Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Experimenting with extension signing #13012

Draft
wants to merge 19 commits into
base: main
Choose a base branch
from
Draft

Experimenting with extension signing #13012

wants to merge 19 commits into from

Conversation

abergs
Copy link
Member

@abergs abergs commented Jan 22, 2025

No description provided.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 22, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details43b8ac0f-4451-4f9d-9129-bfa57e01122e

New Issues (44)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2024-12692 Npm-electron-33.3.1 Vulnerable Package
CRITICAL CVE-2024-12694 Npm-electron-33.3.1 Vulnerable Package
CRITICAL CVE-2024-12695 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-11112 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-11113 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-11114 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-11115 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-11395 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-12053 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-12381 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-12382 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2024-12693 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2025-0291 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2025-0434 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2025-0436 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2025-0437 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2025-0438 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2025-0443 Npm-electron-33.3.1 Vulnerable Package
HIGH CVE-2025-0447 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2024-11110 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2024-11111 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2024-11116 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2024-11117 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2025-0435 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2025-0439 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2025-0440 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2025-0441 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2025-0442 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2025-0446 Npm-electron-33.3.1 Vulnerable Package
MEDIUM CVE-2025-0448 Npm-electron-33.3.1 Vulnerable Package
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/tools/access-intelligence/org-at-risk-apps-dialog.component.html: 15
detailsMethod at line 15 of /bitwarden_license/bit-web/src/app/tools/access-intelligence/org-at-risk-apps-dialog.component.html sends user information ou...
Attack Vector
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/tools/access-intelligence/org-at-risk-members-dialog.component.html: 15
detailsMethod at line 15 of /bitwarden_license/bit-web/src/app/tools/access-intelligence/org-at-risk-members-dialog.component.html sends user information...
Attack Vector
MEDIUM Client_Privacy_Violation /libs/angular/src/admin-console/components/collections.component.ts: 36
detailsMethod at line 36 of /libs/angular/src/admin-console/components/collections.component.ts sends user information outside the application. This may ...
Attack Vector
MEDIUM Client_Privacy_Violation /libs/angular/src/vault/components/add-edit.component.ts: 119
detailsMethod at line 119 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may constitute...
Attack Vector
MEDIUM Client_Privacy_Violation /libs/angular/src/vault/components/add-edit.component.ts: 286
detailsMethod load at line 286 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may consti...
Attack Vector
MEDIUM Client_Privacy_Violation /libs/angular/src/vault/components/add-edit.component.ts: 780
detailsMethod loadAddEditCipherInfo at line 780 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application...
Attack Vector
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts: 50
detailsMethod OpenAttachmentsComponent at line 50 of /apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.compo...
Attack Vector
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts: 50
detailsMethod at line 50 of /apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts sends user infor...
Attack Vector
MEDIUM Client_Privacy_Violation /libs/angular/src/vault/components/add-edit.component.ts: 70
detailsMethod at line 70 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may constitute ...
Attack Vector
MEDIUM Client_Privacy_Violation /libs/angular/src/vault/components/add-edit.component.ts: 278
detailsMethod load at line 278 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may consti...
Attack Vector
MEDIUM Client_Privacy_Violation /libs/angular/src/vault/components/add-edit.component.ts: 281
detailsMethod load at line 281 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may consti...
Attack Vector
MEDIUM Client_Privacy_Violation /libs/angular/src/vault/components/add-edit.component.ts: 776
detailsMethod loadAddEditCipherInfo at line 776 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application...
Attack Vector
LOW Client_Hardcoded_Domain /apps/web/src/app/billing/shared/payment/payment.component.ts: 75
detailsThe JavaScript file imported in "https://js\.stripe\.com/v3/?advancedFraudSignals=false" in /apps/web/src/app/billing/shared/payment/payment.componen...
Attack Vector
LOW Client_Hardcoded_Domain /apps/web/src/app/billing/shared/payment/payment.component.ts: 75
detailsThe JavaScript file imported in "https://js\.stripe\.com/v3/?advancedFraudSignals=false" in /apps/web/src/app/billing/shared/payment/payment.componen...
Attack Vector

@codecov Codecov
Copy link

codecov bot commented Jan 22, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 35.31%. Comparing base (44e18cf) to head (cb28741).
Report is 77 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #13012      +/-   ##
==========================================
+ Coverage   35.18%   35.31%   +0.12%     
==========================================
  Files        2991     2996       +5     
  Lines       90608    90952     +344     
  Branches    16950    16977      +27     
==========================================
+ Hits        31883    32121     +238     
- Misses      56263    56339      +76     
- Partials     2462     2492      +30

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@abergs