Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Sprint 25.1 Week 2 #5821

Closed
3 tasks
cnlucas opened this issue May 8, 2024 · 1 comment
Closed
3 tasks

Check logs Sprint 25.1 Week 2 #5821

cnlucas opened this issue May 8, 2024 · 1 comment
Assignees
@pkfec
Labels
Security: general General security concern or issue
Milestone
25.1

Comments

@cnlucas
Copy link
Member

cnlucas commented May 8, 2024

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: #5820

  • Check booting workers
  • Check memory usage
  • Make new tickets for sprint 25.2 weeks 1 and 2
    (Note: Copy above links in a browser to view the metrics)
@cnlucas cnlucas added the Security: general General security concern or issue label May 8, 2024
@cnlucas cnlucas added this to the 25.1 milestone May 8, 2024
@JonellaCulmer JonellaCulmer moved this to 🔜 Sprint backlog in Website project May 9, 2024
@JonellaCulmer JonellaCulmer moved this from 🔜 Sprint backlog to 📥 Assigned in Website project May 14, 2024
@pkfec pkfec mentioned this issue May 22, 2024
Closed
2 tasks
@pkfec
Copy link
Contributor

pkfec commented May 22, 2024
edited
Loading

Following vulnerabilities are flagged using snyk cli and not from synk dashboard. More on snyk dashboard discrepancies on slack thread here :

FEC-CMS: 5
package.json: 2
[Snyk Medium dompurify Template Injection] (fecgov/fec-cms#6206)

requirements.txt: 4
[Snyk Medium - [email protected] Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6268)
[Snyk Medium - requests@[email protected] Always-Incorrect Control Flow Implementation] (fecgov/fec-cms#6285)
[Snyk Medium - [email protected] Cross-site Scripting (XSS)] (fecgov/fec-cms#6250)
[Snyk Medium - [email protected] Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6269)
Screenshot 2024-05-22 at 3 07 48 PM

openFEC: 2
flyway: 0
package.json: 0
requirements.txt: 2
[Snyk Low] - Log Injection in [email protected]
[Snyk Medium] - requests Always-Incorrect Control Flow Implementation](#5845)
Screenshot 2024-05-22 at 3 09 05 PM

FEC-EREGS: This git repo is archived on May 22, 2024 and is this project is deleted from snyk dashboard as well.

FEC-PATTERN-LIBRARY: None
package.json: 0

Search logs:
In Kibana: No "User changes" found in the past week.
Deployer accounts from cloud.gov dashboard: 10

@pkfec pkfec closed this as completed May 22, 2024
@github-project-automation github-project-automation bot moved this from 📥 Assigned to ✅ Done in Website project May 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pkfec pkfec

Labels
Security: general General security concern or issue
Projects
Website project
Status: ✅ Done
Milestone
25.1
Development

No branches or pull requests
2 participants
@pkfec @cnlucas