Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CEF #8575

Draft
wants to merge 29 commits into
base: main
Choose a base branch
from
Draft

CEF #8575

wants to merge 29 commits into from

Conversation

Hinton
Copy link
Member

@Hinton Hinton commented Apr 2, 2024 

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Code changes

  • file.ext: Description of what was changed and why

Screenshots

Before you submit

  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team
  • Ensure that all UI additions follow WCAG AA requirements

cagonzalezcs and others added 18 commits March 21, 2024 10:01
@cagonzalezcs
POC of content script implementation for CREEP
95c15fd
@cagonzalezcs
Reworking implementation to leverage import view
fda8088
@cagonzalezcs
Merge branch 'main' into creep-content-script-poc
97d5ccd
@djsmith85
Create Credential Exchange Format import
515bfdd 
Created types for the Credential Exchange Format
Created test-data
Created cef-importer
Wrote unit tests that cover importing:
  - basic-auth logins
  - partial passkey support
  - credit-cards
  - folders and subfolders
  - collections and subcollections when importing into an organization
@djsmith85
Add example file from Nordpass
586e1f2
@djsmith85
Register CEFImporter wkith import.service
8c48fd4
@djsmith85
TESTING: Put exampleFile into fileContents-field and call performImpo…
f840ec0 
…rt, which will call the proper CEFImporter

Will fail because of incomplete passkey support
Comment out the passkey part in the example file to test complete flow.
@djsmith85
Fix linting
4967c28
@cagonzalezcs
Merge branch 'main' into creep-content-script-poc
843b5fd
@cagonzalezcs
Reworking implementation to handle extension messaging logic through …
0f4f9d9 
…the import-browser component
@cagonzalezcs
Implementing initial notification bar poc
dd1bf27
@cagonzalezcs
Finalizing notification bar workflow
9867c6a
@djsmith85
WIP for the CREEP importer
71c9532
@abergs
Rename to UI to Universal Credential Exchange
546358c
@abergs
Changed a little bit of UI
145adc9
@Hinton
Remove mocked response, fix jszip, fix import
9c19787
@Hinton
Use our own b64 util since jszip does not handle non padded b64
37a24c4
@Hinton
Wip hpke
bc5b1be
@github-actions github-actions bot added the needs-qa Marks a PR as requiring QA approval label Apr 2, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 2, 2024
edited

Logo
Checkmarx One – Scan Summary & Detailsffe9c06f-a7bc-45bc-93ac-2e3924448234

New Issues

Severity Issue Source File / Package Checkmarx Insight
LOW Client_Password_In_Comment /libs/importer/src/importers/cef/cef-importer.ts: 114 Attack Vector

Hinton
Hinton commented Apr 9, 2024
View reviewed changes
libs/common/src/vault/services/fido2/fido2-authenticator.service.ts Outdated
@@ -289,7 +289,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
return {
authenticatorData,
selectedCredential: {
id: guidToRawFormat(selectedCredentialId),
id: Utils.fromUtf8ToArray(selectedCredentialId),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@coroiu This seems to be the main difference in how we handle passkeys. I think we can essentially migrate to storing our data B64Url encoded directly and have a if UUID fallback pattern.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah looks good, we should've done this from the start, but alas, we have debt instead :)

@JuniAlves2022

This comment was marked as spam.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coroiu coroiu coroiu left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs-qa Marks a PR as requiring QA approval
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@Hinton @JuniAlves2022 @coroiu @cagonzalezcs @djsmith85 @abergs