Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 11537: fix access to collect and management contract #1399

Merged
merged 1 commit into from
Jul 4, 2023
Merged

Bug 11537: fix access to collect and management contract #1399

merged 1 commit into from
Jul 4, 2023

Conversation

mohatizaoui
Copy link
Contributor

@mohatizaoui mohatizaoui commented Jun 30, 2023
edited
Loading

Description

cette pr permet de fixe le problème d'accès aux applications collect et contrat de gestion

Type de changement:

Indiquer le ou les types de changements

  • Build

  • PKI

  • Ansiblerie

  • Nouveau Code

  • Correction

  • Refactorisation de code

  • Autre

Documentation:

Indiquer la documentation mise à jour

[ ] Quels sont les nouvelles documentations ?

[ ] Quels sont les modifications existantes ?

[ ] Quels sont les documentations ou sections de documentations supprimés ?

Tests:

Indiquer comment le code à été testé (manuel, environnement, TU, etc)

manuel

environnement

TU

Migration:

Indiquer si les modifications apportées impliquent une migration sur l'existant et comment la faire

Checklist:

Sélectionner les éléments de la checklist

[ ] Mon code suit le style de code de ce projet.

[ ] J'ai commenté mon code, en particulier dans les classes et les méthodes difficile à comprendre.

[ ] J'ai fait les changements correspondant dans la documentation RAML.

[ ] J'ai fait les changements correspondant dans la documentation Métier.

[ ] J'ai fait les changements correspondant dans la documentation Technique.

[ ] J'ai rajouté les tests unitaires vérifiant mes fonctionnalités.

[ ] J'ai rajouté les tests de non régression vérifiant mes fonctionnalités.

[ ] Les tests unitaires nouveaux et existants passent avec succès localement.

[ ] Toutes les dépendances ont été mergées en priorité

Contributeur

Indiquer qui a développé cette fonctionnalité

VAS (Vitam Accessible en Service)

@mohatizaoui mohatizaoui added bug Something isn't working small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer VAS VAS contribution labels Jun 30, 2023
@mohatizaoui mohatizaoui force-pushed the BUG_11537_ACCESS_TO_COLLECT_AND_MANAGEMENT_CONTRACT branch 2 times, most recently from e9c094a to bc107be Compare June 30, 2023 15:51
@TDevillechabrolle
Copy link
Contributor

TDevillechabrolle commented Jun 30, 2023
edited
Loading

Logo
Checkmarx One – Scan Summary & Details6e8abc8c-7255-4e0d-a0a6-396d1ae2c347

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CVE-2022-25883 Npm-semver-7.5.3 Vulnerable Package
MEDIUM CVE-2022-25883 Npm-semver-7.3.2 Vulnerable Package
MEDIUM CVE-2022-25883 Npm-semver-6.3.0 Vulnerable Package
MEDIUM CVE-2022-25883 Npm-semver-5.7.1 Vulnerable Package
MEDIUM CVE-2022-25883 Npm-semver-5.3.0 Vulnerable Package
MEDIUM Cxf0b588a3-5c6f Npm-jquery-2.2.4 Vulnerable Package
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 322 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 277 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 228 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 239 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 311 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 277 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 228 Attack Vector
LOW Log_Forging /ui/ui-archive-search/src/main/java/fr/gouv/vitamui/archives/search/rest/ArchivesSearchController.java: 311 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 238 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 225 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 249 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 213 Attack Vector

Fixed Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
HIGH Reflected_XSS_All_Clients /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
HIGH Reflected_XSS_All_Clients /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM CVE-2016-10735 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2018-14040 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2018-14042 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2018-20676 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2018-20677 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM CVE-2019-8331 Npm-bootstrap-3.3.6 Vulnerable Package
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 118 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/InternalSecurityService.java: 150 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 115 Attack Vector
MEDIUM SSRF /commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/ExternalHttpContext.java: 116

More results are available on AST platform

@GiooDev GiooDev added this to the IT 121 milestone Jul 3, 2023
@GiooDev GiooDev changed the title BUG 11537 : fix acces to collect and management contract Bug 11537: fix access to collect and management contract Jul 3, 2023
@mohatizaoui mohatizaoui force-pushed the BUG_11537_ACCESS_TO_COLLECT_AND_MANAGEMENT_CONTRACT branch from bc107be to d4eb665 Compare July 3, 2023 09:14
@GiooDev GiooDev added the OPS REVIEW Mandatory if deployment/ directory is modified. label Jul 3, 2023
@GiooDev GiooDev force-pushed the BUG_11537_ACCESS_TO_COLLECT_AND_MANAGEMENT_CONTRACT branch from d4eb665 to 533b3fa Compare July 3, 2023 16:21
@GiooDev GiooDev merged commit 4877ae6 into develop Jul 4, 2023
@GiooDev GiooDev deleted the BUG_11537_ACCESS_TO_COLLECT_AND_MANAGEMENT_CONTRACT branch July 4, 2023 14:56
laedanrex pushed a commit that referenced this pull request Jul 18, 2023
@mohatizaoui @laedanrex
Bug 11537: fix access to collect and management contract (#1399)
05e58d6 
Co-authored-by: mohamed tizaoui <mohamed.tizaoui@teamdlab.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GiooDev GiooDev GiooDev requested changes

@laedanrex laedanrex laedanrex approved these changes

@bbenaissa bbenaissa Awaiting requested review from bbenaissa

@abdelmoez-guetat abdelmoez-guetat Awaiting requested review from abdelmoez-guetat

Assignees
No one assigned
Labels
bug Something isn't working OPS REVIEW Mandatory if deployment/ directory is modified. small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer VAS VAS contribution
Projects
None yet
Milestone
IT 121
Development

Successfully merging this pull request may close these issues.
4 participants
@mohatizaoui @TDevillechabrolle @GiooDev @laedanrex