feat: Virtru as attribute store #40634
Layne — success
Found 3 issue(s): 0 critical, 3 high, 0 medium, 0 low.
Excepted findings:
- LAYNE-8598b68f3ce8435a [semgrep/app.config.semgrep.rules.rocketchat.ssrf-validation-bypass-without-justification] ee/packages/abac/src/clients/virtru/VirtruClient.ts:37 — excepted by @julio-rocketchat: "these are acceptable and valid ignoreSsrfValidation entries, not vulnerabilities"
- LAYNE-e568b73325f960fd [semgrep/app.config.semgrep.rules.rocketchat.ssrf-validation-bypass-without-justification] ee/packages/abac/src/clients/virtru/VirtruClient.ts:67 — excepted by @julio-rocketchat: "these are acceptable and valid ignoreSsrfValidation entries, not vulnerabilities"
- LAYNE-5929c5f8cb7138d7 [semgrep/app.config.semgrep.rules.rocketchat.ssrf-validation-bypass-without-justification] ee/packages/abac/src/clients/virtru/VirtruClient.ts:103 — excepted by @julio-rocketchat: "these are acceptable and valid ignoreSsrfValidation entries, not vulnerabilities"
All findings are still annotated below for reference.
Annotations
Check failure on line 37 in ee/packages/abac/src/clients/virtru/VirtruClient.ts
rc-layne / Layne Security Scan
[semgrep] app.config.semgrep.rules.rocketchat.ssrf-validation-bypass-without-justification
[R37] SSRF validation is disabled. Ensure the URL is not user-controlled or is restricted to a known-safe allowlist.
Check failure on line 67 in ee/packages/abac/src/clients/virtru/VirtruClient.ts
rc-layne / Layne Security Scan
[semgrep] app.config.semgrep.rules.rocketchat.ssrf-validation-bypass-without-justification
[R67] SSRF validation is disabled. Ensure the URL is not user-controlled or is restricted to a known-safe allowlist.
Check failure on line 103 in ee/packages/abac/src/clients/virtru/VirtruClient.ts
rc-layne / Layne Security Scan
[semgrep] app.config.semgrep.rules.rocketchat.ssrf-validation-bypass-without-justification
[R103] SSRF validation is disabled. Ensure the URL is not user-controlled or is restricted to a known-safe allowlist.