search

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).
https://bitwarden.com
Other
8.65k stars 1.14k forks source link

PM-4877: Only allow replacing passkeys for the same userhandle #9804

Open abergs opened 5 days ago

abergs commented 5 days ago

🎟ī¸ Tracking

https://bitwarden.atlassian.net/browse/PM-4877

📔 Objective

📸 Screenshots

Demo after these changes: https://share.cleanshot.com/8j29tzPK

Demo before these changes: https://share.cleanshot.com/xfLJ11Hd

⏰ Reminders before review

đŸĻŽ Reviewer guidelines

github-actions[bot] commented 5 days ago

Logo Checkmarx One – Scan Summary & Details – 6d83db3f-2053-440f-8c02-0c7b57a0de7a

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Angular_Improper_Type_Pipe_Usage /bitwarden_license/bit-web/src/app/admin-console/providers/providers-layout.component.html: 50 Attack Vector
MEDIUM Unpinned Actions Full Length Commit SHA /build-desktop.yml: 1210 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build-cli.yml: 406 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /build-desktop.yml: 1256 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Client_DOM_Open_Redirect /apps/browser/src/platform/popup/layout/popup-header.component.ts: 29 Attack Vector
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/web/src/connectors/duo.ts: 8 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM Unpinned Actions Full Length Commit SHA /build-cli.yml: 402
MEDIUM Unpinned Actions Full Length Commit SHA /build-desktop.yml: 1268
MEDIUM Unpinned Actions Full Length Commit SHA /build-desktop.yml: 1222
LOW Unsafe_Use_Of_Target_blank /apps/web/src/app/auth/settings/two-factor-authenticator.component.html: 58
LOW Unsafe_Use_Of_Target_blank /apps/web/src/app/auth/settings/two-factor-authenticator.component.html: 45
abergs commented 4 days ago

@coroiu Ah, I ran the tests locally but mistakenly only ran those in the /apps/browser folder. I've now fixed the failing platform test, but in github I get this error which I don't understand.

CleanShot 2024-06-25 at 14 58 23@2x

coroiu commented 4 days ago

@abergs seems like someone broke main, fix was pushed 7 minutes ago, just update your branch https://github.com/bitwarden/clients/pull/9822 :)

Edit: seems you beat me to it!

codecov[bot] commented 4 days ago

Codecov Report

Attention: Patch coverage is 0% with 6 lines in your changes missing coverage. Please review.

Project coverage is 29.53%. Comparing base (1fdfd69) to head (f4e5585). Report is 46 commits behind head on main.

Files Patch % Lines
...rc/vault/popup/components/fido2/fido2.component.ts 0.00% 6 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #9804 +/- ## ========================================== + Coverage 29.30% 29.53% +0.22% ========================================== Files 2532 2537 +5 Lines 73825 74158 +333 Branches 13783 13857 +74 ========================================== + Hits 21636 21903 +267 - Misses 50569 50596 +27 - Partials 1620 1659 +39 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

abergs commented 4 days ago

How did a rebase trigger all of that crap. Sorry everyone that got pinged.

abergs commented 4 days ago

@coroiu Tests passing

gbubemismith commented 1 day ago

I wonder why the mac os desktop build keeps failing