Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CP 6.x - item #12158: fix unable to deselect management contract in ingest contract #1706

Merged
merged 1 commit into from
Mar 27, 2024
Merged

CP 6.x - item #12158: fix unable to deselect management contract in ingest contract #1706

merged 1 commit into from
Mar 27, 2024

Conversation

mohatizaoui
Copy link
Contributor

Description

Description des modifications

Type de changement:

Indiquer le ou les types de changements

  • Build

  • PKI

  • Ansiblerie

  • Nouveau Code

  • Correction

  • Refactorisation de code

  • Autre

Documentation:

Indiquer la documentation mise à jour

[ ] Quels sont les nouvelles documentations ?

[ ] Quels sont les modifications existantes ?

[ ] Quels sont les documentations ou sections de documentations supprimés ?

Tests:

Indiquer comment le code à été testé (manuel, environnement, TU, etc)

manuel

environnement

TU

Migration:

Indiquer si les modifications apportées impliquent une migration sur l'existant et comment la faire

Checklist:

Sélectionner les éléments de la checklist

[ ] Mon code suit le style de code de ce projet.

[ ] J'ai commenté mon code, en particulier dans les classes et les méthodes difficile à comprendre.

[ ] J'ai fait les changements correspondant dans la documentation RAML.

[ ] J'ai fait les changements correspondant dans la documentation Métier.

[ ] J'ai fait les changements correspondant dans la documentation Technique.

[ ] J'ai rajouté les tests unitaires vérifiant mes fonctionnalités.

[ ] J'ai rajouté les tests de non régression vérifiant mes fonctionnalités.

[ ] Les tests unitaires nouveaux et existants passent avec succès localement.

[ ] Toutes les dépendances ont été mergées en priorité

Contributeur

Indiquer qui a développé cette fonctionnalité

VAS (Vitam Accessible en Service)

CEA (Commissariat à l'énergie atomique et aux énergies alternatives)

@mohatizaoui mohatizaoui changed the base branch from develop to master_6.x March 22, 2024 12:13
@mohatizaoui mohatizaoui added bug Something isn't working Cherry-Pick a cherry pick labels Mar 22, 2024
@mohatizaoui mohatizaoui changed the title Cp6 bug 12158 unable to deselect management contract CP 6.x bug 12158 unable to deselect management contract Mar 22, 2024
@vitam-devops
Copy link
Collaborator

Logo
Checkmarx One – Scan Summary & Details1810bb7c-9d06-46e0-8c5d-e1c999209a56

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2019-15599 Npm-tree-kill-1.2.1 Vulnerable Package
HIGH CVE-2020-28491 Maven-com.fasterxml.jackson.dataformat:jackson-dataformat-cbor-2.6.7 Vulnerable Package
HIGH CVE-2020-28502 Npm-xmlhttprequest-ssl-1.5.5 Vulnerable Package
HIGH CVE-2020-36048 Npm-engine.io-3.2.1 Vulnerable Package
HIGH CVE-2020-36049 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2020-7660 Npm-serialize-javascript-1.9.1 Vulnerable Package
HIGH CVE-2020-7788 Npm-ini-1.3.5 Vulnerable Package
HIGH CVE-2020-7793 Npm-ua-parser-js-0.7.22 Vulnerable Package
HIGH CVE-2021-27292 Npm-ua-parser-js-0.7.22 Vulnerable Package
HIGH CVE-2021-31597 Npm-xmlhttprequest-ssl-1.5.5 Vulnerable Package
HIGH CVE-2021-33813 Maven-org.jdom:jdom2-2.0.6 Vulnerable Package
HIGH CVE-2021-37136 Maven-io.netty:netty-codec-4.1.65.Final Vulnerable Package
HIGH CVE-2021-37137 Maven-io.netty:netty-codec-4.1.65.Final Vulnerable Package
HIGH CVE-2021-43466 Maven-org.thymeleaf:thymeleaf-spring5-3.0.12.RELEASE Vulnerable Package
HIGH CVE-2022-0265 Maven-com.hazelcast:hazelcast-4.2.2 Vulnerable Package
HIGH CVE-2022-2421 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2022-25927 Npm-ua-parser-js-0.7.22 Vulnerable Package
HIGH CVE-2022-28366 Maven-net.sourceforge.htmlunit:neko-htmlunit-2.24 Vulnerable Package
HIGH CVE-2022-36437 Maven-com.hazelcast:hazelcast-4.2.2 Vulnerable Package
HIGH CVE-2022-42252 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
HIGH CVE-2022-45143 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
HIGH CVE-2023-32695 Npm-socket.io-parser-3.2.0 Vulnerable Package
HIGH CVE-2023-32695 Npm-socket.io-parser-3.3.3 Vulnerable Package
MEDIUM Absolute_Path_Traversal /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/ProfileController.java: 245 Attack Vector
MEDIUM Absolute_Path_Traversal /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/RuleController.java: 219 Attack Vector
MEDIUM Absolute_Path_Traversal /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/RuleController.java: 211 Attack Vector
MEDIUM Absolute_Path_Traversal /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/ArchivalProfileUnitController.java: 211 Attack Vector
MEDIUM Absolute_Path_Traversal /ui/ui-pastis/src/main/java/fr/gouv/vitamui/pastis/rest/PastisController.java: 99 Attack Vector
MEDIUM CVE-2019-16769 Npm-serialize-javascript-1.9.1 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-6.10.0 Vulnerable Package
MEDIUM CVE-2020-15366 Npm-ajv-5.5.2 Vulnerable Package
MEDIUM CVE-2020-28481 Npm-socket.io-2.1.1 Vulnerable Package
MEDIUM CVE-2020-7693 Npm-sockjs-0.3.19 Vulnerable Package
MEDIUM CVE-2021-23364 Npm-browserslist-4.5.5 Vulnerable Package
MEDIUM CVE-2021-23495 Npm-karma-4.1.0 Vulnerable Package
MEDIUM CVE-2021-23495 Npm-karma-5.2.3 Vulnerable Package
MEDIUM CVE-2022-0437 Npm-karma-5.2.3 Vulnerable Package
MEDIUM CVE-2022-0437 Npm-karma-4.1.0 Vulnerable Package
MEDIUM CVE-2022-21704 Npm-log4js-4.5.1 Vulnerable Package
MEDIUM CVE-2022-24823 Maven-io.netty:netty-common-4.1.65.Final Vulnerable Package
MEDIUM CVE-2022-41940 Npm-engine.io-3.2.1 Vulnerable Package
MEDIUM CVE-2023-28708 Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.63 Vulnerable Package
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 153 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 169 Attack Vector
MEDIUM Cleartext_Submission_of_Sensitive_Information /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 166 Attack Vector
MEDIUM Cx816df59e-1cc9 Npm-marked-0.7.0 Vulnerable Package
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3286 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/doas.py: 118 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3286 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 809 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3283 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Filtering_Sensitive_Logs /deployment/lib/mitogen-0.2.9/mitogen/core.py: 3300 Attack Vector
MEDIUM Object_Access_Violation /deployment/lib/mitogen-0.2.9/mitogen/utils.py: 125 Attack Vector
MEDIUM Path_Traversal /deployment/lib/mitogen-0.2.9/mitogen/compat/tokenize.py: 451 Attack Vector
MEDIUM Privacy_Violation /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/service/ProviderService.java: 214 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 111 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/IdentityProviderBuilder.java: 110 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/idp/converter/IdentityProviderConverter.java: 155 Attack Vector
MEDIUM Privacy_Violation /api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/idp/converter/IdentityProviderConverter.java: 155 Attack Vector
MEDIUM SSL_Verification_Bypass /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/filter/ExternalRequestHeadersAuthenticationFilter.java: 88 Attack Vector
MEDIUM SSL_Verification_Bypass /api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/filter/ExternalRequestHeadersAuthenticationFilter.java: 85 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/IngestContractExternalController.java: 107 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ContextExternalController.java: 106 Attack Vector
MEDIUM SSRF /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/RuleController.java: 181 Attack Vector
MEDIUM SSRF /api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/UserInfoExternalController.java: 167 Attack Vector
MEDIUM SSRF /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/ManagementContractController.java: 161 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/IngestContractExternalController.java: 140 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ContextExternalController.java: 138 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/FileFormatExternalController.java: 135 Attack Vector
MEDIUM SSRF /ui/ui-identity/src/main/java/fr/gouv/vitamui/identity/rest/ProviderController.java: 152 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/IngestContractExternalController.java: 124 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ContextExternalController.java: 123 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/IngestContractExternalController.java: 115 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/ContextExternalController.java: 113 Attack Vector
MEDIUM SSRF /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/LogbookManagementOperationExternalController.java: 81 Attack Vector
MEDIUM SSRF /ui/ui-referential/src/main/java/fr/gouv/vitamui/referential/rest/LogbookManagementOperationController.java: 103 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/OperationExternalController.java: 124 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/service/LogbookExternalService.java: 134 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/rest/LogbookInternalController.java: 109 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-referential/referential-internal/src/main/java/fr/gouv/vitamui/referential/internal/server/rest/ManagementContractInternalController.java: 153 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-collect/collect-external/src/main/java/fr/gouv/vitamui/collect/external/server/rest/TransactionArchiveUnitExternalController.java: 94 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/LogbookManagementOperationExternalController.java: 60 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/LogbookController.java: 179 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/LogbookExternalController.java: 128 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/LogbookController.java: 135 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-archive-search/archive-search-external/src/main/java/fr/gouv/vitamui/archives/search/external/server/rest/ArchivesSearchExternalController.java: 99 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/rest/LogbookController.java: 146 Attack Vector
MEDIUM Unchecked_Input_for_Loop_Condition /api/api-pastis/pastis-standalone/src/main/java/fr/gouv/vitamui/pastis/standalone/controller/PastisController.java: 105 Attack Vector
LOW Heap_Inspection /cas/cas-server/src/main/java/fr/gouv/vitamui/cas/webflow/actions/I18NSendPasswordResetInstructionsAction.java: 122 Attack Vector
LOW Log_Forging /api/api-collect/collect-internal/src/main/java/fr/gouv/vitamui/collect/internal/server/rest/TransactionArchiveUnitInternalController.java: 162 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 273 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 295 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 261 Attack Vector
LOW Log_Forging /api/api-archive-search/archive-search-internal/src/main/java/fr/gouv/vitamui/archive/internal/server/rest/ArchiveSearchInternalController.java: 284 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/OntologyExternalController.java: 178 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/OntologyExternalController.java: 178 Attack Vector
LOW Log_Forging /api/api-referential/referential-external/src/main/java/fr/gouv/vitamui/referential/external/server/rest/OntologyExternalController.java: 178 Attack Vector
LOW Log_Forging

More results are available on AST platform

@marob marob changed the title CP 6.x bug 12158 unable to deselect management contract CP 6.x - item #12158: fix unable to deselect management contract in ingest contract Mar 25, 2024
@mohatizaoui mohatizaoui merged commit 8bd98fc into master_6.x Mar 27, 2024
1 check passed
@mohatizaoui mohatizaoui deleted the CP6_BUG_12158_unable_to_deselect_management_contract branch March 27, 2024 10:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Regzox Regzox Regzox approved these changes

@ebernard ebernard ebernard approved these changes

Assignees
No one assigned
Labels
bug Something isn't working Cherry-Pick a cherry pick
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mohatizaoui @vitam-devops @ebernard @Regzox