[SM-654] Individual secret permissions #4089

Thomas-Avery · 2024-05-15T22:26:15Z

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Code changes

file.ext: Description of what was changed and why

Before you submit

Please check for formatting errors (dotnet format --verify-no-changes) (required)
If making database changes - make sure you also update Entity Framework queries and/or migrations
Please add unit tests where it makes sense to do so (encouraged but not required)
If this change requires a documentation update - notify the documentation team
If this change has particular deployment requirements - notify the DevOps team

github-actions · 2024-05-15T23:06:15Z

Checkmarx One – Scan Summary & Details – 4b0be5d7-7f05-4c57-b22d-8f9a863bede2

New Issues

Issue	Source File / Package	Checkmarx Insight
CSRF	/src/Api/SecretsManager/Controllers/SecretsController.cs: [96](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/SecretsManager/Controllers/SecretsController.cs# L96)	Attack Vector
CSRF	/src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: [266](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/SecretsManager/Controllers/AccessPoliciesController.cs# L266)	Attack Vector
CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [84](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L84)	Attack Vector
CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [217](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L217)	Attack Vector
CSRF	/src/Api/Auth/Controllers/TwoFactorController.cs: [403](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/TwoFactorController.cs# L403)	Attack Vector
CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [641](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L641)	Attack Vector
CSRF	/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs: [92](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationDomainController.cs# L92)	Attack Vector
CSRF	/src/Api/AdminConsole/Controllers/OrganizationDomainController.cs: [92](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationDomainController.cs# L92)	Attack Vector
Path_Traversal	/src/Api/Tools/Controllers/SendsController.cs: [193](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Tools/Controllers/SendsController.cs# L193)	Attack Vector
Path_Traversal	/src/Api/Tools/Controllers/SendsController.cs: [193](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Tools/Controllers/SendsController.cs# L193)	Attack Vector
Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [375](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L375)	Attack Vector
Privacy_Violation	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [428](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L428)	Attack Vector
SSRF	/src/Billing/Controllers/FreshsalesController.cs: [50](https://github.com/bitwarden/server/blob/sm/sm-654//src/Billing/Controllers/FreshsalesController.cs# L50)	Attack Vector
SSRF	/src/Billing/Controllers/FreshsalesController.cs: [50](https://github.com/bitwarden/server/blob/sm/sm-654//src/Billing/Controllers/FreshsalesController.cs# L50)	Attack Vector
Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [340](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L340)	Attack Vector
Log_Forging	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [403](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L403)	Attack Vector
Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/InitiateDeleteOrganzation.html.hbs: [10](https://github.com/bitwarden/server/blob/sm/sm-654//src/Core/MailTemplates/Handlebars/InitiateDeleteOrganzation.html.hbs# L10)	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L628)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L628)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L628)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [628](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L628)
	CSRF	/src/Api/AdminConsole/Controllers/ProvidersController.cs: [82](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/ProvidersController.cs# L82)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L607)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L607)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L607)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [607](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L607)
	CSRF	/src/Api/Public/Controllers/CollectionsController.cs: [87](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Public/Controllers/CollectionsController.cs# L87)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [132](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/GroupsController.cs# L132)
	CSRF	/src/Api/AdminConsole/Controllers/ProvidersController.cs: [143](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/ProvidersController.cs# L143)
	CSRF	/src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: [229](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/SecretsManager/Controllers/AccessPoliciesController.cs# L229)
	CSRF	/src/Admin/AdminConsole/Controllers/ProvidersController.cs: [319](https://github.com/bitwarden/server/blob/sm/sm-654//src/Admin/AdminConsole/Controllers/ProvidersController.cs# L319)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [163](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/GroupsController.cs# L163)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [163](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/GroupsController.cs# L163)
	CSRF	/src/Api/Billing/Controllers/ProviderClientsController.cs: [28](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Billing/Controllers/ProviderClientsController.cs# L28)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [205](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L205)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [348](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L348)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [348](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L348)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [212](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L212)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [270](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L270)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [270](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L270)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [212](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L212)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [665](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L665)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [707](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L707)
	CSRF	/src/Api/Vault/Controllers/FoldersController.cs: [45](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/FoldersController.cs# L45)
	CSRF	/src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: [51](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs# L51)
	CSRF	/src/Api/Controllers/UsersController.cs: [22](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/UsersController.cs# L22)
	CSRF	/src/Api/Controllers/DevicesController.cs: [70](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/DevicesController.cs# L70)
	CSRF	/src/Api/Controllers/DevicesController.cs: [57](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/DevicesController.cs# L57)
	CSRF	/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: [69](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/PoliciesController.cs# L69)
	CSRF	/src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: [49](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/PoliciesController.cs# L49)
	CSRF	/src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [92](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L92)
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [49](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L49)
	CSRF	/src/Api/AdminConsole/Controllers/ProviderUsersController.cs: [142](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/ProviderUsersController.cs# L142)
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: [148](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/PoliciesController.cs# L148)
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: [78](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/PoliciesController.cs# L78)
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: [61](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/PoliciesController.cs# L61)
	CSRF	/bitwarden_license/src/Sso/Controllers/AccountController.cs: [163](https://github.com/bitwarden/server/blob/sm/sm-654//bitwarden_license/src/Sso/Controllers/AccountController.cs# L163)
	CSRF	/bitwarden_license/src/Sso/Controllers/AccountController.cs: [96](https://github.com/bitwarden/server/blob/sm/sm-654//bitwarden_license/src/Sso/Controllers/AccountController.cs# L96)
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/UsersController.cs: [50](https://github.com/bitwarden/server/blob/sm/sm-654//bitwarden_license/src/Scim/Controllers/v2/UsersController.cs# L50)
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [161](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L161)
	CSRF	/src/Api/Auth/Controllers/EmergencyAccessController.cs: [159](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/EmergencyAccessController.cs# L159)
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: [98](https://github.com/bitwarden/server/blob/sm/sm-654//bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs# L98)
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: [88](https://github.com/bitwarden/server/blob/sm/sm-654//bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs# L88)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [193](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L193)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [920](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L920)
	CSRF	/src/Api/Controllers/SettingsController.cs: [36](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/SettingsController.cs# L36)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [526](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L526)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [222](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L222)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [541](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L541)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1150](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L1150)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [778](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L778)
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: [133](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/GroupsController.cs# L133)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [316](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L316)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [961](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L961)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [308](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L308)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [222](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L222)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [464](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L464)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [570](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L570)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [752](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L752)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [217](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L217)
	CSRF	/src/Admin/AdminConsole/Controllers/OrganizationsController.cs: [334](https://github.com/bitwarden/server/blob/sm/sm-654//src/Admin/AdminConsole/Controllers/OrganizationsController.cs# L334)
	CSRF	/src/Admin/AdminConsole/Controllers/ProvidersController.cs: [243](https://github.com/bitwarden/server/blob/sm/sm-654//src/Admin/AdminConsole/Controllers/ProvidersController.cs# L243)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [841](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L841)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [81](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/GroupsController.cs# L81)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [118](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/GroupsController.cs# L118)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [357](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L357)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
	CSRF	/src/Identity/Controllers/AccountsController.cs: [72](https://github.com/bitwarden/server/blob/sm/sm-654//src/Identity/Controllers/AccountsController.cs# L72)
	CSRF	/src/Api/Public/Controllers/CollectionsController.cs: [64](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Public/Controllers/CollectionsController.cs# L64)
	CSRF	/src/Identity/Controllers/AccountsController.cs: [50](https://github.com/bitwarden/server/blob/sm/sm-654//src/Identity/Controllers/AccountsController.cs# L50)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [570](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L570)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [411](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L411)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [657](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L657)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [657](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L657)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [375](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L375)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [303](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L303)
	CSRF	/src/Api/Tools/Controllers/ImportCiphersController.cs: [48](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Tools/Controllers/ImportCiphersController.cs# L48)
	CSRF	/src/Api/Tools/Controllers/ImportCiphersController.cs: [64](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Tools/Controllers/ImportCiphersController.cs# L64)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [992](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L992)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [111](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L111)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [125](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L125)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [568](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L568)
	CSRF	/src/Api/Auth/Controllers/TwoFactorController.cs: [403](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/TwoFactorController.cs# L403)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationsController.cs: [315](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationsController.cs# L315)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1073](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L1073)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1073](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L1073)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [277](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/GroupsController.cs# L277)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [261](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L261)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [301](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L301)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [928](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L928)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [150](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L150)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [150](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L150)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [411](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L411)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [375](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L375)
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: [260](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/GroupsController.cs# L260)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [855](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L855)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [159](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L159)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [770](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L770)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [193](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L193)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [861](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L861)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [283](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L283)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [303](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L303)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [403](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L403)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [174](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L174)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [428](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L428)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [261](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L261)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [87](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L87)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [233](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L233)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [315](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L315)
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: [333](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/OrganizationUsersController.cs# L333)
	CSRF	/src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs: [48](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs# L48)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [144](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L144)
	CSRF	/src/Api/AdminConsole/Controllers/ProviderUsersController.cs: [175](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Controllers/ProviderUsersController.cs# L175)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1047](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L1047)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1047](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L1047)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [1096](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L1096)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [196](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L196)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [187](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L187)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [156](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L156)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [187](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L187)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [816](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L816)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [583](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L583)
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: [583](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Vault/Controllers/CiphersController.cs# L583)
	CSRF	/src/Api/Controllers/CollectionsController.cs: [323](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Controllers/CollectionsController.cs# L323)
	CSRF	/src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: [42](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/OrganizationController.cs# L42)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [59](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L59)
	CSRF	/src/Api/AdminConsole/Public/Controllers/MembersController.cs: [127](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/AdminConsole/Public/Controllers/MembersController.cs# L127)
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: [515](https://github.com/bitwarden/server/blob/sm/sm-654//src/Api/Auth/Controllers/AccountsController.cs# L515)
	CSRF

More results are available on AST platform

codecov · 2024-05-16T17:40:32Z

Codecov Report

Attention: Patch coverage is 78.08219% with 144 lines in your changes are missing coverage. Please review.

Project coverage is 39.72%. Comparing base (9da75fc) to head (ae012e1).
Report is 1 commits behind head on main.

Files	Patch %	Lines
...rk/SecretsManager/Repositories/SecretRepository.cs	49.10%	80 Missing and 5 partials ⚠️
...retsManager/Repositories/AccessPolicyRepository.cs	60.34%	23 Missing ⚠️
...tsManager/Repositories/ServiceAccountRepository.cs	0.00%	20 Missing ⚠️
...nager/Models/Response/AccessPolicyResponseModel.cs	77.77%	6 Missing and 4 partials ⚠️
...SecretsManager/Models/Data/SecretAccessPolicies.cs	96.42%	0 Missing and 3 partials ⚠️
...tionHandlers/Secrets/SecretAuthorizationHandler.cs	95.45%	0 Missing and 1 partial ⚠️
...Manager/Models/Request/SecretUpdateRequestModel.cs	92.85%	0 Missing and 1 partial ⚠️
...AccessPolicyUpdates/SecretAccessPoliciesUpdates.cs	95.45%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4089      +/-   ##
==========================================
+ Coverage   39.31%   39.72%   +0.41%     
==========================================
  Files        1210     1218       +8     
  Lines       58335    58919     +584     
  Branches     5369     5421      +52     
==========================================
+ Hits        22934    23407     +473     
- Misses      34320    34418      +98     
- Partials     1081     1094      +13

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

…Async

Thomas-Avery added 7 commits May 15, 2024 17:19

Add new request and data models

8128eb7

Update repository to support secret access policy updates

33d4982

Update and add authz handlers

0b7653f

Add new access policy query

cab3419

Update commands

9c356d4

Add authz handler and query to DI

275b224

Update controllers for secret access policies

1199bb5

Thomas-Avery self-assigned this May 15, 2024

Merge branch 'main' into sm/sm-654

c86beca

Merge branch 'main' into sm/sm-654

5a27db9

Thomas-Avery and others added 10 commits May 20, 2024 11:37

Merge branch 'main' into sm/sm-654

c03d165

fix GetSecretAccessPoliciesAsync

c8e4448

honor direct permissions in GetManyByOrganizationIdWithSecretsDetails…

d697750

…Async

GetSecretAccessPolicies unit tests

2ac8f96

GetSecretAccessPoliciesAsync integration tests

c3301e9

update update & create secret unit tests

fbc185a

Update interface

e68d41c

Add update & create secret integration tests

396380c

Merge branch 'main' into sm/sm-654

842baef

Fix project mapping handling

ae012e1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SM-654] Individual secret permissions #4089

[SM-654] Individual secret permissions #4089

Thomas-Avery commented May 15, 2024

github-actions bot commented May 15, 2024 •

edited

codecov bot commented May 16, 2024 •

edited

[SM-654] Individual secret permissions #4089

Are you sure you want to change the base?

[SM-654] Individual secret permissions #4089

Conversation

Thomas-Avery commented May 15, 2024

Type of change

Objective

Code changes

Before you submit

github-actions bot commented May 15, 2024 • edited

New Issues

Fixed Issues

codecov bot commented May 16, 2024 • edited

Codecov Report

github-actions bot commented May 15, 2024 •

edited

codecov bot commented May 16, 2024 •

edited