Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Sprint 25.2 Week 2 #5844

Closed
3 tasks done
pkfec opened this issue May 22, 2024 · 1 comment
Closed
3 tasks done

Check logs Sprint 25.2 Week 2 #5844

pkfec opened this issue May 22, 2024 · 1 comment
Assignees
@tmpayton
Labels
Security: general General security concern or issue
Milestone
25.2

Comments

@pkfec
Copy link
Contributor

pkfec commented May 22, 2024
edited by tmpayton
Loading

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: #5843

  • Check booting workers
  • Check memory usage
  • Make new tickets for sprint 25.3 weeks 1 and 2
    (Note: Copy above links in a browser to view the metrics)
@pkfec pkfec added the Security: general General security concern or issue label May 22, 2024
@pkfec pkfec added this to the 25.2 milestone May 22, 2024
@pkfec pkfec moved this to 🔜 Sprint backlog in Website project May 22, 2024
@cnlucas cnlucas moved this from 🔜 Sprint backlog to 📥 Assigned in Website project May 28, 2024
@tmpayton tmpayton mentioned this issue Jun 5, 2024
Closed
2 tasks
@tmpayton
Copy link
Contributor

tmpayton commented Jun 5, 2024

FEC-CMS: 8
package.json: 3
[Snyk Medium dompurify Template Injection] (fecgov/fec-cms#6206)
[node-fetch] (fecgov/fec-cms#6307)
watchify

requirements.txt: 5
[Snyk Medium - [email protected] Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6268)
[Snyk Medium - requests@[email protected] Always-Incorrect Control Flow Implementation] (fecgov/fec-cms#6285)
[Snyk Medium - [email protected] Cross-site Scripting (XSS)] (fecgov/fec-cms#6250)
[Snyk Medium - [email protected] Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6269)
Wagtail

openFEC: 4
flyway: 0
package.json: 0
requirements.txt: 4
[Snyk Low] - Log Injection in [email protected]
[Snyk Medium] - requests Always-Incorrect Control Flow Implementation](#5845)
[Snyk: Med Resource Exhaustion] (#5853)
[Snyk: Med Cross-site Scripting] (#5854)

FEC-PATTERN-LIBRARY: 2
package.json: 2
[dompurify] (fecgov/fec-pattern-library#223)
[node-fetch] (fecgov/fec-pattern-library#224)

Search logs:
No "User changes" found in the past week.
Deployer accounts from cloud.gov dashboard: 10

@tmpayton tmpayton closed this as completed Jun 5, 2024
@github-project-automation github-project-automation bot moved this from 📥 Assigned to ✅ Done in Website project Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tmpayton tmpayton

Labels
Security: general General security concern or issue
Projects
Website project
Status: ✅ Done
Milestone
25.2
Development

No branches or pull requests
2 participants
@pkfec @tmpayton