Skip to content

Comments

[PM-31820] added a null check to the id/partial route#7066

Open
Jingo88 wants to merge 1 commit intomainfrom
PM-31820-partial-route-add-null
Open

[PM-31820] added a null check to the id/partial route#7066
Jingo88 wants to merge 1 commit intomainfrom
PM-31820-partial-route-add-null

Conversation

@Jingo88
Copy link
Contributor

@Jingo88 Jingo88 commented Feb 24, 2026
edited by atlassian bot
Loading

🎟️ Tracking

PM-31820
VULN-383

📔 Objective

User could previously target a cipher they do not have edit access to and add a favorites or folder value for themselves. Adding null check to prevent this use case.

Screen Recordings in ticket

@Jingo88 Jingo88 requested a review from a team as a code owner February 24, 2026 17:50
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 24, 2026

Quality Gate Passed Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026

Logo
Checkmarx One – Scan Summary & Details380d0e6e-55ee-4a28-b20e-09ecefe2dd38

New Issues (1) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1533
detailsMethod at line 1533 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
Fixed Issues (3) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1527
MEDIUM CSRF /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 105
MEDIUM Use_Of_Hardcoded_Password /src/Core/Constants.cs: 171

@codecov
Copy link

codecov bot commented Feb 24, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.74%. Comparing base (0874163) to head (ea6385d).
⚠️ Report is 43 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7066      +/-   ##
==========================================
+ Coverage   56.47%   56.74%   +0.27%     
==========================================
  Files        1996     2013      +17     
  Lines       88040    88133      +93     
  Branches     7846     7849       +3     
==========================================
+ Hits        49717    50014     +297     
+ Misses      36486    36296     -190     
+ Partials     1837     1823      -14

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gbubemismith gbubemismith gbubemismith approved these changes

@nick-livefront nick-livefront Awaiting requested review from nick-livefront nick-livefront is a code owner automatically assigned from bitwarden/team-vault-dev

Assignees

No one assigned

Labels

needs-qa

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Jingo88 @gbubemismith