server
server copied to clipboard
Published
20 hours ago âĸ
bitwarden
bitwarden
[SM-1256] Add BulkSecretAuthorizationHandler
đī¸ Tracking
https://bitwarden.atlassian.net/browse/SM-1256
đ Objective
The purpose of this PR is to add a BulkSecretAuthorizationHandler and use it for the GetSecretsByIdsAsync endpoint.
â° Reminders before review
- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
đĻŽ Reviewer guidelines
- đ (
:+1:) or similar for great changes - đ (
:memo:) or âšī¸ (:information_source:) for notes or general info - â (
:question:) for questions - đ¤ (
:thinking:) or đ (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - đ¨ (
:art:) for suggestions / improvements - â (
:x:) or â ī¸ (:warning:) for more significant problems or concerns needing attention - đą (
:seedling:) or âģī¸ (:recycle:) for future improvements or indications of technical debt - â (
:pick:) for minor or nitpick changes
Codecov Report
Attention: Patch coverage is 93.33333% with 3 lines in your changes missing coverage. Please review.
Project coverage is 41.37%. Comparing base (
313eef4) to head (da28805).
| Files | Patch % | Lines |
|---|---|---|
| ...sManager/Repositories/Noop/NoopSecretRepository.cs | 0.00% | 3 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## main #4099 +/- ##
==========================================
+ Coverage 41.34% 41.37% +0.02%
==========================================
Files 1265 1267 +2
Lines 60117 60151 +34
Branches 5509 5511 +2
==========================================
+ Hits 24856 24887 +31
- Misses 34115 34118 +3
Partials 1146 1146
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Checkmarx One â Scan Summary & Details â e03ef88e-b81c-4263-ae33-0a408384fc8f
New Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
CSRF | /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 110 | Attack Vector |
|
CSRF | /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133 | Attack Vector |
|
Privacy_Violation | /src/Api/Auth/Controllers/WebAuthnController.cs: 178 | Attack Vector |
|
Privacy_Violation | /src/Api/Controllers/DevicesController.cs: 129 | Attack Vector |
|
Privacy_Violation | /src/Api/Vault/Controllers/CiphersController.cs: 961 | Attack Vector |
|
Privacy_Violation | /src/Api/Auth/Controllers/AccountsController.cs: 411 | Attack Vector |
|
Privacy_Violation | /src/Api/Auth/Controllers/AccountsController.cs: 828 | Attack Vector |
|
Privacy_Violation | /src/Api/Auth/Controllers/AccountsController.cs: 548 | Attack Vector |
|
Privacy_Violation | /src/Api/Auth/Controllers/TwoFactorController.cs: 444 | Attack Vector |
|
Privacy_Violation | /src/Api/Auth/Controllers/AccountsController.cs: 846 | Attack Vector |
|
Privacy_Violation | /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 260 | Attack Vector |
|
Privacy_Violation | /src/Api/Controllers/DevicesController.cs: 155 | Attack Vector |
|
Privacy_Violation | /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 429 | Attack Vector |
|
Privacy_Violation | /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 376 | Attack Vector |
 |
Log_Forging | /src/Api/Auth/Controllers/WebAuthnController.cs: 68 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/WebAuthnController.cs: 85 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/WebAuthnController.cs: 153 | Attack Vector |
|
Log_Forging | /src/Api/Vault/Controllers/CiphersController.cs: 222 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/AccountsController.cs: 540 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 131 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/AccountsController.cs: 838 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 157 | Attack Vector |
|
Log_Forging | /src/Api/Vault/Controllers/CiphersController.cs: 953 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 148 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 104 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 94 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 122 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/AccountsController.cs: 820 | Attack Vector |
|
Log_Forging | /src/Api/Controllers/DevicesController.cs: 120 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 245 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 280 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 289 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 297 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 350 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 369 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 380 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 402 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/AccountsController.cs: 403 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 188 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 206 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 254 | Attack Vector |
|
Log_Forging | /src/Api/Auth/Controllers/TwoFactorController.cs: 263 | Attack Vector |
|
Log_Forging | /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 240 | Attack Vector |
|
Log_Forging | /src/Api/Controllers/DevicesController.cs: 146 | Attack Vector |
|
Log_Forging | /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 404 | Attack Vector |
|
Log_Forging | /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 341 | Attack Vector |
Fixed Issues
| Severity | Issue | Source File / Package |
|---|---|---|
|
CSRF | /src/Billing/Controllers/StripeController.cs: 117 |
|
CSRF | /src/Billing/Controllers/StripeController.cs: 130 |
|
CSRF | /src/Api/Public/Controllers/CollectionsController.cs: 87 |
|
CSRF | /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 360 |
|
CSRF | /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 360 |
|
CSRF | /src/Api/Controllers/CollectionsController.cs: 143 |
|
CSRF | /src/Api/Controllers/CollectionsController.cs: 171 |
|
CSRF | /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 98 |
|
CSRF | /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 88 |
|
CSRF | /src/Api/Vault/Controllers/CiphersController.cs: 583 |
|
CSRF | /src/Api/Vault/Controllers/CiphersController.cs: 583 |
|
CSRF | /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 184 |
|
CSRF | /bitwarden_license/src/Sso/Controllers/AccountController.cs: 100 |
|
CSRF | /src/Identity/Controllers/AccountsController.cs: 72 |
|
Log_Forging | /src/Api/Vault/Controllers/CiphersController.cs: 583 |
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}