Feature branch 3 #14
Open
Feature branch 3 #14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
❌ Blocking Security AlertThis PR was scanned by Backslash Security and identified 165 issues that violate security policies in the following categories: Vulnerable OSS packages 🚩
|
| Vulnerable package | Vulnerabilities | Recommended fixed version |
Package location |
|---|---|---|---|
| ejs 0.8.8 | 2 Critical, 1 High, 2 Medium, 0 Low -- Highest CVSS score: 9.8 Top vulnerabilities: CVE-2017-1000228,CVE-2017-1000188,CVE-2017-1000189 |
3.1.7 | ./package.json#1 |
| libxmljs2 0.33.0 | 2 Critical, 0 High, 0 Medium, 0 Low -- Highest CVSS score: 8.1 Top vulnerabilities: CVE-2024-34393,CVE-2024-34394 |
frontend/package.json#1 |
|
| socket.io-parser 4.0.5 |
0 Critical, 0 High, 1 Medium, 0 Low -- Highest CVSS score: 7.3 Top vulnerabilities: CVE-2023-32695 |
4.2.3 | frontend/package.json#1 |
| ws 7.4.6 | 0 Critical, 1 High, 0 Medium, 0 Low -- Highest CVSS score: 8.7 Top vulnerabilities: CVE-2024-37890 |
7.5.10 | frontend/package.json#1 |
| ws 8.17.0 | 0 Critical, 1 High, 0 Medium, 0 Low -- Highest CVSS score: 7.5 Top vulnerabilities: CVE-2024-37890 |
8.17.1 | frontend/package.json#1 |
There are 116 more issues. You can see all the new issues by logging into Backslash
Vulnerable code 🚩
17 issues
| Vulnerability type | Vulnerability location |
Remediation guidance |
|---|---|---|
| Cross Site Scripting | routes/videoHandler.ts#70 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/userProfile.ts#70 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/recycles.ts#28 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/dataErasure.ts#80 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/countryMapping.ts#16 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
There are 12 more issues. You can see all the new issues by logging into Backslash
Insecure secrets 🚩
1 issues
| Secret type | Secret location | Snippet |
|---|---|---|
| private-key | lib/insecurity.ts#23 | -----BEGIN RSA PRIVATE KEY-----******************************** |
License issues 🚩
18 issues
| Package | Licenses | Package location |
|---|---|---|
| web3-eth-ens 4.2.0 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-eth-contract 4.4.0 |
GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-rpc-methods 1.2.0 |
GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-net 4.0.7 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-eth-abi 4.2.1 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
There are 13 more issues. You can see all the new issues by logging into Backslash
Malicious OSS packages 🚩
1 issues
| Malicious package | References | Package location |
|---|---|---|
| fsevents 1.2.10 | GHSA-xv2f-5jw4-v95m |
./package.json#1 |
IaC misconfigurations 🚩
7 issues
| Rule name | Misconfig location | Description |
|---|---|---|
| No HEALTHCHECK defined |
test/smoke/Dockerfile#-1 |
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. |
| 'apk add' is missing '--no-cache' |
test/smoke/Dockerfile#3 |
You should use 'apk add' with '--no-cache' to clean package cached data and reduce image size. |
| ':latest' tag used | test/smoke/Dockerfile#1 |
When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated. |
| 'apt-get' missing '--no-install-recommends' |
Dockerfile#25 | 'apt-get' install should use '--no-install-recommends' to minimize image size. |
| No HEALTHCHECK defined |
Dockerfile#-1 | You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. |
There are 2 more issues. You can see all the new issues by logging into Backslash
View the scan details in the PR check logs for this PR or in Backslash Platform
❌ Blocking Security AlertThis PR was scanned by Backslash Security and identified 165 issues that violate security policies in the following categories: Vulnerable OSS packages 🚩
|
| Vulnerable package | Vulnerabilities | Recommended fixed version |
Package location |
|---|---|---|---|
| ejs 0.8.8 | 2 Critical, 1 High, 2 Medium, 0 Low -- Highest CVSS score: 9.8 Top vulnerabilities: CVE-2017-1000228,CVE-2017-1000188,CVE-2017-1000189 |
3.1.7 | ./package.json#1 |
| libxmljs2 0.33.0 | 2 Critical, 0 High, 0 Medium, 0 Low -- Highest CVSS score: 8.1 Top vulnerabilities: CVE-2024-34393,CVE-2024-34394 |
frontend/package.json#1 |
|
| socket.io-parser 4.0.5 |
0 Critical, 0 High, 1 Medium, 0 Low -- Highest CVSS score: 7.3 Top vulnerabilities: CVE-2023-32695 |
4.2.3 | frontend/package.json#1 |
| ws 7.4.6 | 0 Critical, 1 High, 0 Medium, 0 Low -- Highest CVSS score: 8.7 Top vulnerabilities: CVE-2024-37890 |
7.5.10 | frontend/package.json#1 |
| ws 8.17.0 | 0 Critical, 1 High, 0 Medium, 0 Low -- Highest CVSS score: 7.5 Top vulnerabilities: CVE-2024-37890 |
8.17.1 | frontend/package.json#1 |
There are 116 more issues. You can see all the new issues by logging into Backslash
Vulnerable code 🚩
17 issues
| Vulnerability type | Vulnerability location |
Remediation guidance |
|---|---|---|
| Cross Site Scripting | routes/videoHandler.ts#70 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/userProfile.ts#70 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/recycles.ts#28 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/dataErasure.ts#80 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/countryMapping.ts#16 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
There are 12 more issues. You can see all the new issues by logging into Backslash
Insecure secrets 🚩
1 issues
| Secret type | Secret location | Snippet |
|---|---|---|
| private-key | lib/insecurity.ts#23 | -----BEGIN RSA PRIVATE KEY-----******************************** |
License issues 🚩
18 issues
| Package | Licenses | Package location |
|---|---|---|
| web3-eth-ens 4.2.0 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-eth-contract 4.4.0 |
GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-rpc-methods 1.2.0 |
GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-net 4.0.7 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-eth-abi 4.2.1 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
There are 13 more issues. You can see all the new issues by logging into Backslash
Malicious OSS packages 🚩
1 issues
| Malicious package | References | Package location |
|---|---|---|
| fsevents 1.2.10 | GHSA-xv2f-5jw4-v95m |
./package.json#1 |
IaC misconfigurations 🚩
7 issues
| Rule name | Misconfig location | Description |
|---|---|---|
| No HEALTHCHECK defined |
test/smoke/Dockerfile#-1 |
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. |
| 'apk add' is missing '--no-cache' |
test/smoke/Dockerfile#3 |
You should use 'apk add' with '--no-cache' to clean package cached data and reduce image size. |
| ':latest' tag used | test/smoke/Dockerfile#1 |
When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated. |
| 'apt-get' missing '--no-install-recommends' |
Dockerfile#25 | 'apt-get' install should use '--no-install-recommends' to minimize image size. |
| No HEALTHCHECK defined |
Dockerfile#-1 | You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. |
There are 2 more issues. You can see all the new issues by logging into Backslash
View the scan details in the PR check logs for this PR or in Backslash Platform
❌ Blocking Security AlertThis PR was scanned by Backslash Security and identified 165 issues that violate security policies in the following categories: Vulnerable OSS packages 🚩
|
| Vulnerable package | Vulnerabilities | Recommended fixed version |
Package location |
|---|---|---|---|
| ejs 0.8.8 | 2 Critical, 1 High, 2 Medium, 0 Low -- Highest CVSS score: 9.8 Top vulnerabilities: CVE-2017-1000228,CVE-2017-1000188,CVE-2017-1000189 |
3.1.7 | ./package.json#1 |
| libxmljs2 0.33.0 | 2 Critical, 0 High, 0 Medium, 0 Low -- Highest CVSS score: 8.1 Top vulnerabilities: CVE-2024-34393,CVE-2024-34394 |
frontend/package.json#1 |
|
| socket.io-parser 4.0.5 |
0 Critical, 0 High, 1 Medium, 0 Low -- Highest CVSS score: 7.3 Top vulnerabilities: CVE-2023-32695 |
4.2.3 | frontend/package.json#1 |
| ws 7.4.6 | 0 Critical, 1 High, 0 Medium, 0 Low -- Highest CVSS score: 8.7 Top vulnerabilities: CVE-2024-37890 |
7.5.10 | frontend/package.json#1 |
| ws 8.17.0 | 0 Critical, 1 High, 0 Medium, 0 Low -- Highest CVSS score: 7.5 Top vulnerabilities: CVE-2024-37890 |
8.17.1 | frontend/package.json#1 |
There are 116 more issues. You can see all the new issues by logging into Backslash
Vulnerable code 🚩
17 issues
| Vulnerability type | Vulnerability location |
Remediation guidance |
|---|---|---|
| Cross Site Scripting | routes/videoHandler.ts#70 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/userProfile.ts#70 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/recycles.ts#28 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/dataErasure.ts#80 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/countryMapping.ts#16 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
There are 12 more issues. You can see all the new issues by logging into Backslash
Insecure secrets 🚩
1 issues
| Secret type | Secret location | Snippet |
|---|---|---|
| private-key | lib/insecurity.ts#23 | -----BEGIN RSA PRIVATE KEY-----******************************** |
License issues 🚩
18 issues
| Package | Licenses | Package location |
|---|---|---|
| web3-eth-ens 4.2.0 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-eth-contract 4.4.0 |
GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-rpc-methods 1.2.0 |
GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-net 4.0.7 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-eth-abi 4.2.1 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
There are 13 more issues. You can see all the new issues by logging into Backslash
Malicious OSS packages 🚩
1 issues
| Malicious package | References | Package location |
|---|---|---|
| fsevents 1.2.10 | GHSA-xv2f-5jw4-v95m |
./package.json#1 |
IaC misconfigurations 🚩
7 issues
| Rule name | Misconfig location | Description |
|---|---|---|
| No HEALTHCHECK defined |
test/smoke/Dockerfile#-1 |
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. |
| 'apk add' is missing '--no-cache' |
test/smoke/Dockerfile#3 |
You should use 'apk add' with '--no-cache' to clean package cached data and reduce image size. |
| ':latest' tag used | test/smoke/Dockerfile#1 |
When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated. |
| 'apt-get' missing '--no-install-recommends' |
Dockerfile#25 | 'apt-get' install should use '--no-install-recommends' to minimize image size. |
| No HEALTHCHECK defined |
Dockerfile#-1 | You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. |
There are 2 more issues. You can see all the new issues by logging into Backslash
View the scan details in the PR check logs for this PR or in Backslash Platform
❌ Blocking Security AlertThis PR was scanned by Backslash Security and identified 166 issues that violate security policies in the following categories: Vulnerable OSS packages 🚩
|
| Vulnerable package | Vulnerabilities | Recommended fixed version |
Package location |
|---|---|---|---|
| ejs 0.8.8 | 2 Critical, 1 High, 2 Medium, 0 Low -- Highest CVSS score: 9.8 Top vulnerabilities: CVE-2017-1000188,CVE-2017-1000228,CVE-2017-1000189 |
3.1.7 | ./package.json#1 |
| remark-html 14.0.0 | 1 Critical, 0 High, 0 Medium, 0 Low -- Highest CVSS score: 10 Top vulnerabilities: CVE-2021-39199 |
14.0.1 | ./package.json#1 |
| libxmljs2 0.33.0 | 2 Critical, 0 High, 0 Medium, 0 Low -- Highest CVSS score: 8.1 Top vulnerabilities: CVE-2024-34394,CVE-2024-34393 |
frontend/package.json#1 |
|
| socket.io-parser 4.0.5 |
0 Critical, 0 High, 1 Medium, 0 Low -- Highest CVSS score: 7.3 Top vulnerabilities: CVE-2023-32695 |
4.2.3 | frontend/package.json#1 |
| ws 7.4.6 | 0 Critical, 1 High, 0 Medium, 0 Low -- Highest CVSS score: 8.7 Top vulnerabilities: CVE-2024-37890 |
7.5.10 | frontend/package.json#1 |
There are 117 more issues. You can see all the new issues by logging into Backslash
Vulnerable code 🚩
17 issues
| Vulnerability type | Vulnerability location |
Remediation guidance |
|---|---|---|
| Cross Site Scripting | routes/videoHandler.ts#70 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/userProfile.ts#70 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/recycles.ts#28 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/dataErasure.ts#80 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
| Cross Site Scripting | routes/countryMapping.ts#16 |
Detected the use ofsend. This canintroduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use send, ensure itdoes not come from user-input or use the appropriate sanitization methods. |
There are 12 more issues. You can see all the new issues by logging into Backslash
Insecure secrets 🚩
1 issues
| Secret type | Secret location | Snippet |
|---|---|---|
| private-key | lib/insecurity.ts#23 | -----BEGIN RSA PRIVATE KEY-----******************************** |
License issues 🚩
18 issues
| Package | Licenses | Package location |
|---|---|---|
| web3-eth-ens 4.2.0 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-eth-contract 4.4.0 |
GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-rpc-methods 1.2.0 |
GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-net 4.0.7 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
| web3-eth-abi 4.2.1 | GNU Lesser General Public License v3.0 only |
./package.json#1 |
There are 13 more issues. You can see all the new issues by logging into Backslash
Malicious OSS packages 🚩
1 issues
| Malicious package | References | Package location |
|---|---|---|
| fsevents 1.2.10 | GHSA-xv2f-5jw4-v95m |
./package.json#1 |
IaC misconfigurations 🚩
7 issues
| Rule name | Misconfig location | Description |
|---|---|---|
| No HEALTHCHECK defined |
test/smoke/Dockerfile#-1 |
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. |
| 'apk add' is missing '--no-cache' |
test/smoke/Dockerfile#3 |
You should use 'apk add' with '--no-cache' to clean package cached data and reduce image size. |
| ':latest' tag used | test/smoke/Dockerfile#1 |
When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated. |
| 'apt-get' missing '--no-install-recommends' |
Dockerfile#25 | 'apt-get' install should use '--no-install-recommends' to minimize image size. |
| No HEALTHCHECK defined |
Dockerfile#-1 | You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. |
There are 2 more issues. You can see all the new issues by logging into Backslash
View the scan details in the PR check logs for this PR or in Backslash Platform
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context.
Resolved or fixed issue:
Affirmation