search

fecgov / openFEC

The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.
https://api.open.fec.gov/developers
Other
480 stars 106 forks source link

Check Logs Innovation Week 3 #5469

Closed tmpayton closed 1 year ago

tmpayton commented 1 year ago

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: [Check logs PI Innovation week 2] (https://github.com/fecgov/openFEC/issues/5468)

(Note: Copy above links in a browser to view the metrics)

hcaofec commented 1 year ago

FEC-CMS: 0 package.json: None requirements.txt: None

OPENFEC: 3 package.json: None requirements.txt: (High) flask Information Exposure https://github.com/fecgov/openFEC/issues/5440 (Medium) requests Information Exposure https://github.com/fecgov/openFEC/issues/5459

requirements-dev.txt: setuptools Regular Expression Denial of Service (ReDoS) https://github.com/fecgov/openFEC/issues/5477

flyway 2: (High) Denial of Service (DoS) https://github.com/fecgov/openFEC/issues/5482 (Low) Creation of Temporary File in Directory with Insecure Permissions https://github.com/fecgov/openFEC/issues/5478

FEC-EREGS: 0 package.json: None requirements.txt: None

FEC-PATTERN-LIBRARY: package.json: None

Search logs: User change: None

Cloud.gov Dashboard: 6 deployer accounts

Off-boarding: 0

Health check: memory usage: ok booting workers: ok