Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scanning CI #1192

Merged
merged 18 commits into from
May 12, 2023
Merged

Scanning CI #1192

merged 18 commits into from
May 12, 2023

Conversation

bonfaceshisakha
Copy link
Contributor

No description provided.

@bonfaceshisakha
Setup Trivy scanning for repo and docker scanning
fc5e03d 
Signed-off-by: Bonface Shisakha Asunga <basunga@ona.io>
@bonfaceshisakha
Add Dependabot scanning
63acbd5 
Signed-off-by: Bonface Shisakha Asunga <basunga@ona.io>
@bonfaceshisakha
Add CodeQL scanning
cb9bf96 
Signed-off-by: Bonface Shisakha Asunga <basunga@ona.io>
@bonfaceshisakha
Adjust branch used for scanning
68c7e96 
Signed-off-by: Bonface Shisakha Asunga <basunga@ona.io>
@bonfaceshisakha
Fix DefectDojo Report Type
e2cd125
@bonfaceshisakha bonfaceshisakha changed the title Security Vulnerability Scans Scanning CI Mar 10, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 30, 2023
View reviewed changes
src/main/java/org/opensrp/web/controller/MultimediaController.java
@@ -235,14 +235,14 @@

/* "Content-Disposition : inline" will show viewable types [like images/text/pdf/anything viewable by browser] right on browser
while others(zip e.g) will be directly downloaded [may provide save as popup, based on your browser setting.]*/
response.setHeader("Content-Disposition", String.format("inline; filename=\"" + file.getName() + "\""));
response.setHeader("Content-Disposition", String.format("inline; filename= %s", file.getName()));

Check warning

Code scanning / CodeQL

HTTP response splitting

This header depends on a [user-provided value](1), which may cause a response-splitting vulnerability.
@Rkareko Rkareko marked this pull request as ready for review May 11, 2023 08:26
@Rkareko Rkareko mentioned this pull request May 11, 2023
Open
@Rkareko
Copy link
Contributor

Rkareko commented May 11, 2023

Fixing of the broken Import of CodeQL Findings to DefectDojo is tracked on this ticket

@Rkareko Rkareko merged commit df68a7f into master May 12, 2023
@Rkareko Rkareko deleted the security-ci-scan branch May 12, 2023 04:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ndegwamartin ndegwamartin ndegwamartin approved these changes

@qiarie qiarie Awaiting requested review from qiarie

Assignees

@bonfaceshisakha bonfaceshisakha

@Rkareko Rkareko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bonfaceshisakha @Rkareko @ndegwamartin