Skip to content

Test PR to trigger Checkmarx in a PR branch #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mandreko-bitwarden wants to merge 1 commit into from
Closed

Test PR to trigger Checkmarx in a PR branch #147

mandreko-bitwarden wants to merge 1 commit into from
+469 −0

Conversation

@mandreko-bitwarden
Copy link
Contributor

@mandreko-bitwarden mandreko-bitwarden commented Mar 19, 2025

🎟️ Tracking

Test PR, do not merge.

📔 Objective

Test PR, do not merge.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@github-actions
Copy link

github-actions bot commented Mar 19, 2025

Logo
Checkmarx One – Scan Summary & Detailsb3c40ecf-c466-4eee-800b-46223be38ece

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
LOW Client_Weak_Cryptographic_Hash /encryption.ts: 146
detailsThe application employs weak hashing in md5 at /encryption.ts in line 146.
Attack Vector
LOW Use_Of_Hardcoded_Password /encryption.ts: 450
detailsThe application uses the hard-coded password "AES-ECB" for authentication purposes, either using it to verify users' identities, or to access anoth...
Attack Vector
LOW Use_Of_Hardcoded_Password /encryption.ts: 450
detailsThe application uses the hard-coded password "AES-CBC" for authentication purposes, either using it to verify users' identities, or to access anoth...
Attack Vector

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 19, 2025
View reviewed changes
encryption.ts
algorithm: "sha1" | "sha256" | "sha512" | "md5",
): Promise<Uint8Array> {
if (algorithm === "md5") {
const md = forge.md.md5.create();

Check notice

Code scanning / Checkmarx One

Client Weak Cryptographic Hash Low

Client Weak Cryptographic Hash
encryption.ts
}

private toWebCryptoAesMode(mode: "cbc" | "ecb"): string {
return mode === "cbc" ? "AES-CBC" : "AES-ECB";

Check notice

Code scanning / Checkmarx One

Use Of Hardcoded Password Low

Use Of Hardcoded Password
encryption.ts
}

private toWebCryptoAesMode(mode: "cbc" | "ecb"): string {
return mode === "cbc" ? "AES-CBC" : "AES-ECB";

Check notice

Code scanning / Checkmarx One

Use Of Hardcoded Password Low

Use Of Hardcoded Password
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mandreko-bitwarden