Closed abergs closed 3 months ago
Attention: Patch coverage is 25.00000%
with 6 lines
in your changes missing coverage. Please review.
Project coverage is 29.53%. Comparing base (
1763324
) to head (60da604
). Report is 62 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
...rc/vault/popup/components/fido2/fido2.component.ts | 0.00% | 3 Missing :warning: |
...vault/popup/components/vault/add-edit.component.ts | 0.00% | 3 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Checkmarx One â Scan Summary & Details â 8fb03e1f-5777-4060-b156-45f6bb6a6d43
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
Client_DOM_XSS | /apps/web/src/connectors/common.ts: 2 | Attack Vector | |
Unpinned Actions Full Length Commit SHA | /build-desktop.yml: 1256 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... | |
Unpinned Actions Full Length Commit SHA | /build-desktop.yml: 1210 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... | |
Unpinned Actions Full Length Commit SHA | /build-cli.yml: 406 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... | |
Client_DOM_Open_Redirect | /apps/browser/src/platform/popup/layout/popup-header.component.ts: 29 | Attack Vector | |
Client_DOM_Open_Redirect | /apps/web/src/connectors/common.ts: 2 | Attack Vector | |
Client_DOM_Open_Redirect | /apps/web/src/connectors/common.ts: 2 | Attack Vector | |
Client_Use_Of_Iframe_Without_Sandbox | /apps/web/src/connectors/duo.ts: 8 | Attack Vector | |
Unprotected_Cookie | /apps/web/src/app/auth/two-factor.component.ts: 159 | Attack Vector | |
Unprotected_Cookie | /apps/web/src/connectors/duo-redirect.ts: 57 | Attack Vector | |
Unprotected_Cookie | /apps/web/src/connectors/duo-redirect.ts: 112 | Attack Vector |
Severity | Issue | Source File / Package |
---|---|---|
Client_DOM_XSS | /apps/web/src/connectors/common.ts: 2 | |
Unpinned Actions Full Length Commit SHA | /build-cli.yml: 402 | |
Unpinned Actions Full Length Commit SHA | /build-desktop.yml: 1222 | |
Unpinned Actions Full Length Commit SHA | /build-desktop.yml: 1268 | |
Client_DOM_Open_Redirect | /apps/web/src/connectors/common.ts: 2 | |
Client_DOM_Open_Redirect | /apps/web/src/connectors/common.ts: 2 | |
Unsafe_Use_Of_Target_blank | /apps/web/src/app/auth/settings/two-factor-authenticator.component.html: 45 | |
Unsafe_Use_Of_Target_blank | /apps/web/src/app/auth/settings/two-factor-authenticator.component.html: 58 |
@kendratodd Perhaps you could help me test this unless it lands well into existing QA processes?
@abergs, I'm always happy to take a look, though I do believe this can be covered by existing QA processes for the Vault team (the JIRA just needs to be updated to reflect the current status).
Let's see if I managed to fix the tests and actually run them now ...
đī¸ Tracking
https://bitwarden.atlassian.net/browse/PM-4661
đ Objective
đ¸ Screenshots
https://share.cleanshot.com/p1PH1krC
â° Reminders before review
đĻŽ Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or âšī¸ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or đ (:thought_balloon:
) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:
) for suggestions / improvements:x:
) or â ī¸ (:warning:
) for more significant problems or concerns needing attention:seedling:
) or âģī¸ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes