[PM-33417] WebAuthn cache

[ike-kottlowski]

🎟️ Tracking

PM-33417

📔 Objective

[github-actions]

Checkmarx One – Scan Summary & Details – 2c201350-2d6a-4ed3-a6c0-aba547c7058f

---

New Issues (9)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	src/Api/AdminConsole/Controllers/GroupsController.cs: 275	details Method at line 275 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgUserId. This parameter ... Attack Vector
2		CSRF	src/Api/Vault/Controllers/CiphersController.cs: 1558	details Method at line 1558 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
3		CSRF	src/Api/Vault/Controllers/CiphersController.cs: 1385	details Method at line 1385 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
4		CSRF	src/Api/AdminConsole/Controllers/GroupsController.cs: 127	details Method at line 127 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from model. This parameter valu... Attack Vector
5		CSRF	src/Api/AdminConsole/Controllers/GroupsController.cs: 151	details Method at line 151 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from model. This parameter valu... Attack Vector
6		CSRF	src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 393	details Method at line 393 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
7		CSRF	src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 164	details Method at line 164 of /src/Api/AdminConsole/Public/Controllers/GroupsController.cs gets a parameter from a user request from model. This paramet... Attack Vector
8		CSRF	src/Api/AdminConsole/Public/Controllers/MembersController.cs: 232	details Method at line 232 of /src/Api/AdminConsole/Public/Controllers/MembersController.cs gets a parameter from a user request from model. This parame... Attack Vector
9		CSRF	src/Api/AdminConsole/Public/Controllers/MembersController.cs: 269	details Method at line 269 of /src/Api/AdminConsole/Public/Controllers/MembersController.cs gets a parameter from a user request from model. This parame... Attack Vector

---

Fixed Issues (7)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 393
	CSRF	src/Api/AdminConsole/Controllers/GroupsController.cs: 151
	CSRF	src/Api/AdminConsole/Controllers/GroupsController.cs: 127
	CSRF	src/Api/AdminConsole/Public/Controllers/MembersController.cs: 232
	CSRF	src/Api/AdminConsole/Controllers/GroupsController.cs: 275
	CSRF	src/Api/AdminConsole/Public/Controllers/MembersController.cs: 269
	CSRF	src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 167

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.49%. Comparing base (9c02f0c) to head (e08e34d).
⚠️ Report is 10 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7500      +/-   ##
==========================================
+ Coverage   59.26%   59.49%   +0.23%     
==========================================
  Files        2082     2089       +7     
  Lines       92060    92376     +316     
  Branches     8181     8207      +26     
==========================================
+ Hits        54556    54962     +406     
+ Misses      35563    35473      -90     
  Partials     1941     1941              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[enmande]

Just one question, below. Thank you!

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[enmande]

✨ thank you!