Skip to content

Revert "Get rid of the redundant multiuser module (#691)" #806

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vinokurig merged 1 commit into from
May 9, 2025

Revert "Get rid of the redundant multiuser module (#691)"

d151b67
Select commit
Loading
Failed to load commit list.
Merged

Revert "Get rid of the redundant multiuser module (#691)" #806

Revert "Get rid of the redundant multiuser module (#691)"
d151b67
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed May 9, 2025 in 3s

11 new alerts including 2 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 2 critical
  • 3 high
  • 6 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 89 in multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakConfigurationService.java

See this annotation in the file changed.

Code scanning / CodeQL

Cross-site scripting Medium

Cross-site scripting vulnerability due to a
user-provided value
Loading
.

Check warning on line 96 in multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakConfigurationService.java

See this annotation in the file changed.

Code scanning / CodeQL

Cross-site scripting Medium

Cross-site scripting vulnerability due to a
user-provided value
Loading
.

Check failure on line 172 in multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakServiceClient.java

See this annotation in the file changed.

Code scanning / CodeQL

Server-side request forgery Critical

Potential server-side request forgery due to a
user-provided value
Loading
.

Check failure on line 195 in multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakServiceClient.java

See this annotation in the file changed.

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
Loading
that depends on a
user-provided value
Loading
may run slow on strings starting with '' and with many repetitions of 'a'.

Check warning on line 66 in multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/oauth2/DelegatedOAuthAPI.java

See this annotation in the file changed.

Code scanning / CodeQL

URL redirection from remote source Medium

Untrusted URL redirection depends on a
user-provided value
Loading
.
Untrusted URL redirection depends on a
user-provided value
Loading
.

Check failure on line 78 in multiuser/keycloak/che-multiuser-keycloak-server/src/test/java/org/eclipse/che/multiuser/keycloak/server/KeycloakSigningKeyResolverTest.java

See this annotation in the file changed.

Code scanning / CodeQL

Use of a cryptographic algorithm with insufficient key size High test

This
key size
Loading
is less than the recommended key size of 2048 bits.

Check warning on line 88 in multiuser/keycloak/che-multiuser-keycloak-token-provider/src/main/java/org/eclipse/che/multiuser/keycloak/token/provider/contoller/TokenController.java

See this annotation in the file changed.

Code scanning / CodeQL

Information exposure through an error message Medium

Error information
Loading
can be exposed to an external user.

Check warning on line 90 in multiuser/keycloak/che-multiuser-keycloak-token-provider/src/main/java/org/eclipse/che/multiuser/keycloak/token/provider/contoller/TokenController.java

See this annotation in the file changed.

Code scanning / CodeQL

Cross-site scripting Medium

Cross-site scripting vulnerability due to a
user-provided value
Loading
.

Check warning on line 103 in multiuser/keycloak/che-multiuser-keycloak-token-provider/src/main/java/org/eclipse/che/multiuser/keycloak/token/provider/contoller/TokenController.java

See this annotation in the file changed.

Code scanning / CodeQL

Information exposure through an error message Medium

Error information
Loading
can be exposed to an external user.

Check failure on line 64 in multiuser/machine-auth/che-multiuser-machine-authentication/src/test/java/org/eclipse/che/multiuser/machine/authentication/server/signature/SignatureKeyManagerTest.java

See this annotation in the file changed.

Code scanning / CodeQL

Use of a cryptographic algorithm with insufficient key size High test

This
key size
Loading
is less than the recommended key size of 2048 bits.

Check failure on line 172 in multiuser/permission/che-multiuser-permission-workspace/src/main/java/org/eclipse/che/multiuser/permission/workspace/server/spi/jpa/MultiuserJpaWorkspaceDao.java

See this annotation in the file changed.

Code scanning / CodeQL

User-controlled data in numeric cast Critical

This cast to a narrower type depends on a
user-provided value
Loading
, potentially causing truncation.