Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve frontend api abuse findings (CRASM-731) #649

Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

Resolve frontend api abuse findings (CRASM-731) #649

wants to merge 6 commits into from

Conversation

ameliav
Copy link
Contributor

@ameliav ameliav commented Sep 27, 2024
edited
Loading

🗣 Description

API Abuse (Low severity) CWE-227: 7PK - API Abuse

All files are found in the frontend/src folder.

Report ID Location Code Commit ID
1280480 pages/Vulnerabilities/Vulnerabilities.tsx:458 <br></br> 2ebcf1d
1280540 types/webpage.ts:2 import { Domain } from './domain'; 19661bc
1280616 types/vulnerability.ts:1 import { Domain, Service } from './domain'; e0e6dab
1280628 pages/Domains/Domains.tsx:152 <br></br> 2ebcf1d
1280645 pages/Organization/Organization.tsx:494 <br></br> 2ebcf1d

💭 Motivation and context

Resolve Checkmarx findings for the category API Abuse that are in the frontend.
https://maestro.dhs.gov/jira/browse/CRASM-731

🧪 Testing

  • Removes all use of the tags <br></br> from the frontend codebase.
  • Removes the imports from domain in the types folder.
  • Cleans up importing types in some files.
  • No changes to the UI.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@ameliav ameliav linked an issue Sep 27, 2024 that may be closed by this pull request
Resolve Frontend API Abuse Findings (CRASM-731) #646
Open
@ameliav ameliav self-assigned this Sep 27, 2024
@ameliav ameliav changed the title 646 resolve frontend api abuse findings crasm 731 Resolve frontend api abuse findings (CRASM-731) Sep 27, 2024
@ameliav ameliav marked this pull request as ready for review September 30, 2024 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aloftus23 aloftus23 Awaiting requested review from aloftus23 aloftus23 is a code owner

@cduhn17 cduhn17 Awaiting requested review from cduhn17 cduhn17 is a code owner

@Matthew-Grayson Matthew-Grayson Awaiting requested review from Matthew-Grayson Matthew-Grayson is a code owner

@nickviola nickviola Awaiting requested review from nickviola nickviola is a code owner

@rapidray12 rapidray12 Awaiting requested review from rapidray12 rapidray12 is a code owner

@schmelz21 schmelz21 Awaiting requested review from schmelz21 schmelz21 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@ameliav ameliav

Labels
frontend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Resolve Frontend API Abuse Findings (CRASM-731)
1 participant
@ameliav