Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Sprint 25.3 Week 2 #5863

Closed
3 tasks done
tmpayton opened this issue Jun 5, 2024 · 1 comment
Closed
3 tasks done

Check logs Sprint 25.3 Week 2 #5863

tmpayton opened this issue Jun 5, 2024 · 1 comment
Assignees
@pkfec
Labels
Security: general General security concern or issue
Milestone
25.3

Comments

@tmpayton
Copy link
Contributor

tmpayton commented Jun 5, 2024
edited by pkfec
Loading

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: #5862

  • Check booting workers
  • Check memory usage
  • Make new tickets for sprint 25.4 weeks 1 and 2
    (Note: Copy above links in a browser to view the metrics)
@tmpayton tmpayton added the Security: general General security concern or issue label Jun 5, 2024
@tmpayton tmpayton added this to the 25.3 milestone Jun 5, 2024
@tmpayton tmpayton moved this to 🔜 Sprint backlog in Website project Jun 5, 2024
@cnlucas cnlucas moved this from 🔜 Sprint backlog to 📥 Assigned in Website project Jun 11, 2024
This was referenced Jun 20, 2024
Closed
Closed
@pkfec
Copy link
Contributor

pkfec commented Jun 20, 2024
edited
Loading

Note: The following issues were logged based off snyk cli in addition to snyk dashboard.

FEC-CMS: 7
package.json: 2 (do not show up in snyk cli)
[Snyk: Med - Information Exposure] (fecgov/fec-cms#6307)
[Snyk: High - Watchify] (fecgov/fec-cms#6321)

requirements.txt: 5
[Snyk Medium - django@4.2.10 Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6268)
[Snyk Medium - requests@requests@2.31.0 Always-Incorrect Control Flow Implementation] (fecgov/fec-cms#6285)
[Snyk Medium - jinja2@3.1.3 Cross-site Scripting (XSS)] (fecgov/fec-cms#6250)
[Snyk Medium - setuptools@65.5.0 Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6269)
[Snyk Medium - urllib3@1.26.18 Improper Removal of Sensitive Information Before Storage or Transfer] -(fecgov/fec-cms#6343)

OpenFEC: 4
flyway: 1
[Snyk Medium - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')] -#5878
package.json: 0
requirements.txt: 2
[Snyk Low - Flask-cors Log Injection LOCUST ] - #5807
[Snyk Medium - requests Always-Incorrect Control Flow Implementation] - (#5845)
[Snyk Medium - urllib3@1.26.18 Improper Removal of Sensitive Information Before Storage or Transfer] -(#5877)

Pattern-Library: 1
[Snyk - dompurify@2.4 Medium Template Injection] (fecgov/fec-pattern-library#223)

Search logs:
No "User changes" found in the past week.
Deployer accounts from cloud.gov dashboard: 10

@pkfec pkfec closed this as completed Jun 20, 2024
@github-project-automation github-project-automation bot moved this from 📥 Assigned to ✅ Done in Website project Jun 20, 2024
@cnlucas cnlucas mentioned this issue Jul 3, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pkfec pkfec

Labels
Security: general General security concern or issue
Projects
Website project
Status: ✅ Done
Milestone
25.3
Development

No branches or pull requests
2 participants
@pkfec @tmpayton