Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-7917] Remove session sync #9024

Merged
merged 2 commits into from
May 7, 2024
Merged

[PM-7917] Remove session sync #9024

merged 2 commits into from
May 7, 2024

Conversation

MGibson1
Copy link
Member

@MGibson1 MGibson1 commented May 2, 2024
edited
Loading

Type of change

- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Remove dead storage code, replaced by state providers

Draft Reason

Draft reason: Depends on #9023

Before you submit

  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team
  • Ensure that all UI additions follow WCAG AA requirements

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 2, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details4bb10f09-8966-4e6a-9c19-ca909b0a18d1

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Missing_HSTS_Header /apps/web/src/app/tools/reports/pages/inactive-two-factor-report.component.ts: 105 Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH Client_DOM_Code_Injection /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_Code_Injection /apps/browser/src/autofill/services/collect-autofill-content.service.ts: 1054
HIGH Client_DOM_Stored_XSS /apps/web/src/connectors/sso.ts: 33
HIGH Client_DOM_XSS /apps/browser/src/auth/scripts/duo.js: 285
HIGH Client_DOM_XSS /apps/browser/src/auth/scripts/duo.js: 285
HIGH Client_DOM_XSS /apps/desktop/src/auth/scripts/duo.js: 285
HIGH Client_DOM_XSS /apps/desktop/src/auth/scripts/duo.js: 285
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: 21
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: 19
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: 15
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: 344
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: 312
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: 344
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: 312
MEDIUM Angular_Improper_Type_Pipe_Usage /apps/browser/src/vault/popup/components/fido2/fido2-use-browser-link.component.html: 1
MEDIUM Angular_Improper_Type_Pipe_Usage /apps/web/src/app/billing/organizations/adjust-subscription.component.html: 54
MEDIUM Angular_Improper_Type_Pipe_Usage /apps/web/src/app/billing/organizations/adjust-subscription.component.html: 18
MEDIUM Client_Privacy_Violation /apps/browser/src/background/runtime.background.ts: 308
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 14
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: 12
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: 12
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: 12
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: 25
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: 26
MEDIUM Client_Privacy_Violation /apps/desktop/src/auth/lock.component.html: 32
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/lock.component.html: 18
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 30
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 70
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 80
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 146
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 135
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts: 161
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: 534
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.html: 46
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/recover-two-factor.component.html: 37
MEDIUM Client_Privacy_Violation /apps/desktop/src/auth/lock.component.html: 32
MEDIUM Client_Privacy_Violation /apps/web/src/connectors/webauthn-fallback.ts: 116
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts: 161
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/lock.component.html: 18
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: 14
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: 60
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: 56
MEDIUM Client_Privacy_Violation /apps/browser/src/tools/popup/generator/password-generator-history.component.html: 26
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault/password-history.component.html: 18
MEDIUM Client_Privacy_Violation /apps/desktop/src/app/tools/password-generator-history.component.html: 15
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/password-history.component.html: 12
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: 50
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: 14
MEDIUM Client_Privacy_Violation /apps/browser/src/tools/popup/generator/password-generator-history.component.html: 26
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault/password-history.component.html: 18
MEDIUM Client_Privacy_Violation /apps/desktop/src/app/tools/password-generator-history.component.html: 15
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/password-history.component.html: 12
MEDIUM Missing_HSTS_Header /apps/cli/src/auth/commands/login.command.ts: 705
MEDIUM SSRF /libs/importer/src/importers/lastpass/access/services/rest-client.ts: 69
MEDIUM SSRF /libs/importer/src/importers/lastpass/access/services/rest-client.ts: 69
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /apps/desktop/src/app/components/avatar.component.ts: 75
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/avatar/avatar.component.ts: 80
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/icon/icon.component.ts: 18
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/icon/icon.component.ts: 18
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/accessibility-cookie.component.html: 18
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: 21
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: 19
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: 15
LOW Client_DOM_Open_Redirect /apps/browser/src/tools/popup/generator/password-generator-history.component.ts: 18
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/account-switching/current-account.component.ts: 31
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: 54
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: 54
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: 62
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: 62
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: 54
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: 54
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: 62
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: 62
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/account-switching/account.component.ts: 25
LOW Client_DOM_Open_Redirect /apps/browser/src/vault/popup/components/vault/password-history.component.ts: 21
LOW Client_DOM_Open_Redirect /apps/browser/src/billing/popup/settings/premium.component.ts: 27
LOW Client_DOM_Open_Redirect /apps/browser/src/vault/popup/components/vault/attachments.component.ts: 32
LOW Client_DOM_Open_Redirect /libs/common/src/auth/iframe-component.ts: 49
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /libs/common/src/auth/webauthn-iframe.ts: 25
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /libs/common/src/auth/webauthn-iframe.ts: 25
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_Hardcoded_Domain /apps/web/src/app/billing/shared/payment.component.ts: 56
LOW Client_Hardcoded_Domain /apps/web/src/app/billing/shared/payment.component.ts: 56
LOW Client_Hardcoded_Domain /apps/web/src/connectors/captcha.ts: 57
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/browser/src/autofill/content/notification-bar.ts: 868
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/browser/src/autofill/overlay/iframe-content/autofill-overlay-iframe.service.ts: 90
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/web/src/connectors/duo.ts: 8
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/web/src/connectors/duo.ts: 8
LOW Client_Weak_Cryptographic_Hash /libs/common/src/platform/services/web-crypto-function.service.ts: 142
LOW Client_Weak_Cryptographic_Hash /apps/desktop/src/proxy/ipc.ts: 24
LOW Missing_CSP_Header /apps/cli/src/auth/commands/login.command.ts: 705
LOW Unprotected_Cookie /apps/web/src/app/auth/two-factor.component.ts: 143
LOW Unprotected_Cookie /apps/web/src/connectors/duo-redirect.ts: 57
LOW Unprotected_Cookie /apps/web/src/connectors/duo-redirect.ts: 112
LOW Unprotected_Cookie /apps/web/src/connectors/sso.ts: 33
LOW Unprotected_Cookie /apps/web/src/app/auth/sso.component.ts: 137
LOW Unsafe_Use_Of_Target_blank /apps/web/src/app/auth/settings/two-factor-recovery.component.ts: 25
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/device-trust-service.factory.ts: 83
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/device-trust-service.factory.ts: 82
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/auth-request-service.factory.ts: 54
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts: 125
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/pin-crypto-service.factory.ts: 47
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/tools/background/service_factories/import-service.factory.ts: 58
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/platform/background/service-factories/key-generation-service.factory.ts: 23
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts: 77
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/auth-service.factory.ts: 51
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts: 70
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/background/service-factories/send-service.factory.ts: 50
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts: 55
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/platform/background/service-factories/crypto-service.factory.ts: 72
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/vault/background/service_factories/cipher-service.factory.ts: 75
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/vault/background/service_factories/collection-service.factory.ts: 37
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/vault/background/service_factories/totp-service.factory.ts: 34
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/cli/src/platform/services/node-env-secure-storage.service.ts: 62
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/cli/src/platform/services/node-env-secure-storage.service.ts: 81
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/cli/src/vault/create.command.ts: 68
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/vault/background/service_factories/folder-service.factory.ts: 42
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/tools/background/service_factories/password-generation-service.factory.ts: 41
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/tools/background/service_factories/password-generation-service.factory.ts: 41
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/platform/background/service-factories/encrypt-service.factory.ts: 34
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/browser/src/background/service-factories/password-generation-service.factory.ts: 41
LOW

More results are available on AST platform

Base automatically changed from ps/use-account-service-for-account-enumeration to main May 3, 2024 18:24
@MGibson1 MGibson1 marked this pull request as ready for review May 3, 2024 18:26
@MGibson1 MGibson1 requested a review from a team as a code owner May 3, 2024 18:26
@MGibson1 MGibson1 requested a review from coroiu May 3, 2024 18:26
@MGibson1 MGibson1 changed the title Ps/remove-session-sync [PM-7917] Remove session sync May 3, 2024
@MGibson1 MGibson1 requested a review from justindbaur May 6, 2024 15:22
justindbaur
justindbaur previously approved these changes May 6, 2024
View reviewed changes
Copy link
Member

@justindbaur justindbaur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a NICE bit of cleanup.

@MGibson1 MGibson1 merged commit de08524 into main May 7, 2024
58 of 60 checks passed
@MGibson1 MGibson1 deleted the ps/remove-session-sync branch May 7, 2024 17:25
djsmith85 added a commit that referenced this pull request May 7, 2024
@djsmith85
Fix test after session-removal with #9024
5d87554
@djsmith85 djsmith85 mentioned this pull request May 7, 2024
Merged
djsmith85 added a commit that referenced this pull request May 7, 2024
@djsmith85
Fix test after session-removal with #9024 (#9076)
7bb3787 
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
MGibson1 added a commit that referenced this pull request May 13, 2024
@MGibson1
[PM-7917] Remove session sync (#9024)
843c497 
* Remove session sync and MemoryStorageService

* Fix merge

(cherry picked from commit de08524)
MGibson1 pushed a commit that referenced this pull request May 13, 2024
@djsmith85 @MGibson1
Fix test after session-removal with #9024 (#9076)
893b139 
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
(cherry picked from commit 7bb3787)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justindbaur justindbaur justindbaur approved these changes

@coroiu coroiu Awaiting requested review from coroiu coroiu is a code owner automatically assigned from bitwarden/team-platform-dev

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MGibson1 @justindbaur