Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug #13039: front fixes #1954

Merged
merged 1 commit into from
Aug 13, 2024
Merged

Bug #13039: front fixes #1954

merged 1 commit into from
Aug 13, 2024

Conversation

laedanrex
Copy link
Contributor

No description provided.

@laedanrex laedanrex added the bug Something isn't working label Jul 19, 2024
@laedanrex laedanrex added this to the IT 139 milestone Jul 19, 2024
@laedanrex laedanrex self-assigned this Jul 19, 2024
@laedanrex laedanrex force-pushed the 13039-front-fixes branch from 58f679f to 9e37f93 Compare July 19, 2024 13:16
@laedanrex laedanrex marked this pull request as draft July 19, 2024 13:43
@Skycham04 Skycham04 force-pushed the 13039-front-fixes branch from 3657ad8 to 6600649 Compare July 19, 2024 13:49
@vitam-devops
Copy link
Collaborator

Logo
Checkmarx One – Scan Summary & Details61147c13-39fd-4578-afa0-b7086ebec062

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2019-15599 Npm-tree-kill-1.2.1 Vulnerable Package
HIGH CVE-2020-28469 Npm-glob-parent-3.1.0 Vulnerable Package
HIGH CVE-2020-28502 Npm-xmlhttprequest-ssl-1.5.5 Vulnerable Package
HIGH CVE-2020-36048 Npm-engine.io-3.2.1 Vulnerable Package
HIGH CVE-2020-36049 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2020-7660 Npm-serialize-javascript-1.9.1 Vulnerable Package
HIGH CVE-2020-7788 Npm-ini-1.3.5 Vulnerable Package
HIGH CVE-2021-23382 Npm-postcss-7.0.14 Vulnerable Package
HIGH CVE-2021-23424 Npm-ansi-html-0.0.7 Vulnerable Package
HIGH CVE-2021-31597 Npm-xmlhttprequest-ssl-1.5.5 Vulnerable Package
HIGH CVE-2022-2421 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2022-24771 Npm-node-forge-0.10.0 Vulnerable Package
HIGH CVE-2022-24772 Npm-node-forge-0.10.0 Vulnerable Package
HIGH CVE-2022-25858 Npm-terser-3.17.0 Vulnerable Package
HIGH CVE-2022-25881 Npm-http-cache-semantics-3.8.1 Vulnerable Package
HIGH CVE-2022-25883 Npm-semver-6.3.0 Vulnerable Package
HIGH CVE-2022-25883 Npm-semver-6.0.0 Vulnerable Package
HIGH CVE-2022-37599 Npm-loader-utils-1.2.3 Vulnerable Package
HIGH CVE-2022-37601 Npm-loader-utils-1.2.3 Vulnerable Package
HIGH CVE-2022-37603 Npm-loader-utils-1.2.3 Vulnerable Package
HIGH CVE-2023-32695 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2023-45133 Npm-babel-traverse-6.26.0 Vulnerable Package
HIGH CVE-2024-29180 Npm-webpack-dev-middleware-3.6.2 Vulnerable Package
HIGH CVE-2024-38355 Npm-socket.io-2.1.1 Vulnerable Package
HIGH CVE-2024-4068 Npm-braces-2.3.2 Vulnerable Package
HIGH Cx347a3da7-ba99 Npm-node-forge-0.10.0 Vulnerable Package
MEDIUM CVE-2019-16769 Npm-serialize-javascript-1.9.1 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-6.10.0 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-5.5.2 Vulnerable Package
MEDIUM CVE-2020-28481 Npm-socket.io-2.1.1 Vulnerable Package
MEDIUM CVE-2020-7608 Npm-yargs-parser-11.1.1 Vulnerable Package
MEDIUM CVE-2020-7693 Npm-sockjs-0.3.19 Vulnerable Package
MEDIUM CVE-2021-23364 Npm-browserslist-4.5.5 Vulnerable Package
MEDIUM CVE-2021-23368 Npm-postcss-7.0.14 Vulnerable Package
MEDIUM CVE-2021-23495 Npm-karma-4.1.0 Vulnerable Package
MEDIUM CVE-2021-4231 Npm-@angular/core-8.2.14 Vulnerable Package
MEDIUM CVE-2022-0122 Npm-node-forge-0.10.0 Vulnerable Package
MEDIUM CVE-2022-0437 Npm-karma-4.1.0 Vulnerable Package
MEDIUM CVE-2022-21704 Npm-log4js-4.5.1 Vulnerable Package
MEDIUM CVE-2022-24773 Npm-node-forge-0.10.0 Vulnerable Package
MEDIUM CVE-2022-41940 Npm-engine.io-3.2.1 Vulnerable Package
MEDIUM CVE-2023-44270 Npm-postcss-7.0.14 Vulnerable Package
MEDIUM CVE-2024-28863 Npm-tar-4.4.19 Vulnerable Package
MEDIUM CVE-2024-6531 Npm-bootstrap-4.6.2 Vulnerable Package
LOW CVE-2020-15262 Npm-webpack-subresource-integrity-1.1.0-rc.6 Vulnerable Package
LOW Cxda14f253-4e52 Npm-bluebird-3.7.2 Vulnerable Package
LOW Logging of Sensitive Data /ansible.cfg: 1 To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True
LOW Logging of Sensitive Data /ansible.cfg: 2 To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True
LOW Logging of Sensitive Data /ansible.cfg: 2 To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True

Fixed Issues

Severity Issue Source File / Package
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
HIGH Reflected_XSS_All_Clients /deployment/scripts/manage_vaults_vitamui.pl: 122
HIGH Reflected_XSS_All_Clients /deployment/scripts/manage_vaults_vitamui.pl: 122
MEDIUM Absolute_Path_Traversal /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/FileFormatInternalController.java: 224
MEDIUM Absolute_Path_Traversal /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ProfileExternalController.java: 219
MEDIUM Absolute_Path_Traversal /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ProfileExternalController.java: 219
MEDIUM Absolute_Path_Traversal /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/ProfileInternalController.java: 210
MEDIUM Absolute_Path_Traversal /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ProfileExternalController.java: 157
MEDIUM Absolute_Path_Traversal /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/ArchivalProfileUnitInternalController.java: 185
MEDIUM Absolute_Path_Traversal /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/OntologyInternalController.java: 211
MEDIUM Absolute_Path_Traversal /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-external-client/src/main/java/fr/gouv/vitamui/iam/external/client/CasExternalRestClient.java: 87
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/user/service/UserEmailInternalService.java: 110
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/provider/ExternalApiAuthenticationProvider.java: 87
MEDIUM HttpOnlyCookies /cas/cas-server/src/main/java/fr/gouv/vitamui/cas/util/Utils.java: 119
MEDIUM Improper_Restriction_of_XXE_Ref /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Improper_Restriction_of_XXE_Ref /api/api-ingest/ingest-internal/src/main/java/fr/gouv/vitamui/ingest/internal/server/rest/IngestInternalController.java: 131
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110
MEDIUM Privacy_Violation

More results are available on AST platform

@laedanrex laedanrex marked this pull request as ready for review July 30, 2024 11:57
@laedanrex laedanrex changed the title 13039 front fixes Bug #13039: front fixes Jul 31, 2024
@laedanrex
Bug #13039: front fixes
6477586 
Bug #13039: reformat translation

Bug #13039: remove unnecessary translations

Bug #13039: button color on active and not focus
@laedanrex laedanrex merged commit 75d9b17 into develop Aug 13, 2024
7 of 8 checks passed
@laedanrex laedanrex deleted the 13039-front-fixes branch August 13, 2024 10:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marob marob marob approved these changes

@Regzox Regzox Regzox approved these changes

Assignees

@laedanrex laedanrex

Labels
bug Something isn't working
Projects
None yet
Milestone
IT 139
Development

Successfully merging this pull request may close these issues.
4 participants
@laedanrex @vitam-devops @marob @Regzox