github-actions[bot]
commented
3 weeks ago 
Checkmarx One â Scan Summary & Details â 8125249f-f413-4b55-b8ac-424974064e88
Closed SaintPatrck closed 2 weeks ago
github-actions[bot]
commented
3 weeks ago
Checkmarx One â Scan Summary & Details â 8125249f-f413-4b55-b8ac-424974064e88
codecov[bot]
commented
3 weeks ago Attention: Patch coverage is 93.58974% with 5 lines in your changes missing coverage. Please review.
Project coverage is 88.69%. Comparing base (
4c1d55e) to head (11b9259). Report is 15 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
đī¸ Tracking
https://bitwarden.atlassian.net/browse/PM-11884
đ Objective
Perform origin and asset link validation during the FIDO 2 credential authentication process.
If the request originates from a privileged application (web browser on behalf of RP), the calling app is validated against our internal allow list.
If the request originates from an unprivileged RP application the RP's asset link is used to validate the application's authenticity.
If origin or asset link validation is unsuccessful for any reason, the user is notified and the operation is terminated according to the WebAuthn spec.
â° Reminders before review
đĻŽ Reviewer guidelines
:+1:) or similar for great changes:memo:) or âšī¸ (:information_source:) for notes or general info:question:) for questions:thinking:) or đ (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or â ī¸ (:warning:) for more significant problems or concerns needing attention:seedling:) or âģī¸ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes