search

fecgov / openFEC

The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.
https://api.open.fec.gov/developers
Other
479 stars 106 forks source link

Check logs Sprint 25.5 Week 1 #5889

Closed cnlucas closed 2 months ago

cnlucas commented 2 months ago

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: https://github.com/fecgov/openFEC/issues/5876

fec-jli commented 2 months ago

Note: The following issues were logged based off snyk cli in addition to snyk dashboard.

FEC-CMS: 3 package.json: 0 requirements.txt: 3 [Snyk Medium - requests@requests@2.31.0 Always-Incorrect Control Flow Implementation] (https://github.com/fecgov/fec-cms/issues/6285) [Snyk Medium - zipp Infinite loop] (https://github.com/fecgov/fec-cms/issues/6367) [Snyk Medium - urllib3@1.26.18 Improper Removal of Sensitive Information Before Storage or Transfer] -(https://github.com/fecgov/fec-cms/issues/6343)

OpenFEC: 6 package.json: 1 [Snyk Medium] - async - (https://github.com/fecgov/openFEC/issues/5891) requirements.txt: 5 [Snyk Low - Flask-cors Log Injection LOCUST ] - https://github.com/fecgov/openFEC/issues/5807 [Snyk Medium - requests Always-Incorrect Control Flow Implementation] - (https://github.com/fecgov/openFEC/issues/5845) [Snyk Medium - urllib3@1.26.18 Improper Removal of Sensitive Information Before Storage or Transfer] -(https://github.com/fecgov/openFEC/issues/5877) [Snyk Medium - Insufficient Verification of Data Authenticity] - (https://github.com/fecgov/openFEC/issues/5845) [Snyk Medium - Infinite loop] - (https://github.com/fecgov/openFEC/issues/5898)

Pattern-Library: 0

Search logs: No "User changes" found in the past week. Deployer accounts from cloud.gov dashboard: 10