Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CMDCT-4228: Address Pen Test Findings #12000

Merged
merged 7 commits into from
Jan 9, 2025
Merged

CMDCT-4228: Address Pen Test Findings #12000

merged 7 commits into from
Jan 9, 2025
+54 −62

Conversation

karla-vm
Copy link
Collaborator

@karla-vm karla-vm commented Jan 9, 2025

Description

The CCIC penetration testing team was able to inject HTML into the Admin Banner form. @benmartin-coforma investigated a potential issue with DOMpurify not cleaning up a string that was larger than 16KB and found a solution which is being addressed here.

Related ticket(s)

CMDCT-4228

How to test

N/A

Notes

Pre-review checklist

  • I have added thorough tests, if necessary
  • I have updated relevant documentation, if necessary
  • I have performed a self-review of my code
  • I have manually tested this PR in the deployed cloud environment

Pre-merge checklist

Review

  • Design: This work has been reviewed and approved by design, if necessary
  • Product: This work has been reviewed and approved by product owner, if necessary

Security

If either of the following are true, notify the team's ISSO (Information System Security Officer).

  • These changes are significant enough to require an update to the SIA.
  • These changes are significant enough to require a penetration test.

convert to a different template: test → val | val → prod

@karla-vm karla-vm self-assigned this Jan 9, 2025
JonHolman
JonHolman previously approved these changes Jan 9, 2025
View reviewed changes
gmrabian
gmrabian previously approved these changes Jan 9, 2025
View reviewed changes
@karla-vm karla-vm mentioned this pull request Jan 9, 2025
Merged
8 tasks
@karla-vm karla-vm enabled auto-merge (squash) January 9, 2025 15:50
@karla-vm karla-vm dismissed stale reviews from gmrabian and JonHolman via 017ee3c January 9, 2025 17:03
@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 9, 2025

Code Climate has analyzed commit 017ee3c and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (90% is the threshold).

This pull request will bring the total coverage in the repository to 96.7% (0.0% change).

View more on Code Climate.

@karla-vm karla-vm merged commit 35d3302 into main Jan 9, 2025
19 checks passed
@karla-vm karla-vm deleted the cmdct-4228 branch January 9, 2025 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bangbay-bluetiger bangbay-bluetiger bangbay-bluetiger approved these changes

@benmartin-coforma benmartin-coforma benmartin-coforma approved these changes

@JonHolman JonHolman JonHolman approved these changes

@gmrabian gmrabian gmrabian left review comments

@ntsummers1 ntsummers1 Awaiting requested review from ntsummers1

@britt-mo britt-mo Awaiting requested review from britt-mo

@BearHanded BearHanded Awaiting requested review from BearHanded BearHanded is a code owner

@braxex braxex Awaiting requested review from braxex braxex is a code owner

@jessabean jessabean Awaiting requested review from jessabean jessabean is a code owner

Assignees

@karla-vm karla-vm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@karla-vm @JonHolman @gmrabian @benmartin-coforma @bangbay-bluetiger @mdct-github-service-account