search

fecgov / openFEC

The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.
https://api.open.fec.gov/developers
Other
480 stars 106 forks source link

Check logs Sprint 25.i Week 2 #5922

Closed tmpayton closed 1 month ago

tmpayton commented 1 month ago

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: https://github.com/fecgov/openFEC/issues/5921

pkfec commented 1 month ago

Note: The following issues were logged based off snyk cli in addition to snyk dashboard.

FEC-CMS: 4 package.json: 0 requirements.txt: 4 [Snyk Medium - urllib3@1.26.18 Improper Removal of Sensitive Information Before Storage or Transfer] -(https://github.com/fecgov/fec-cms/issues/6343) [Snyk Medium - fix 8 issues: django Denial of Service (DoS,Directory Traversal ,Timing Attack)] -(https://github.com/fecgov/fec-cms/issues/6376)

OpenFEC: 3 package.json: 0 data/flyway/build.gradle: 1 Snyk: High - flyway

requirements.txt: 2 [Snyk: Medium - Certifi Insufficient Verification of Data Authenticity] -(https://github.com/fecgov/openFEC/issues/5914) [Snyk: Low - flask core] -(https://github.com/fecgov/openFEC/issues/5935)

Pattern-Library: 0

Search logs: "User changes" not found in the past week. Deployer accounts from cloud.gov dashboard: 10