Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-7624] Update three-dot menu actions (including bulk actions) in individual vault #9109

Open
wants to merge 24 commits into
base: main
Choose a base branch
from
Open

[PM-7624] Update three-dot menu actions (including bulk actions) in individual vault #9109

wants to merge 24 commits into from
+102 −5

Conversation

gbubemismith
Copy link
Member

@gbubemismith gbubemismith commented May 9, 2024
edited

Type of change

- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Update the 3 dots menu with the new actions (but the actions are not linked yet).

Code changes

  • libs/common/src/enums/feature-flag.enum.ts: Added the feature flag
  • apps/web/src/app/vault/components/vault-items/vault-items.component.html: Created the new menu dropdown without wiring up the menu actions, as another ticket would handle that. The new menu is put behind a feature flag.

Screenshots

image

Before you submit

  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team
  • Ensure that all UI additions follow WCAG AA requirements

@gbubemismith
fixed issue with clearing search index state
0795fef
@gbubemismith
clear user index before account is totally cleaned up
4fdc9c6
@gbubemismith
added logout clear on option
bcceddb
@gbubemismith
removed redundant clear index from logout
dddeb93
@gbubemismith
Merge branches 'vault/PM-7400' and 'main' of github.com:bitwarden/cli…
fa810ee 
…ents
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
806154c
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
f28adf2
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
3def6d6
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
0a893f8
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
f4dd18e
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
d864b37
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
9cd0d42
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
8755a07
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
30b4bab
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
9c7e806
@gbubemismith
Merge branch 'main' of github.com:bitwarden/clients
55e4e46
@gbubemismith
added feature flag
777f0d5
@gbubemismith
added new menu drop down and put behind feature flag
1bd47b0
@gbubemismith
added permanentlyDeleteSelected to the menu
170c1db
@gbubemismith
added permanentlyDeleteSelected to the menu
642e7fc
@github-actions github-actions bot added the needs-qa Marks a PR as requiring QA approval label May 9, 2024
@codecov Codecov
Copy link

codecov bot commented May 9, 2024
edited

Codecov Report

Attention: Patch coverage is 33.33333% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 27.76%. Comparing base (8e97c1c) to head (665326a).
Report is 178 commits behind head on main.

Current head 665326a differs from pull request most recent head a7fc71c

Please upload reports for the commit a7fc71c to get more accurate results.

Files Patch % Lines
...lt/components/vault-items/vault-items.component.ts 0.00% 1 Missing ⚠️
.../src/app/vault/individual-vault/vault.component.ts 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #9109   +/-   ##
=======================================
  Coverage   27.76%   27.76%           
=======================================
  Files        2421     2421           
  Lines       70097    70100    +3     
  Branches    13059    13059           
=======================================
+ Hits        19462    19463    +1     
- Misses      49123    49125    +2     
  Partials     1512     1512

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 9, 2024
edited

Logo
Checkmarx One – Scan Summary & Details7cbc7523-6ccb-4045-9757-e08f0f489277

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: [25](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/components/src/color-password/color-password.component.ts# L25) Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: [30](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/billing/shared/add-credit.component.ts# L30) Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: [135](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/billing/shared/add-credit.component.ts# L135) Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: [70](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/billing/shared/add-credit.component.ts# L70) Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: [80](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/billing/shared/add-credit.component.ts# L80) Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: [146](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/billing/shared/add-credit.component.ts# L146) Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.html: [46](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/billing/shared/add-credit.component.html# L46) Attack Vector
MEDIUM Unpinned Actions Full Length Commit SHA /build-cli.yml: [380](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/build-cli.yml# L380) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [44](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L44) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [169](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L169) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [176](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L176) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [236](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L236) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [151](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L151) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [183](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L183) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [70](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L70) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [286](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L286) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [348](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L348) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [190](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L190) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/pin-service.factory.ts: [64](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/background/service-factories/pin-service.factory.ts# L64) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/device-trust-service.factory.ts: [83](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/background/service-factories/device-trust-service.factory.ts# L83) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/device-trust-service.factory.ts: [82](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/background/service-factories/device-trust-service.factory.ts# L82) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/auth-request-service.factory.ts: [54](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/background/service-factories/auth-request-service.factory.ts# L54) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts: [125](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts# L125) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/platform/background/service-factories/key-generation-service.factory.ts: [23](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/platform/background/service-factories/key-generation-service.factory.ts# L23) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/tools/background/service_factories/import-service.factory.ts: [63](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/tools/background/service_factories/import-service.factory.ts# L63) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts: [77](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts# L77) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts: [70](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts# L70) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/vault/background/service_factories/collection-service.factory.ts: [37](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/background/service_factories/collection-service.factory.ts# L37) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts: [67](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts# L67) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/background/service-factories/send-service.factory.ts: [50](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/background/service-factories/send-service.factory.ts# L50) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/vault/background/service_factories/totp-service.factory.ts: [34](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/background/service_factories/totp-service.factory.ts# L34) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/platform/background/service-factories/crypto-service.factory.ts: [78](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/platform/background/service-factories/crypto-service.factory.ts# L78) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/auth-service.factory.ts: [51](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/background/service-factories/auth-service.factory.ts# L51) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/cli/src/platform/services/node-env-secure-storage.service.ts: [62](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/cli/src/platform/services/node-env-secure-storage.service.ts# L62) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/cli/src/platform/services/node-env-secure-storage.service.ts: [81](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/cli/src/platform/services/node-env-secure-storage.service.ts# L81) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/vault/background/service_factories/cipher-service.factory.ts: [75](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/background/service_factories/cipher-service.factory.ts# L75) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/vault/background/service_factories/folder-service.factory.ts: [42](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/background/service_factories/folder-service.factory.ts# L42) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/tools/background/service_factories/password-generation-service.factory.ts: [41](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/tools/background/service_factories/password-generation-service.factory.ts# L41) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/platform/background/service-factories/encrypt-service.factory.ts: [34](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/platform/background/service-factories/encrypt-service.factory.ts# L34) Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/background/service-factories/password-generation-service.factory.ts: [41](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/background/service-factories/password-generation-service.factory.ts# L41) Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH Client_DOM_Code_Injection /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
HIGH Client_DOM_Code_Injection /apps/browser/src/autofill/services/collect-autofill-content.service.ts: [1071](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/autofill/services/collect-autofill-content.service.ts# L1071)
HIGH Client_DOM_Stored_XSS /apps/web/src/connectors/sso.ts: [33](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/sso.ts# L33)
HIGH Client_DOM_XSS /apps/browser/src/auth/scripts/duo.js: [285](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/scripts/duo.js# L285)
HIGH Client_DOM_XSS /apps/browser/src/auth/scripts/duo.js: [285](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/scripts/duo.js# L285)
HIGH Client_DOM_XSS /apps/desktop/src/auth/scripts/duo.js: [285](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/scripts/duo.js# L285)
HIGH Client_DOM_XSS /apps/desktop/src/auth/scripts/duo.js: [285](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/scripts/duo.js# L285)
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: [21](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/sso.ts# L21)
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: [19](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/sso.ts# L19)
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: [15](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/sso.ts# L15)
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: [347](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/cli/src/commands/serve.command.ts# L347)
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: [315](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/cli/src/commands/serve.command.ts# L315)
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: [347](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/cli/src/commands/serve.command.ts# L347)
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: [315](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/cli/src/commands/serve.command.ts# L315)
MEDIUM Angular_Improper_Type_Pipe_Usage /apps/browser/src/vault/popup/components/fido2/fido2-use-browser-link.component.html: [1](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/popup/components/fido2/fido2-use-browser-link.component.html# L1)
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/password-generator-history.component.html: [11](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/tools/password-generator-history.component.html# L11)
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/password-generator-history.component.html: [11](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/tools/password-generator-history.component.html# L11)
MEDIUM Client_Privacy_Violation /apps/browser/src/background/runtime.background.ts: [323](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/background/runtime.background.ts# L323)
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: [14](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/tools/reports/pages/breach-report.component.html# L14)
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: [12](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/account-switching/account.component.ts# L12)
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: [12](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/account-switching/account.component.ts# L12)
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: [12](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/account-switching/account.component.ts# L12)
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: [26](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/components/src/color-password/color-password.component.ts# L26)
MEDIUM Client_Privacy_Violation /apps/desktop/src/auth/lock.component.html: [32](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/lock.component.html# L32)
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/lock.component.html: [18](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/auth/lock.component.html# L18)
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/lock.component.html: [18](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/auth/lock.component.html# L18)
MEDIUM Client_Privacy_Violation /apps/desktop/src/auth/lock.component.html: [32](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/lock.component.html# L32)
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/recover-two-factor.component.html: [37](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/app/auth/recover-two-factor.component.html# L37)
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: [534](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/vault/app/vault/view.component.html# L534)
MEDIUM Client_Privacy_Violation /apps/web/src/connectors/webauthn-fallback.ts: [116](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/webauthn-fallback.ts# L116)
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts: [161](https://github.com/bitwarden/clients/blob/vault/PM-7624//bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts# L161)
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts: [161](https://github.com/bitwarden/clients/blob/vault/PM-7624//bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts# L161)
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: [14](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/components/src/color-password/color-password.component.ts# L14)
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: [60](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/vault/app/vault/view.component.html# L60)
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: [56](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/vault/app/vault/view.component.html# L56)
MEDIUM Client_Privacy_Violation /apps/browser/src/tools/popup/generator/password-generator-history.component.html: [26](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/tools/popup/generator/password-generator-history.component.html# L26)
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault/password-history.component.html: [18](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/popup/components/vault/password-history.component.html# L18)
MEDIUM Client_Privacy_Violation /apps/desktop/src/app/tools/password-generator-history.component.html: [15](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/app/tools/password-generator-history.component.html# L15)
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/password-history.component.html: [12](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/vault/app/vault/password-history.component.html# L12)
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: [50](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/vault/app/vault/view.component.html# L50)
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: [14](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/components/src/color-password/color-password.component.ts# L14)
MEDIUM Client_Privacy_Violation /apps/browser/src/tools/popup/generator/password-generator-history.component.html: [26](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/tools/popup/generator/password-generator-history.component.html# L26)
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault/password-history.component.html: [18](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/popup/components/vault/password-history.component.html# L18)
MEDIUM Client_Privacy_Violation /apps/desktop/src/app/tools/password-generator-history.component.html: [15](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/app/tools/password-generator-history.component.html# L15)
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/password-history.component.html: [12](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/vault/app/vault/password-history.component.html# L12)
MEDIUM Missing_HSTS_Header /apps/cli/src/auth/commands/login.command.ts: [707](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/cli/src/auth/commands/login.command.ts# L707)
MEDIUM SSRF /libs/importer/src/importers/lastpass/access/services/rest-client.ts: [69](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/importer/src/importers/lastpass/access/services/rest-client.ts# L69)
MEDIUM SSRF /libs/importer/src/importers/lastpass/access/services/rest-client.ts: [69](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/importer/src/importers/lastpass/access/services/rest-client.ts# L69)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [163](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L163)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [508](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L508)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [82](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L82)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [360](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L360)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [492](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L492)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [181](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L181)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [516](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L516)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [202](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L202)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [195](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L195)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [188](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L188)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [248](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L248)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [48](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L48)
MEDIUM Unpinned Actions Full Length Commit SHA /build-cli.yml: [404](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/build-cli.yml# L404)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [298](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L298)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [500](https://github.com/bitwarden/clients/blob/vault/PM-7624//.github/workflows/version-bump.yml# L500)
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/avatar/avatar.component.ts: [80](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/components/src/avatar/avatar.component.ts# L80)
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /apps/desktop/src/app/components/avatar.component.ts: [75](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/app/components/avatar.component.ts# L75)
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/icon/icon.component.ts: [18](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/components/src/icon/icon.component.ts# L18)
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/icon/icon.component.ts: [18](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/components/src/icon/icon.component.ts# L18)
LOW Client_DOM_Open_Redirect /apps/browser/src/platform/popup/layout/popup-header.component.ts: [29](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/platform/popup/layout/popup-header.component.ts# L29)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/accessibility-cookie.component.html: [18](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/accessibility-cookie.component.html# L18)
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: [21](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/sso.ts# L21)
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: [19](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/sso.ts# L19)
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: [2](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/common.ts# L2)
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: [15](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/web/src/connectors/sso.ts# L15)
LOW Client_DOM_Open_Redirect /apps/browser/src/tools/popup/generator/password-generator-history.component.ts: [18](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/tools/popup/generator/password-generator-history.component.ts# L18)
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/account-switching/current-account.component.ts: [35](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/account-switching/current-account.component.ts# L35)
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: [52](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/login-via-auth-request.component.ts# L52)
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: [52](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/login-via-auth-request.component.ts# L52)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: [60](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/login/login-via-auth-request.component.ts# L60)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: [60](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/login/login-via-auth-request.component.ts# L60)
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: [52](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/login-via-auth-request.component.ts# L52)
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: [52](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/login-via-auth-request.component.ts# L52)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: [60](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/login/login-via-auth-request.component.ts# L60)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: [60](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/login/login-via-auth-request.component.ts# L60)
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/account-switching/account.component.ts: [24](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/popup/account-switching/account.component.ts# L24)
LOW Client_DOM_Open_Redirect /apps/browser/src/vault/popup/components/vault/password-history.component.ts: [21](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/popup/components/vault/password-history.component.ts# L21)
LOW Client_DOM_Open_Redirect /apps/browser/src/vault/popup/components/vault/attachments.component.ts: [32](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/vault/popup/components/vault/attachments.component.ts# L32)
LOW Client_DOM_Open_Redirect /apps/browser/src/billing/popup/settings/premium.component.ts: [27](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/billing/popup/settings/premium.component.ts# L27)
LOW Client_DOM_Open_Redirect /libs/common/src/auth/iframe-component.ts: [49](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/common/src/auth/iframe-component.ts# L49)
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: [277](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/scripts/duo.js# L277)
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: [277](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/browser/src/auth/scripts/duo.js# L277)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: [277](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/scripts/duo.js# L277)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: [277](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/scripts/duo.js# L277)
LOW Client_DOM_Open_Redirect /libs/common/src/auth/webauthn-iframe.ts: [25](https://github.com/bitwarden/clients/blob/vault/PM-7624//libs/common/src/auth/webauthn-iframe.ts# L25)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: [277](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/scripts/duo.js# L277)
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: [277](https://github.com/bitwarden/clients/blob/vault/PM-7624//apps/desktop/src/auth/scripts/duo.js# L277)
LOW

More results are available on AST platform

@gbubemismith gbubemismith marked this pull request as ready for review May 10, 2024 17:00
@gbubemismith gbubemismith requested a review from a team as a code owner May 10, 2024 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shane-melton shane-melton Awaiting requested review from shane-melton shane-melton is a code owner automatically assigned from bitwarden/team-vault-dev

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs-qa Marks a PR as requiring QA approval
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@gbubemismith