server
server copied to clipboard
bitwarden
Auth/pm 20532/tech breakdown poc token based send authn and authz
đī¸ Tracking
đ Objective
đ¸ Screenshots
â° Reminders before review
- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
đĻŽ Reviewer guidelines
- đ (
:+1:) or similar for great changes - đ (
:memo:) or âšī¸ (:information_source:) for notes or general info - â (
:question:) for questions - đ¤ (
:thinking:) or đ (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - đ¨ (
:art:) for suggestions / improvements - â (
:x:) or â ī¸ (:warning:) for more significant problems or concerns needing attention - đą (
:seedling:) or âģī¸ (:recycle:) for future improvements or indications of technical debt - â (
:pick:) for minor or nitpick changes
Checkmarx One â Scan Summary & Details â 7c3d6cfc-46bd-41fc-8c39-b4b35b92170e
New Issues (3)
Checkmarx found the following issues in this Pull Request
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
CSRF | /src/Api/Controllers/CollectionsController.cs: 143 | detailsMethod Post at line 143 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from orgId. This parameter value fl...ID: W5s%2FSNe54CPP1CxzYuVqrn9v0%2Fk%3D |
|
CSRF | /src/Api/AdminConsole/Controllers/GroupsController.cs: 135 | detailsMethod Post at line 135 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgId. This parameter ...ID: Qs417oLwYMuJ1g8cUCMHpbUJ9d0%3D |
 |
Missing_CSP_Header | /src/Core/MailTemplates/Handlebars/Layouts/Full.html.hbs: 164 | detailsA Content Security Policy is not explicitly defined within the web-application.ID: iDkz8rv3w1QoR%2BKANf%2FBdTS52Xc%3D |
Fixed Issues (2)
Great job! The following issues were fixed in this Pull Request
| Severity | Issue | Source File / Package |
|---|---|---|
|
~~CSRF~~ | /src/Billing/Controllers/PayPalController.cs: 52 |
|
~~CSRF~~ | /src/Api/SecretsManager/Controllers/SecretsController.cs: 201 |
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}