server

server copied to clipboard

🎟️ Tracking

https://bitwarden.atlassian.net/browse/AC-2725

📔 Objective

This PR was previously created and approved, but I accidentally deleted the branch. @eliykat I believe you might have been the reviewer if you wouldn't mind re-stamping it. Thank you!

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

Jun 12 '24 17:06 amorask-bitwarden

Checkmarx One – Scan Summary & Details – 0746c163-9a00-4e92-aa3f-77f085aa4158

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 110	Attack Vector
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 87
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 217
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 358
	CSRF	/src/Api/Controllers/CollectionsController.cs: 143
	CSRF	/src/Api/Controllers/CollectionsController.cs: 171
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 222
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 174
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 583
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 583
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 98
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 222
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 88
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: 148
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 81
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 108
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 93
	Privacy_Violation	/src/Api/Vault/Models/Request/CipherRequestModel.cs: 198
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 628
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 607
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 657
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 583
	Log_Forging	/src/Api/Vault/Controllers/CiphersController.cs: 174

Jun 12 '24 17:06 github-actions[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 41.58%. Comparing base (5df0e21) to head (1fc0b7a). Report is 1 commits behind head on main.

@@            Coverage Diff             @@
##             main    #4179      +/-   ##
==========================================
+ Coverage   41.57%   41.58%   +0.01%     
==========================================
  Files        1268     1268              
  Lines       60087    60098      +11     
  Branches     5508     5509       +1     
==========================================
+ Hits        24980    24991      +11     
  Misses      33948    33948              
  Partials     1159     1159              

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

Jun 12 '24 17:06 codecov[bot]