Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Sprint 25.1 Week 1 #5820

Closed
2 tasks
cnlucas opened this issue May 8, 2024 · 1 comment
Closed
2 tasks

Check logs Sprint 25.1 Week 1 #5820

cnlucas opened this issue May 8, 2024 · 1 comment
Assignees
@pkfec
Labels
Security: general General security concern or issue
Milestone
25.1

Comments

@cnlucas
Copy link
Member

cnlucas commented May 8, 2024

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: #5797
@cnlucas cnlucas added the Security: general General security concern or issue label May 8, 2024
@cnlucas cnlucas added this to the 25.1 milestone May 8, 2024
@cnlucas cnlucas mentioned this issue May 8, 2024
Closed
3 tasks
@JonellaCulmer JonellaCulmer moved this to 🔜 Sprint backlog in Website project May 9, 2024
@JonellaCulmer JonellaCulmer moved this from 🔜 Sprint backlog to 📥 Assigned in Website project May 14, 2024
@pkfec
Copy link
Contributor

pkfec commented May 16, 2024
edited
Loading

Following vulnerabilities are flagged using snyk cli and not from synk dashboard. More on snyk dashboard discrepancies on slack thread here :

FEC-CMS: 5
package.json: 2
[Snyk High - es5-ext Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6132)
[Snyk Medium dompurify Template Injection] (fecgov/fec-cms#6206)

requirements.txt: 3
[Snyk Medium - [email protected] Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6268)
[Snyk Medium - [email protected] Cross-site Scripting (XSS)] (fecgov/fec-cms#6250)
[Snyk Medium - [email protected] Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6269)
Screenshot 2024-05-15 at 8 57 15 PM

openFEC: 1
flyway: 0
package.json: 0
requirements.txt: 0
requirements-dev.txt: 1
[Snyk Low] - Log Injection in [email protected]
Screenshot 2024-05-15 at 8 15 56 PM

FEC-EREGS: Pausing the vulnerability checks on this repo. This repo will be deprecated soon!

FEC-PATTERN-LIBRARY: None
package.json: 0

Search logs:
Kibana logs timed out when searched for "User change" in past 7 days or 30 days
Deployer account from cloud.gov dashboard: 10

@pkfec pkfec closed this as completed May 16, 2024
@github-project-automation github-project-automation bot moved this from 📥 Assigned to ✅ Done in Website project May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pkfec pkfec

Labels
Security: general General security concern or issue
Projects
Website project
Status: ✅ Done
Milestone
25.1
Development

No branches or pull requests
2 participants
@pkfec @cnlucas