Análise de Resultados - Githubissues

DafneM commented 3 months ago

Issue: resolves tcc-lucas-dafne/tcc-password-manager#60

Descrição

O objetivo deste PR é gerar a análise de resultados do respositório para o TCC.

DafneM commented 3 months ago

# npm audit report

bootstrap  <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

9 vulnerabilities (3 moderate, 6 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

DafneM commented 3 months ago

# npm audit report

bootstrap  <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

9 vulnerabilities (3 moderate, 6 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

DafneM commented 3 months ago

# npm audit report

bootstrap  <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

ws  7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws

10 vulnerabilities (3 moderate, 7 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

DafneM commented 3 months ago

# npm audit report

bootstrap  <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

ws  7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws

10 vulnerabilities (3 moderate, 7 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions[bot] commented 3 months ago

Hello World!

github-actions[bot] commented 3 months ago

Hello World!

DafneM commented 3 months ago

# npm audit report

bootstrap  <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

ws  7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws

10 vulnerabilities (3 moderate, 7 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions[bot] commented 3 months ago

Hello World!

github-advanced-security[bot] commented 3 months ago

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

DafneM commented 3 months ago

# npm audit report

bootstrap  <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

ws  7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws

10 vulnerabilities (3 moderate, 7 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

DafneM commented 3 months ago

# npm audit report

bootstrap  <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

ws  7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws

10 vulnerabilities (3 moderate, 7 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

sonarcloud[bot] commented 3 months ago

Quality Gate failed

Failed conditions
2 Security Hotspots

See analysis details on SonarCloud

DafneM commented 3 months ago

Inspeção de Vulnerabilidades

Ausência de Logs

Vulnerabilidade: A09 Descrição: não há arquivos de log que registrem as atividades dos usuários, nem avisos ou mensagens sobre as ações realizadas. Impacto: a ausência de logs elimina a rastreabilidade, dificultando a identificação de autenticações suspeitas e ataques na aplicação além de impedir a possibilidade de auditoria retroativa Sugestões de correção: 1) Adicionar arquivos de log com histórico; 2) Adicionar arquivos que registrem logins com falhas, considerando data e hora; 3) Adicionar arquivos que registrem as ações realizadas pelos usuários no sistema com identificação, data e hora; 4) Adicionar mensagens de alertas e erros detalhados para o usuário.

DafneM commented 3 months ago

Inspeção de Vulnerabilidades

Falhas de identificação e autenticação

Vulnerabilidade: A07 Descrição: ao cadastrar um usuário, a aplicação não solicita um padrão mínimo de senha, permitindo a criação senhas fracas Impacto: uma senha fraca pode ser facilmente descoberta por um invasor por meio de ataques de força bruta Sugestões de correção: solicitar ao usuário padrões mínimos de senha, com letras maiúsculas e minúsculas, no mínimo um número, caracteres especiais e comprimento adequado

tcc-lucas-dafne / tcc-password-manager

Análise de Resultados #61

Descrição

Quality Gate failed

Inspeção de Vulnerabilidades

Ausência de Logs

Inspeção de Vulnerabilidades

Falhas de identificação e autenticação