Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gl variable change #209

Closed
wants to merge 6 commits into from
Closed

Gl variable change #209

wants to merge 6 commits into from

Conversation

mgtennant
Copy link
Collaborator

hope this works

github-advanced-security[bot]
github-advanced-security bot found potential problems May 23, 2024
View reviewed changes
backend/Dockerfile
# https://catalog.redhat.com/software/containers/ubi8/nodejs-18-minimal/627d1c38e35da88581633bf1
FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:1-33.1679485315@sha256:74af9dc2b620022c77fcd712b811f64a03c1444ff1e9b9596a242b2edf3cf96f AS builder
# RedHat UBI 8 with nodejs 14
FROM registry.access.redhat.com/ubi8/ubi as builder

Check warning

Code scanning / Trivy

':latest' tag used Medium

Artifact: backend/Dockerfile
Type: dockerfile
Vulnerability DS001
Severity: MEDIUM
Message: Specify a tag in the 'FROM' statement for image 'registry.access.redhat.com/ubi8/ubi'
Link: DS001
backend/Dockerfile
npm run build

# Deployment container
FROM registry.access.redhat.com/ubi8/ubi-micro:8.7-6@sha256:af0a83c2fb7db1b63a5655c85f3f37d32b114443b8969fd8a40d47429cd87016
FROM registry.access.redhat.com/ubi8/ubi-micro

Check warning

Code scanning / Trivy

':latest' tag used Medium

Artifact: backend/Dockerfile
Type: dockerfile
Vulnerability DS001
Severity: MEDIUM
Message: Specify a tag in the 'FROM' statement for image 'registry.access.redhat.com/ubi8/ubi-micro'
Link: DS001
backend/Dockerfile
@@ -1,16 +1,15 @@
# https://catalog.redhat.com/software/containers/ubi8/nodejs-18-minimal/627d1c38e35da88581633bf1
FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:1-33.1679485315@sha256:74af9dc2b620022c77fcd712b811f64a03c1444ff1e9b9596a242b2edf3cf96f AS builder
# RedHat UBI 8 with nodejs 14

Check failure

Code scanning / Trivy

Image user should not be 'root' High

Artifact: backend/Dockerfile
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
backend/Dockerfile
@@ -1,16 +1,15 @@
# https://catalog.redhat.com/software/containers/ubi8/nodejs-18-minimal/627d1c38e35da88581633bf1
FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:1-33.1679485315@sha256:74af9dc2b620022c77fcd712b811f64a03c1444ff1e9b9596a242b2edf3cf96f AS builder
# RedHat UBI 8 with nodejs 14

Check notice

Code scanning / Trivy

No HEALTHCHECK defined Low

Artifact: backend/Dockerfile
Type: dockerfile
Vulnerability DS026
Severity: LOW
Message: Add HEALTHCHECK instruction in your Dockerfile
Link: DS026
frontend/Dockerfile
@@ -1,14 +1,37 @@
FROM node:19-bullseye AS build
# RedHat UBI 8 with nodejs 14
FROM registry.access.redhat.com/ubi8/ubi as builder

Check warning

Code scanning / Trivy

':latest' tag used Medium

Artifact: frontend/Dockerfile
Type: dockerfile
Vulnerability DS001
Severity: MEDIUM
Message: Specify a tag in the 'FROM' statement for image 'registry.access.redhat.com/ubi8/ubi'
Link: DS001
frontend/Dockerfile
COPY --from=build /app/Caddyfile /etc/caddy/Caddyfile
COPY --from=build /app/build /app/dist
# Deployment container
FROM registry.access.redhat.com/ubi8/ubi-micro

Check warning

Code scanning / Trivy

':latest' tag used Medium

Artifact: frontend/Dockerfile
Type: dockerfile
Vulnerability DS001
Severity: MEDIUM
Message: Specify a tag in the 'FROM' statement for image 'registry.access.redhat.com/ubi8/ubi-micro'
Link: DS001
frontend/Dockerfile
@@ -1,14 +1,37 @@
FROM node:19-bullseye AS build
# RedHat UBI 8 with nodejs 14

Check failure

Code scanning / Trivy

Image user should not be 'root' High

Artifact: frontend/Dockerfile
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
frontend/Dockerfile
@@ -1,14 +1,37 @@
FROM node:19-bullseye AS build
# RedHat UBI 8 with nodejs 14

Check notice

Code scanning / Trivy

No HEALTHCHECK defined Low

Artifact: frontend/Dockerfile
Type: dockerfile
Vulnerability DS026
Severity: LOW
Message: Add HEALTHCHECK instruction in your Dockerfile
Link: DS026
github-advanced-security[bot]
github-advanced-security bot found potential problems May 23, 2024
View reviewed changes
frontend/src/admin/admin.service.ts

async downloadTemplate(id: number) {
const url = `${hostname}:${port}/document-template/find-one/${id}`;
return axios.get(url).then((res) => {

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
frontend/src/admin/admin.service.ts

async removeTemplate(reportType: string, id: number): Promise<any> {
const url = `${hostname}:${port}/document-template/remove/${encodeURI(reportType)}/${id}`;
return axios.get(url).then((res) => {

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
frontend/src/admin/admin.service.ts

async enableProvision(id: number): Promise<any> {
const url = `${hostname}:${port}/nfr-provision/enable/${id}`;
return await axios.get(url).then((res) => {

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
frontend/src/admin/admin.service.ts

async disableProvision(id: number): Promise<any> {
const url = `${hostname}:${port}/nfr-provision/disable/${id}`;
return await axios.get(url).then((res) => {

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
frontend/src/admin/admin.service.ts

async removeVariable(id: number) {
const url = `${hostname}:${port}/nfr-provision/remove-variable/${id}`;
return await axios.get(url).then((res) => {

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
frontend/src/app.controller.ts
displayAdmin: displayAdmin,
message: ttlsJSON ? ttlsJSON : null,
prdid: ttlsJSON ? ttlsJSON.id : null,
error: err,

Check warning

Code scanning / CodeQL

Information exposure through a stack trace Medium

This information exposed to the user depends on
stack trace information
Loading
.
frontend/src/app.controller.ts
documentTypes: NFR_VARIANTS_ARRAY,
nfrDataId: -1,
enabledProvisionList: [],
error: err,

Check warning

Code scanning / CodeQL

Information exposure through a stack trace Medium

This information exposed to the user depends on
stack trace information
Loading
.
frontend/src/admin/admin.service.ts
Comment on lines +256 to +259
const res = await axios
.delete(url, {
headers: { Authorization: 'Bearer ' + bearerToken },
})

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
frontend/src/app.controller.ts
message: ttlsJSON ? ttlsJSON : null,
documentTypes: ['Land Use Report', 'Notice of Final Review', 'Grazing Lease'],
prdid: ttlsJSON ? ttlsJSON.id : null,
error: err,

Check warning

Code scanning / CodeQL

Information exposure through a stack trace Medium

This information exposed to the user depends on
stack trace information
Loading
.
@mgtennant mgtennant closed this May 24, 2024
@mgtennant mgtennant deleted the gl-variable-change branch June 20, 2024 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mgtennant