGH Passwords And Secrets - Generic Password /application.yml: 42
HIGH Passwords And Secrets - Generic Password /application.yml: 39
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 54
HIGH Passwords And Secrets - Generic Password /application-integration.yml: 47
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 33
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 19
HIGH Passwords And Secrets - Generic Password /application.yml: 29
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 40
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 48
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 14
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 115
HIGH Passwords And Secrets - Generic Password /application.yml: 27
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 100
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 87
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 21
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 47
HIGH Passwords And Secrets - Generic Password /application.yml: 77
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 50
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 30
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 62
HIGH Passwords And Secrets - Generic Password /logstash.yml: 244
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 23
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 90
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 21
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 71
HIGH Passwords And Secrets - Generic Password /application.yml: 47
HIGH Passwords And Secrets - Generic Password /application.yml: 53
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 12
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 14
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 20
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 59
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 48
HIGH Passwords And Secrets - Generic Password /application.yml: 42
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 73
HIGH Passwords And Secrets - Generic Password /application.yml: 40
HIGH Passwords And Secrets - Generic Password /Dockerfile: 67
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 64
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 32
HIGH Passwords And Secrets - Generic Password /cas-server-application-recette.yml: 37
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 35
HIGH Passwords And Secrets - Generic Password /application-recette.yml: 91
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 89
HIGH Passwords And Secrets - Generic Password /mongo_vars_dev.yml: 57
HIGH Passwords And Secrets - Generic Password /cas-server-application-dev.yml: 221
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 31
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 30
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 25
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 91
HIGH Passwords And Secrets - Generic Password /application-dev.yml: 34
HIGH Passwords And Secrets - Generic Password

More results are available on AST platform

vitam-prg
vitam-prg requested changes Jan 3, 2024
View reviewed changes
deployment/scripts/mongod/v6.0/26_CRO-181_add_more_roles_for_INGEST_APP_ref.js Outdated Show resolved Hide resolved
deployment/scripts/mongod/v6.0/25_CRO-181_add_role_for_INGEST_APP_ref.js Outdated
{
$addToSet: {
roles: {
name: 'ROLE_GET_MANAGEMENT_CONTRACT'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On ne retire pas l'ancien rôle ROLE_GET_MANAGEMENT_CONTRACTS qui semble juste avoir été renommé ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

J'ai un très gros doute la dessus, les tests sur l'environnement pourra nous en dire d'avantage

deployment/roles/vitamui/files/customer-init.yml Outdated Show resolved Hide resolved
.../6.5.0/001_TRTL-1715_update_identifier_type_for_default_profiles_from_int32_to_string_ref.js Outdated Show resolved Hide resolved
...pts/mongod/6.rc.0/035_TRV_remove_tenant_2_and_profiles_and_profiles_groups_linkend_to_ref.js Outdated Show resolved Hide resolved
...ment/scripts/mongod/v7.1/003_TRV-399_enable_oidc_code_grant_type_on_portal_service_ref.js.j2 Show resolved Hide resolved
@GiooDev GiooDev added this to the IT 129 milestone Jan 3, 2024
@GiooDev GiooDev modified the milestones: IT 129, IT 130 Jan 12, 2024
@GiooDev GiooDev modified the milestones: IT 130, IT 131 Jan 29, 2024
@GiooDev GiooDev modified the milestones: IT 131, IT 132 Feb 20, 2024
@ebernard ebernard mentioned this pull request Mar 11, 2024
Merged
@GiooDev GiooDev modified the milestones: IT 132, IT 133 Mar 14, 2024
@ebernard
Copy link
Contributor

ebernard commented Apr 2, 2024

Remplacé par #1675

@ebernard ebernard closed this Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vitam-prg vitam-prg vitam-prg requested changes

@bbenaissa bbenaissa Awaiting requested review from bbenaissa

@GiooDev GiooDev Awaiting requested review from GiooDev

@oussamasic oussamasic Awaiting requested review from oussamasic

@youcefxelians youcefxelians Awaiting requested review from youcefxelians

Assignees

@pyXelians pyXelians

Labels
enhancement New feature or request OPS REVIEW Mandatory if deployment/ directory is modified. Xelians XELIANS contribution
Projects
None yet
Milestone
IT 133
Development

Successfully merging this pull request may close these issues.
6 participants
@pyXelians @vitam-devops @ebernard @vitam-prg @GiooDev @Ro3090