From d089a6993ad8b3c9628a28e0c6c49e2f4c70442d Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 8 Dec 2023 06:12:18 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- .rubocop_todo/style/inline_disable_annotation.yml | 1 + doc/api/graphql/getting_started.md | 1 + doc/api/graphql/index.md | 11 ++++++ doc/development/api_graphql_styleguide.md | 1 + .../application_security/dast/checks/1004.1.md | 2 +- doc/user/application_security/dast/checks/113.1.md | 2 +- .../application_security/dast/checks/1336.1.md | 32 ++++++++++++++++ doc/user/application_security/dast/checks/16.1.md | 2 +- doc/user/application_security/dast/checks/16.10.md | 2 +- doc/user/application_security/dast/checks/16.11.md | 40 ++++++++++++++++++++ doc/user/application_security/dast/checks/16.2.md | 2 +- doc/user/application_security/dast/checks/16.3.md | 2 +- doc/user/application_security/dast/checks/16.4.md | 2 +- doc/user/application_security/dast/checks/16.5.md | 2 +- doc/user/application_security/dast/checks/16.6.md | 2 +- doc/user/application_security/dast/checks/16.7.md | 2 +- doc/user/application_security/dast/checks/16.8.md | 2 +- doc/user/application_security/dast/checks/16.9.md | 2 +- doc/user/application_security/dast/checks/200.1.md | 2 +- doc/user/application_security/dast/checks/209.1.md | 2 +- doc/user/application_security/dast/checks/209.2.md | 2 +- doc/user/application_security/dast/checks/22.1.md | 2 +- doc/user/application_security/dast/checks/287.1.md | 2 +- doc/user/application_security/dast/checks/287.2.md | 2 +- doc/user/application_security/dast/checks/319.1.md | 2 +- doc/user/application_security/dast/checks/352.1.md | 2 +- doc/user/application_security/dast/checks/359.1.md | 2 +- doc/user/application_security/dast/checks/359.2.md | 2 +- doc/user/application_security/dast/checks/548.1.md | 2 +- doc/user/application_security/dast/checks/598.1.md | 2 +- doc/user/application_security/dast/checks/598.2.md | 2 +- doc/user/application_security/dast/checks/598.3.md | 2 +- doc/user/application_security/dast/checks/601.1.md | 2 +- doc/user/application_security/dast/checks/611.1.md | 2 +- doc/user/application_security/dast/checks/614.1.md | 2 +- doc/user/application_security/dast/checks/693.1.md | 2 +- doc/user/application_security/dast/checks/74.1.md | 31 +++++++++++++++ doc/user/application_security/dast/checks/78.1.md | 44 ++++++++++++++++++++++ doc/user/application_security/dast/checks/798.1.md | 2 +- .../application_security/dast/checks/798.10.md | 2 +- .../application_security/dast/checks/798.100.md | 2 +- .../application_security/dast/checks/798.101.md | 2 +- .../application_security/dast/checks/798.102.md | 2 +- .../application_security/dast/checks/798.103.md | 2 +- .../application_security/dast/checks/798.104.md | 2 +- .../application_security/dast/checks/798.105.md | 2 +- .../application_security/dast/checks/798.106.md | 2 +- .../application_security/dast/checks/798.107.md | 2 +- .../application_security/dast/checks/798.108.md | 2 +- .../application_security/dast/checks/798.109.md | 2 +- .../application_security/dast/checks/798.11.md | 2 +- .../application_security/dast/checks/798.110.md | 2 +- .../application_security/dast/checks/798.111.md | 2 +- .../application_security/dast/checks/798.112.md | 2 +- .../application_security/dast/checks/798.113.md | 2 +- .../application_security/dast/checks/798.114.md | 2 +- .../application_security/dast/checks/798.115.md | 2 +- .../application_security/dast/checks/798.116.md | 2 +- .../application_security/dast/checks/798.117.md | 2 +- .../application_security/dast/checks/798.118.md | 2 +- .../application_security/dast/checks/798.119.md | 2 +- .../application_security/dast/checks/798.12.md | 2 +- .../application_security/dast/checks/798.120.md | 2 +- .../application_security/dast/checks/798.121.md | 2 +- .../application_security/dast/checks/798.122.md | 2 +- .../application_security/dast/checks/798.123.md | 2 +- .../application_security/dast/checks/798.124.md | 2 +- .../application_security/dast/checks/798.125.md | 2 +- .../application_security/dast/checks/798.126.md | 2 +- .../application_security/dast/checks/798.127.md | 2 +- .../application_security/dast/checks/798.128.md | 2 +- .../application_security/dast/checks/798.13.md | 2 +- .../application_security/dast/checks/798.14.md | 2 +- .../application_security/dast/checks/798.15.md | 2 +- .../application_security/dast/checks/798.16.md | 2 +- .../application_security/dast/checks/798.17.md | 2 +- .../application_security/dast/checks/798.18.md | 2 +- .../application_security/dast/checks/798.19.md | 2 +- doc/user/application_security/dast/checks/798.2.md | 2 +- .../application_security/dast/checks/798.20.md | 2 +- .../application_security/dast/checks/798.21.md | 2 +- .../application_security/dast/checks/798.22.md | 2 +- .../application_security/dast/checks/798.23.md | 2 +- .../application_security/dast/checks/798.24.md | 2 +- .../application_security/dast/checks/798.25.md | 2 +- .../application_security/dast/checks/798.26.md | 2 +- .../application_security/dast/checks/798.27.md | 2 +- .../application_security/dast/checks/798.28.md | 2 +- .../application_security/dast/checks/798.29.md | 2 +- doc/user/application_security/dast/checks/798.3.md | 2 +- .../application_security/dast/checks/798.30.md | 2 +- .../application_security/dast/checks/798.31.md | 2 +- .../application_security/dast/checks/798.32.md | 2 +- .../application_security/dast/checks/798.33.md | 2 +- .../application_security/dast/checks/798.34.md | 2 +- .../application_security/dast/checks/798.35.md | 2 +- .../application_security/dast/checks/798.36.md | 2 +- .../application_security/dast/checks/798.37.md | 2 +- .../application_security/dast/checks/798.38.md | 2 +- .../application_security/dast/checks/798.39.md | 2 +- doc/user/application_security/dast/checks/798.4.md | 2 +- .../application_security/dast/checks/798.40.md | 2 +- .../application_security/dast/checks/798.41.md | 2 +- .../application_security/dast/checks/798.42.md | 2 +- .../application_security/dast/checks/798.43.md | 2 +- .../application_security/dast/checks/798.44.md | 2 +- .../application_security/dast/checks/798.46.md | 2 +- .../application_security/dast/checks/798.47.md | 2 +- .../application_security/dast/checks/798.48.md | 2 +- .../application_security/dast/checks/798.49.md | 2 +- doc/user/application_security/dast/checks/798.5.md | 2 +- .../application_security/dast/checks/798.50.md | 2 +- .../application_security/dast/checks/798.52.md | 2 +- .../application_security/dast/checks/798.53.md | 2 +- .../application_security/dast/checks/798.54.md | 2 +- .../application_security/dast/checks/798.55.md | 2 +- .../application_security/dast/checks/798.56.md | 2 +- .../application_security/dast/checks/798.57.md | 2 +- .../application_security/dast/checks/798.58.md | 2 +- .../application_security/dast/checks/798.59.md | 2 +- doc/user/application_security/dast/checks/798.6.md | 2 +- .../application_security/dast/checks/798.60.md | 2 +- .../application_security/dast/checks/798.61.md | 2 +- .../application_security/dast/checks/798.62.md | 2 +- .../application_security/dast/checks/798.63.md | 2 +- .../application_security/dast/checks/798.64.md | 2 +- .../application_security/dast/checks/798.65.md | 2 +- .../application_security/dast/checks/798.66.md | 2 +- .../application_security/dast/checks/798.67.md | 2 +- .../application_security/dast/checks/798.68.md | 2 +- .../application_security/dast/checks/798.69.md | 2 +- doc/user/application_security/dast/checks/798.7.md | 2 +- .../application_security/dast/checks/798.70.md | 2 +- .../application_security/dast/checks/798.72.md | 2 +- .../application_security/dast/checks/798.74.md | 2 +- .../application_security/dast/checks/798.75.md | 2 +- .../application_security/dast/checks/798.77.md | 2 +- .../application_security/dast/checks/798.78.md | 2 +- doc/user/application_security/dast/checks/798.8.md | 2 +- .../application_security/dast/checks/798.80.md | 2 +- .../application_security/dast/checks/798.81.md | 2 +- .../application_security/dast/checks/798.82.md | 2 +- .../application_security/dast/checks/798.83.md | 2 +- .../application_security/dast/checks/798.84.md | 2 +- .../application_security/dast/checks/798.86.md | 2 +- .../application_security/dast/checks/798.87.md | 2 +- .../application_security/dast/checks/798.88.md | 2 +- .../application_security/dast/checks/798.89.md | 2 +- doc/user/application_security/dast/checks/798.9.md | 2 +- .../application_security/dast/checks/798.90.md | 2 +- .../application_security/dast/checks/798.91.md | 2 +- .../application_security/dast/checks/798.92.md | 2 +- .../application_security/dast/checks/798.93.md | 2 +- .../application_security/dast/checks/798.94.md | 2 +- .../application_security/dast/checks/798.95.md | 2 +- .../application_security/dast/checks/798.96.md | 2 +- .../application_security/dast/checks/798.97.md | 2 +- .../application_security/dast/checks/798.98.md | 2 +- .../application_security/dast/checks/798.99.md | 2 +- doc/user/application_security/dast/checks/829.1.md | 2 +- doc/user/application_security/dast/checks/829.2.md | 2 +- doc/user/application_security/dast/checks/89.1.md | 4 +- doc/user/application_security/dast/checks/917.1.md | 2 +- doc/user/application_security/dast/checks/918.1.md | 33 ++++++++++++++++ doc/user/application_security/dast/checks/94.1.md | 2 +- doc/user/application_security/dast/checks/94.2.md | 2 +- doc/user/application_security/dast/checks/94.3.md | 2 +- doc/user/application_security/dast/checks/94.4.md | 2 +- doc/user/application_security/dast/checks/943.1.md | 2 +- doc/user/application_security/dast/checks/98.1.md | 34 +++++++++++++++++ doc/user/application_security/dast/checks/index.md | 8 +++- doc/user/application_security/dast/proxy-based.md | 5 +++ doc/user/application_security/sast/index.md | 3 +- lib/gitlab/instrumentation/redis_interceptor.rb | 1 - .../instrumentation/redis_interceptor_spec.rb | 1 - workhorse/.tool-versions | 2 +- workhorse/go.mod | 8 ++-- workhorse/go.sum | 16 ++++---- 178 files changed, 416 insertions(+), 178 deletions(-) create mode 100644 doc/user/application_security/dast/checks/1336.1.md create mode 100644 doc/user/application_security/dast/checks/16.11.md create mode 100644 doc/user/application_security/dast/checks/74.1.md create mode 100644 doc/user/application_security/dast/checks/78.1.md create mode 100644 doc/user/application_security/dast/checks/918.1.md create mode 100644 doc/user/application_security/dast/checks/98.1.md diff --git a/.rubocop_todo/style/inline_disable_annotation.yml b/.rubocop_todo/style/inline_disable_annotation.yml index e666571d113..31641ee0dd8 100644 --- a/.rubocop_todo/style/inline_disable_annotation.yml +++ b/.rubocop_todo/style/inline_disable_annotation.yml @@ -2093,6 +2093,7 @@ Style/InlineDisableAnnotation: - 'ee/spec/models/vulnerabilities/read_spec.rb' - 'ee/spec/policies/group_policy_spec.rb' - 'ee/spec/presenters/approval_rule_presenter_spec.rb' + - 'ee/spec/presenters/ee/project_presenter_spec.rb' - 'ee/spec/presenters/ee/projects/import_export/project_export_presenter_spec.rb' - 'ee/spec/presenters/member_presenter_spec.rb' - 'ee/spec/requests/api/conan_project_packages_spec.rb' diff --git a/doc/api/graphql/getting_started.md b/doc/api/graphql/getting_started.md index 2df434cdb06..3c938d0a4fd 100644 --- a/doc/api/graphql/getting_started.md +++ b/doc/api/graphql/getting_started.md @@ -97,6 +97,7 @@ NOTE: In the GitLab GraphQL API, `id` refers to a [Global ID](https://graphql.org/learn/global-object-identification/), which is an object identifier in the format of `"gid://gitlab/Issue/123"`. +For more information, see [Global IDs](index.md#global-ids). [GitLab GraphQL Schema](reference/index.md) outlines which objects and fields are available for clients to query and their corresponding data types. diff --git a/doc/api/graphql/index.md b/doc/api/graphql/index.md index 39484e83811..5ac64708385 100644 --- a/doc/api/graphql/index.md +++ b/doc/api/graphql/index.md @@ -61,6 +61,17 @@ You can work with sample queries that pull data from public projects on GitLab.c The [get started](getting_started.md) page includes different methods to customize GraphQL queries. +### Global IDs + +In the GitLab GraphQL API, an `id` field is nearly always a [Global ID](https://graphql.org/learn/global-object-identification/) +and never a database primary key ID. A Global ID in the GitLab GraphQL API +begins with `"gid://gitlab/"`. For example, `"gid://gitlab/Issue/123"`. + +Global IDs are a convention used for caching and fetching in some client-side libraries. + +GitLab Global IDs are subject to change. If changed, the use of the old Global ID as an argument is deprecated and supported according to the [deprecation and breaking change](#breaking-changes) process. +You should not expect that a cached Global ID will be valid beyond the time of a GitLab GraphQL deprecation cycle. + ## Breaking changes The GitLab GraphQL API is [versionless](https://graphql.org/learn/best-practices/#versioning) and changes to the API are primarily backward-compatible. diff --git a/doc/development/api_graphql_styleguide.md b/doc/development/api_graphql_styleguide.md index e3162edca72..4cee0ac57df 100644 --- a/doc/development/api_graphql_styleguide.md +++ b/doc/development/api_graphql_styleguide.md @@ -190,6 +190,7 @@ See also: - [Exposing Global IDs](#exposing-global-ids). - [Mutation arguments](#object-identifier-arguments). - [Deprecating Global IDs](#deprecate-global-ids). +- [Customer-facing Global ID documentation](../api/graphql/index.md#global-ids). We have a custom scalar type (`Types::GlobalIDType`) which should be used as the type of input and output arguments when the value is a `GlobalID`. The benefits diff --git a/doc/user/application_security/dast/checks/1004.1.md b/doc/user/application_security/dast/checks/1004.1.md index 52d256bfed6..737e9dcfd62 100644 --- a/doc/user/application_security/dast/checks/1004.1.md +++ b/doc/user/application_security/dast/checks/1004.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Sensitive cookie without HttpOnly attribute diff --git a/doc/user/application_security/dast/checks/113.1.md b/doc/user/application_security/dast/checks/113.1.md index 864bb8db5bd..44c3be330f2 100644 --- a/doc/user/application_security/dast/checks/113.1.md +++ b/doc/user/application_security/dast/checks/113.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Improper Neutralization of CRLF Sequences in HTTP Headers diff --git a/doc/user/application_security/dast/checks/1336.1.md b/doc/user/application_security/dast/checks/1336.1.md new file mode 100644 index 00000000000..f5a5d1eac4b --- /dev/null +++ b/doc/user/application_security/dast/checks/1336.1.md @@ -0,0 +1,32 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# Server-Side Template Injection + +## Description + +The application is vulnerable to Server-Side Template Injection (SSTI), which enables attackers to +manipulate templates on the server side. This vulnerability arises when untrusted user input is +directly used in server-side templates without adequate sanitization. Attackers can exploit this +weakness to inject and execute arbitrary code in templates, potentially compromising the +system's integrity and confidentiality. + +## Remediation + +User-controlled data should always have special elements neutralized when used as part of +constructing Expression Language statements. Please consult the documentation for the template +system in use on how properly neutralize user-controlled data. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 1336.1 | false | 1336 | Active | high | + +## Links + +- [CWE](https://cwe.mitre.org/data/definitions/1336.html) +- [Testing for Server-side Template Injection](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server-side_Template_Injection) diff --git a/doc/user/application_security/dast/checks/16.1.md b/doc/user/application_security/dast/checks/16.1.md index 0341774916c..c225e3ce368 100644 --- a/doc/user/application_security/dast/checks/16.1.md +++ b/doc/user/application_security/dast/checks/16.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Missing Content-Type header diff --git a/doc/user/application_security/dast/checks/16.10.md b/doc/user/application_security/dast/checks/16.10.md index bb7ea742527..9d6a7f85e20 100644 --- a/doc/user/application_security/dast/checks/16.10.md +++ b/doc/user/application_security/dast/checks/16.10.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Content-Security-Policy violations diff --git a/doc/user/application_security/dast/checks/16.11.md b/doc/user/application_security/dast/checks/16.11.md new file mode 100644 index 00000000000..6d72e5bf668 --- /dev/null +++ b/doc/user/application_security/dast/checks/16.11.md @@ -0,0 +1,40 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# TRACE HTTP method enabled + +## Description + +The debug TRACE method was found to be enabled on the target web server. This +HTTP method reflects HTTP request data back to the user in a response. In some circumstances +this information may include sensitive data that is applied by intermediary proxies. + +## Remediation + +The TRACE HTTP method is for debugging only and should not be enabled on production +sites. + +For Apache based web servers, ensure the `TraceEnable` directive is either removed or set to +`off`. + +For Microsoft Servers, remove the registry parameter named "EnableTraceMethod" found in the below +registry key: + +- `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters` + +For all other server types, please consult your product's documentation on how to disable the TRACE method. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 16.11 | false | 16 | Active | high | + +## Links + +- [RFC](https://datatracker.ietf.org/doc/html/rfc9110.html#section-9.3.8) +- [CWE](https://cwe.mitre.org/data/definitions/16.html) +- [Apache TraceEnable](https://httpd.apache.org/docs/2.4/mod/core.html#traceenable) diff --git a/doc/user/application_security/dast/checks/16.2.md b/doc/user/application_security/dast/checks/16.2.md index c90040828ba..2051b118009 100644 --- a/doc/user/application_security/dast/checks/16.2.md +++ b/doc/user/application_security/dast/checks/16.2.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Server header exposes version information diff --git a/doc/user/application_security/dast/checks/16.3.md b/doc/user/application_security/dast/checks/16.3.md index b84176fc041..d1799baa517 100644 --- a/doc/user/application_security/dast/checks/16.3.md +++ b/doc/user/application_security/dast/checks/16.3.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # X-Powered-By header exposes version information diff --git a/doc/user/application_security/dast/checks/16.4.md b/doc/user/application_security/dast/checks/16.4.md index 93f464e26db..e6b4ba8627f 100644 --- a/doc/user/application_security/dast/checks/16.4.md +++ b/doc/user/application_security/dast/checks/16.4.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # X-Backend-Server header exposes server information diff --git a/doc/user/application_security/dast/checks/16.5.md b/doc/user/application_security/dast/checks/16.5.md index 522db17a9a4..285cc753523 100644 --- a/doc/user/application_security/dast/checks/16.5.md +++ b/doc/user/application_security/dast/checks/16.5.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # AspNet header exposes version information diff --git a/doc/user/application_security/dast/checks/16.6.md b/doc/user/application_security/dast/checks/16.6.md index 2d68de913c2..c6705b2ec7f 100644 --- a/doc/user/application_security/dast/checks/16.6.md +++ b/doc/user/application_security/dast/checks/16.6.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # AspNetMvc header exposes version information diff --git a/doc/user/application_security/dast/checks/16.7.md b/doc/user/application_security/dast/checks/16.7.md index e170246e01c..d407234d2c2 100644 --- a/doc/user/application_security/dast/checks/16.7.md +++ b/doc/user/application_security/dast/checks/16.7.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Strict-Transport-Security header missing or invalid diff --git a/doc/user/application_security/dast/checks/16.8.md b/doc/user/application_security/dast/checks/16.8.md index e1d168ae6b4..b8faef75de7 100644 --- a/doc/user/application_security/dast/checks/16.8.md +++ b/doc/user/application_security/dast/checks/16.8.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Content-Security-Policy analysis diff --git a/doc/user/application_security/dast/checks/16.9.md b/doc/user/application_security/dast/checks/16.9.md index 75cc7fd2c69..b0ba502b578 100644 --- a/doc/user/application_security/dast/checks/16.9.md +++ b/doc/user/application_security/dast/checks/16.9.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Content-Security-Policy-Report-Only analysis diff --git a/doc/user/application_security/dast/checks/200.1.md b/doc/user/application_security/dast/checks/200.1.md index d0046140875..c7c1e938678 100644 --- a/doc/user/application_security/dast/checks/200.1.md +++ b/doc/user/application_security/dast/checks/200.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of sensitive information to an unauthorized actor (private IP address) diff --git a/doc/user/application_security/dast/checks/209.1.md b/doc/user/application_security/dast/checks/209.1.md index e23477603e6..181595a279e 100644 --- a/doc/user/application_security/dast/checks/209.1.md +++ b/doc/user/application_security/dast/checks/209.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Generation of error message containing sensitive information diff --git a/doc/user/application_security/dast/checks/209.2.md b/doc/user/application_security/dast/checks/209.2.md index c0aaee909dc..9906347f7b9 100644 --- a/doc/user/application_security/dast/checks/209.2.md +++ b/doc/user/application_security/dast/checks/209.2.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Generation of database error message containing sensitive information diff --git a/doc/user/application_security/dast/checks/22.1.md b/doc/user/application_security/dast/checks/22.1.md index c85f2da52d7..60a73b4248b 100644 --- a/doc/user/application_security/dast/checks/22.1.md +++ b/doc/user/application_security/dast/checks/22.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Improper limitation of a pathname to a restricted directory (Path traversal) diff --git a/doc/user/application_security/dast/checks/287.1.md b/doc/user/application_security/dast/checks/287.1.md index 32500ca9493..d3d16d47677 100644 --- a/doc/user/application_security/dast/checks/287.1.md +++ b/doc/user/application_security/dast/checks/287.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Insecure authentication over HTTP (Basic Authentication) diff --git a/doc/user/application_security/dast/checks/287.2.md b/doc/user/application_security/dast/checks/287.2.md index 15bdfb146b8..9da22c66f84 100644 --- a/doc/user/application_security/dast/checks/287.2.md +++ b/doc/user/application_security/dast/checks/287.2.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Insecure authentication over HTTP (Digest Authentication) diff --git a/doc/user/application_security/dast/checks/319.1.md b/doc/user/application_security/dast/checks/319.1.md index a79592aa0ce..6c68344505a 100644 --- a/doc/user/application_security/dast/checks/319.1.md +++ b/doc/user/application_security/dast/checks/319.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Mixed Content diff --git a/doc/user/application_security/dast/checks/352.1.md b/doc/user/application_security/dast/checks/352.1.md index c149a83abad..46e3bb32ebe 100644 --- a/doc/user/application_security/dast/checks/352.1.md +++ b/doc/user/application_security/dast/checks/352.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Absence of anti-CSRF tokens diff --git a/doc/user/application_security/dast/checks/359.1.md b/doc/user/application_security/dast/checks/359.1.md index dfb60c3a053..f7d9069731c 100644 --- a/doc/user/application_security/dast/checks/359.1.md +++ b/doc/user/application_security/dast/checks/359.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of Private Personal Information (PII) to an unauthorized actor (credit card) diff --git a/doc/user/application_security/dast/checks/359.2.md b/doc/user/application_security/dast/checks/359.2.md index 6a2df607abe..d5428718171 100644 --- a/doc/user/application_security/dast/checks/359.2.md +++ b/doc/user/application_security/dast/checks/359.2.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of Private Personal Information (PII) to an unauthorized actor (United States social security number) diff --git a/doc/user/application_security/dast/checks/548.1.md b/doc/user/application_security/dast/checks/548.1.md index 1e2a97b8d38..6cef8ccdb63 100644 --- a/doc/user/application_security/dast/checks/548.1.md +++ b/doc/user/application_security/dast/checks/548.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of information through directory listing diff --git a/doc/user/application_security/dast/checks/598.1.md b/doc/user/application_security/dast/checks/598.1.md index dfef8b791da..21a28705c4e 100644 --- a/doc/user/application_security/dast/checks/598.1.md +++ b/doc/user/application_security/dast/checks/598.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Use of GET request method with sensitive query strings (session ID) diff --git a/doc/user/application_security/dast/checks/598.2.md b/doc/user/application_security/dast/checks/598.2.md index bcee9268723..2b7204b58df 100644 --- a/doc/user/application_security/dast/checks/598.2.md +++ b/doc/user/application_security/dast/checks/598.2.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Use of GET request method with sensitive query strings (password) diff --git a/doc/user/application_security/dast/checks/598.3.md b/doc/user/application_security/dast/checks/598.3.md index 4cae92c17e2..9a2e507af18 100644 --- a/doc/user/application_security/dast/checks/598.3.md +++ b/doc/user/application_security/dast/checks/598.3.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Use of GET request method with sensitive query strings (Authorization header details) diff --git a/doc/user/application_security/dast/checks/601.1.md b/doc/user/application_security/dast/checks/601.1.md index 8bd7cd7b8b0..f9ca304dea8 100644 --- a/doc/user/application_security/dast/checks/601.1.md +++ b/doc/user/application_security/dast/checks/601.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # URL redirection to untrusted site ('open redirect') diff --git a/doc/user/application_security/dast/checks/611.1.md b/doc/user/application_security/dast/checks/611.1.md index e9916cf507d..49ef449f8b0 100644 --- a/doc/user/application_security/dast/checks/611.1.md +++ b/doc/user/application_security/dast/checks/611.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # External XML Entity Injection (XXE) diff --git a/doc/user/application_security/dast/checks/614.1.md b/doc/user/application_security/dast/checks/614.1.md index 983e3d16019..00f51ceea06 100644 --- a/doc/user/application_security/dast/checks/614.1.md +++ b/doc/user/application_security/dast/checks/614.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Sensitive cookie without Secure attribute diff --git a/doc/user/application_security/dast/checks/693.1.md b/doc/user/application_security/dast/checks/693.1.md index 12cb72a5a98..7dc09d3f2d7 100644 --- a/doc/user/application_security/dast/checks/693.1.md +++ b/doc/user/application_security/dast/checks/693.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Missing X-Content-Type-Options: nosniff diff --git a/doc/user/application_security/dast/checks/74.1.md b/doc/user/application_security/dast/checks/74.1.md new file mode 100644 index 00000000000..f7f37f3f1c7 --- /dev/null +++ b/doc/user/application_security/dast/checks/74.1.md @@ -0,0 +1,31 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# XSLT Injection + +## Description + +It is possible to supply an XSL template to a server-side XSLT processor. XSLT processors can +be abused to read or write files, initiate outbound connections, and in some cases execute +arbitrary code. + +## Remediation + +Applications should never accept user-supplied style sheets. XSLT processors are not built to +handle potentially malicious stylesheet files. However, some processors do implement or offer +security features which may be available. Consult the documentation for the XSLT processor +used by the target application for security guidelines and hardening steps. It is recommended +that all XML parsers and processors at the very least disable external entity resolution. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 74.1 | false | 74 | Active | high | + +## Links + +- [CWE](https://cwe.mitre.org/data/definitions/74.html) diff --git a/doc/user/application_security/dast/checks/78.1.md b/doc/user/application_security/dast/checks/78.1.md new file mode 100644 index 00000000000..bcb655f37ae --- /dev/null +++ b/doc/user/application_security/dast/checks/78.1.md @@ -0,0 +1,44 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# OS Command Injection + +## Description + +It is possible to execute arbitrary OS commands on the target application server. +OS Command Injection is a critical vulnerability that can lead to a full system +compromise. + +## Remediation + +User input should never be used in constructing commands or command arguments +to functions which execute OS commands. This includes filenames supplied by +user uploads or downloads. + +Ensure your application does not: + +- Use user-supplied information in the process name to execute. +- Use user-supplied information in an OS command execution function which does +not escape shell meta-characters. +- Use user-supplied information in arguments to OS commands. + +The application should have a hardcoded set of arguments that are to be passed +to OS commands. If file names are being passed to these functions, it is +recommended that a hash of the file name be used instead, or some other unique +identifier. It is strongly recommended that a native library that implements +the same functionality be used instead of using OS system commands due to the +risk of unknown attacks against third party commands. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 78.1 | false | 78 | Active | high | + +## Links + +- [OWASP](https://owasp.org/www-community/attacks/Command_Injection) +- [CWE](https://cwe.mitre.org/data/definitions/78.html) diff --git a/doc/user/application_security/dast/checks/798.1.md b/doc/user/application_security/dast/checks/798.1.md index cf23655e8bb..2697cd1b1ec 100644 --- a/doc/user/application_security/dast/checks/798.1.md +++ b/doc/user/application_security/dast/checks/798.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Adafruit API Key diff --git a/doc/user/application_security/dast/checks/798.10.md b/doc/user/application_security/dast/checks/798.10.md index 30aa9da4cfa..ceee9c28fd1 100644 --- a/doc/user/application_security/dast/checks/798.10.md +++ b/doc/user/application_security/dast/checks/798.10.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Asana Client Secret diff --git a/doc/user/application_security/dast/checks/798.100.md b/doc/user/application_security/dast/checks/798.100.md index 845cb6e4666..2c14dab9f30 100644 --- a/doc/user/application_security/dast/checks/798.100.md +++ b/doc/user/application_security/dast/checks/798.100.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Sendbird Access Token diff --git a/doc/user/application_security/dast/checks/798.101.md b/doc/user/application_security/dast/checks/798.101.md index dc4ee135855..e4c277c1bb5 100644 --- a/doc/user/application_security/dast/checks/798.101.md +++ b/doc/user/application_security/dast/checks/798.101.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token SendGrid API token diff --git a/doc/user/application_security/dast/checks/798.102.md b/doc/user/application_security/dast/checks/798.102.md index 5ba7f8fc48b..303010d4bc5 100644 --- a/doc/user/application_security/dast/checks/798.102.md +++ b/doc/user/application_security/dast/checks/798.102.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Sendinblue API token diff --git a/doc/user/application_security/dast/checks/798.103.md b/doc/user/application_security/dast/checks/798.103.md index c483e3c61d0..0524a50be7b 100644 --- a/doc/user/application_security/dast/checks/798.103.md +++ b/doc/user/application_security/dast/checks/798.103.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Sentry Access Token diff --git a/doc/user/application_security/dast/checks/798.104.md b/doc/user/application_security/dast/checks/798.104.md index 1e129bbb7ec..6e806e8cf6e 100644 --- a/doc/user/application_security/dast/checks/798.104.md +++ b/doc/user/application_security/dast/checks/798.104.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Shippo API token diff --git a/doc/user/application_security/dast/checks/798.105.md b/doc/user/application_security/dast/checks/798.105.md index b821fe50686..162d8533320 100644 --- a/doc/user/application_security/dast/checks/798.105.md +++ b/doc/user/application_security/dast/checks/798.105.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Shopify access token diff --git a/doc/user/application_security/dast/checks/798.106.md b/doc/user/application_security/dast/checks/798.106.md index 1209bf391dc..177803b9196 100644 --- a/doc/user/application_security/dast/checks/798.106.md +++ b/doc/user/application_security/dast/checks/798.106.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Shopify custom access token diff --git a/doc/user/application_security/dast/checks/798.107.md b/doc/user/application_security/dast/checks/798.107.md index 7fde093630a..5241a6e9d09 100644 --- a/doc/user/application_security/dast/checks/798.107.md +++ b/doc/user/application_security/dast/checks/798.107.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Shopify private app access token diff --git a/doc/user/application_security/dast/checks/798.108.md b/doc/user/application_security/dast/checks/798.108.md index e0e00fedc85..c6863ac4757 100644 --- a/doc/user/application_security/dast/checks/798.108.md +++ b/doc/user/application_security/dast/checks/798.108.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Shopify shared secret diff --git a/doc/user/application_security/dast/checks/798.109.md b/doc/user/application_security/dast/checks/798.109.md index 1924d41f1b9..bfb82e6640f 100644 --- a/doc/user/application_security/dast/checks/798.109.md +++ b/doc/user/application_security/dast/checks/798.109.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Slack token diff --git a/doc/user/application_security/dast/checks/798.11.md b/doc/user/application_security/dast/checks/798.11.md index 884e031a6b4..fd54560db79 100644 --- a/doc/user/application_security/dast/checks/798.11.md +++ b/doc/user/application_security/dast/checks/798.11.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Atlassian API token diff --git a/doc/user/application_security/dast/checks/798.110.md b/doc/user/application_security/dast/checks/798.110.md index 1d8fa783ab0..7a68284fae4 100644 --- a/doc/user/application_security/dast/checks/798.110.md +++ b/doc/user/application_security/dast/checks/798.110.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Slack Webhook diff --git a/doc/user/application_security/dast/checks/798.111.md b/doc/user/application_security/dast/checks/798.111.md index 65e327929c1..0804613ee48 100644 --- a/doc/user/application_security/dast/checks/798.111.md +++ b/doc/user/application_security/dast/checks/798.111.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Stripe diff --git a/doc/user/application_security/dast/checks/798.112.md b/doc/user/application_security/dast/checks/798.112.md index d8cb5ee2a14..2570e39357a 100644 --- a/doc/user/application_security/dast/checks/798.112.md +++ b/doc/user/application_security/dast/checks/798.112.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Square Access Token diff --git a/doc/user/application_security/dast/checks/798.113.md b/doc/user/application_security/dast/checks/798.113.md index 07a902db988..c445a9f48b0 100644 --- a/doc/user/application_security/dast/checks/798.113.md +++ b/doc/user/application_security/dast/checks/798.113.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Squarespace Access Token diff --git a/doc/user/application_security/dast/checks/798.114.md b/doc/user/application_security/dast/checks/798.114.md index e01e0200944..7afe862231d 100644 --- a/doc/user/application_security/dast/checks/798.114.md +++ b/doc/user/application_security/dast/checks/798.114.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token SumoLogic Access ID diff --git a/doc/user/application_security/dast/checks/798.115.md b/doc/user/application_security/dast/checks/798.115.md index c32fca8b1f3..dc305c61c30 100644 --- a/doc/user/application_security/dast/checks/798.115.md +++ b/doc/user/application_security/dast/checks/798.115.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token SumoLogic Access Token diff --git a/doc/user/application_security/dast/checks/798.116.md b/doc/user/application_security/dast/checks/798.116.md index 70ecd597ad8..54d97f90b47 100644 --- a/doc/user/application_security/dast/checks/798.116.md +++ b/doc/user/application_security/dast/checks/798.116.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Travis CI Access Token diff --git a/doc/user/application_security/dast/checks/798.117.md b/doc/user/application_security/dast/checks/798.117.md index ac145e33cb6..ff4b1299d32 100644 --- a/doc/user/application_security/dast/checks/798.117.md +++ b/doc/user/application_security/dast/checks/798.117.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Twilio API Key diff --git a/doc/user/application_security/dast/checks/798.118.md b/doc/user/application_security/dast/checks/798.118.md index be589cad76a..dc4121e23ba 100644 --- a/doc/user/application_security/dast/checks/798.118.md +++ b/doc/user/application_security/dast/checks/798.118.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Twitch API token diff --git a/doc/user/application_security/dast/checks/798.119.md b/doc/user/application_security/dast/checks/798.119.md index 4da8a6d9ede..df470195454 100644 --- a/doc/user/application_security/dast/checks/798.119.md +++ b/doc/user/application_security/dast/checks/798.119.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Twitter API Key diff --git a/doc/user/application_security/dast/checks/798.12.md b/doc/user/application_security/dast/checks/798.12.md index 59becd08c2b..8cfe5f1cf2f 100644 --- a/doc/user/application_security/dast/checks/798.12.md +++ b/doc/user/application_security/dast/checks/798.12.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token AWS diff --git a/doc/user/application_security/dast/checks/798.120.md b/doc/user/application_security/dast/checks/798.120.md index 9af5596655c..986af1901a4 100644 --- a/doc/user/application_security/dast/checks/798.120.md +++ b/doc/user/application_security/dast/checks/798.120.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Twitter API Secret diff --git a/doc/user/application_security/dast/checks/798.121.md b/doc/user/application_security/dast/checks/798.121.md index 7b621e59f14..c2301d49bbb 100644 --- a/doc/user/application_security/dast/checks/798.121.md +++ b/doc/user/application_security/dast/checks/798.121.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Twitter Access Token diff --git a/doc/user/application_security/dast/checks/798.122.md b/doc/user/application_security/dast/checks/798.122.md index 7bc1544a781..442c1bd09ba 100644 --- a/doc/user/application_security/dast/checks/798.122.md +++ b/doc/user/application_security/dast/checks/798.122.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Twitter Access Secret diff --git a/doc/user/application_security/dast/checks/798.123.md b/doc/user/application_security/dast/checks/798.123.md index 771a9b4da6e..b21c00fb547 100644 --- a/doc/user/application_security/dast/checks/798.123.md +++ b/doc/user/application_security/dast/checks/798.123.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Twitter Bearer Token diff --git a/doc/user/application_security/dast/checks/798.124.md b/doc/user/application_security/dast/checks/798.124.md index 1335b1d2295..3d1e7875848 100644 --- a/doc/user/application_security/dast/checks/798.124.md +++ b/doc/user/application_security/dast/checks/798.124.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Typeform API token diff --git a/doc/user/application_security/dast/checks/798.125.md b/doc/user/application_security/dast/checks/798.125.md index 9ff59f3b09b..41217655721 100644 --- a/doc/user/application_security/dast/checks/798.125.md +++ b/doc/user/application_security/dast/checks/798.125.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Yandex API Key diff --git a/doc/user/application_security/dast/checks/798.126.md b/doc/user/application_security/dast/checks/798.126.md index f8bfdb98502..bfb48d4e3eb 100644 --- a/doc/user/application_security/dast/checks/798.126.md +++ b/doc/user/application_security/dast/checks/798.126.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Yandex AWS Access Token diff --git a/doc/user/application_security/dast/checks/798.127.md b/doc/user/application_security/dast/checks/798.127.md index 982c5eade9e..8df930ffb07 100644 --- a/doc/user/application_security/dast/checks/798.127.md +++ b/doc/user/application_security/dast/checks/798.127.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Yandex Access Token diff --git a/doc/user/application_security/dast/checks/798.128.md b/doc/user/application_security/dast/checks/798.128.md index 39788d227a0..2bee2604870 100644 --- a/doc/user/application_security/dast/checks/798.128.md +++ b/doc/user/application_security/dast/checks/798.128.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Zendesk Secret Key diff --git a/doc/user/application_security/dast/checks/798.13.md b/doc/user/application_security/dast/checks/798.13.md index a68f851fda6..83e45dedecb 100644 --- a/doc/user/application_security/dast/checks/798.13.md +++ b/doc/user/application_security/dast/checks/798.13.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Bitbucket Client ID diff --git a/doc/user/application_security/dast/checks/798.14.md b/doc/user/application_security/dast/checks/798.14.md index ce52326fced..eb800c510c8 100644 --- a/doc/user/application_security/dast/checks/798.14.md +++ b/doc/user/application_security/dast/checks/798.14.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Bitbucket Client Secret diff --git a/doc/user/application_security/dast/checks/798.15.md b/doc/user/application_security/dast/checks/798.15.md index c31d5fd01aa..f9e01799b63 100644 --- a/doc/user/application_security/dast/checks/798.15.md +++ b/doc/user/application_security/dast/checks/798.15.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Bittrex Access Key diff --git a/doc/user/application_security/dast/checks/798.16.md b/doc/user/application_security/dast/checks/798.16.md index c4f18918d78..92fbb490d12 100644 --- a/doc/user/application_security/dast/checks/798.16.md +++ b/doc/user/application_security/dast/checks/798.16.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Bittrex Secret Key diff --git a/doc/user/application_security/dast/checks/798.17.md b/doc/user/application_security/dast/checks/798.17.md index 67c3ee7ddd9..a020c55d2be 100644 --- a/doc/user/application_security/dast/checks/798.17.md +++ b/doc/user/application_security/dast/checks/798.17.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Beamer API token diff --git a/doc/user/application_security/dast/checks/798.18.md b/doc/user/application_security/dast/checks/798.18.md index 81a47050d57..16b7e384462 100644 --- a/doc/user/application_security/dast/checks/798.18.md +++ b/doc/user/application_security/dast/checks/798.18.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Codecov Access Token diff --git a/doc/user/application_security/dast/checks/798.19.md b/doc/user/application_security/dast/checks/798.19.md index b18a9d0e40c..6ec04f2a011 100644 --- a/doc/user/application_security/dast/checks/798.19.md +++ b/doc/user/application_security/dast/checks/798.19.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Coinbase Access Token diff --git a/doc/user/application_security/dast/checks/798.2.md b/doc/user/application_security/dast/checks/798.2.md index 42a7b5ae932..18fe524cb08 100644 --- a/doc/user/application_security/dast/checks/798.2.md +++ b/doc/user/application_security/dast/checks/798.2.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Adobe Client ID (OAuth Web) diff --git a/doc/user/application_security/dast/checks/798.20.md b/doc/user/application_security/dast/checks/798.20.md index 987c1d5d347..22d750dfdfb 100644 --- a/doc/user/application_security/dast/checks/798.20.md +++ b/doc/user/application_security/dast/checks/798.20.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Clojars API token diff --git a/doc/user/application_security/dast/checks/798.21.md b/doc/user/application_security/dast/checks/798.21.md index cd81e02b3b4..e38a540a253 100644 --- a/doc/user/application_security/dast/checks/798.21.md +++ b/doc/user/application_security/dast/checks/798.21.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Confluent Access Token diff --git a/doc/user/application_security/dast/checks/798.22.md b/doc/user/application_security/dast/checks/798.22.md index 735b48c257a..55d39c47428 100644 --- a/doc/user/application_security/dast/checks/798.22.md +++ b/doc/user/application_security/dast/checks/798.22.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Confluent Secret Key diff --git a/doc/user/application_security/dast/checks/798.23.md b/doc/user/application_security/dast/checks/798.23.md index 8a7f3075ab4..967e41d656d 100644 --- a/doc/user/application_security/dast/checks/798.23.md +++ b/doc/user/application_security/dast/checks/798.23.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Contentful delivery API token diff --git a/doc/user/application_security/dast/checks/798.24.md b/doc/user/application_security/dast/checks/798.24.md index 61a5812c5ce..65db9b1f5d7 100644 --- a/doc/user/application_security/dast/checks/798.24.md +++ b/doc/user/application_security/dast/checks/798.24.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Databricks API token diff --git a/doc/user/application_security/dast/checks/798.25.md b/doc/user/application_security/dast/checks/798.25.md index 6a7bb14bbf5..db7a22c31e2 100644 --- a/doc/user/application_security/dast/checks/798.25.md +++ b/doc/user/application_security/dast/checks/798.25.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Datadog Access Token diff --git a/doc/user/application_security/dast/checks/798.26.md b/doc/user/application_security/dast/checks/798.26.md index 447716e1553..989a9787c04 100644 --- a/doc/user/application_security/dast/checks/798.26.md +++ b/doc/user/application_security/dast/checks/798.26.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Discord API key diff --git a/doc/user/application_security/dast/checks/798.27.md b/doc/user/application_security/dast/checks/798.27.md index c9cc3a84fc6..f17f6bf1c56 100644 --- a/doc/user/application_security/dast/checks/798.27.md +++ b/doc/user/application_security/dast/checks/798.27.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Discord client ID diff --git a/doc/user/application_security/dast/checks/798.28.md b/doc/user/application_security/dast/checks/798.28.md index 57640c4cddb..6d063c39d2b 100644 --- a/doc/user/application_security/dast/checks/798.28.md +++ b/doc/user/application_security/dast/checks/798.28.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Discord client secret diff --git a/doc/user/application_security/dast/checks/798.29.md b/doc/user/application_security/dast/checks/798.29.md index 061e45239f4..5c082b2aac0 100644 --- a/doc/user/application_security/dast/checks/798.29.md +++ b/doc/user/application_security/dast/checks/798.29.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Doppler API token diff --git a/doc/user/application_security/dast/checks/798.3.md b/doc/user/application_security/dast/checks/798.3.md index 0b00b4ed422..e6cfb13d114 100644 --- a/doc/user/application_security/dast/checks/798.3.md +++ b/doc/user/application_security/dast/checks/798.3.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Adobe Client Secret diff --git a/doc/user/application_security/dast/checks/798.30.md b/doc/user/application_security/dast/checks/798.30.md index 940f4fddf2e..618d2cdafdd 100644 --- a/doc/user/application_security/dast/checks/798.30.md +++ b/doc/user/application_security/dast/checks/798.30.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Dropbox API secret diff --git a/doc/user/application_security/dast/checks/798.31.md b/doc/user/application_security/dast/checks/798.31.md index 35da215ca96..d35e9c91f0f 100644 --- a/doc/user/application_security/dast/checks/798.31.md +++ b/doc/user/application_security/dast/checks/798.31.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Dropbox long lived API token diff --git a/doc/user/application_security/dast/checks/798.32.md b/doc/user/application_security/dast/checks/798.32.md index 7fb99704cc5..30e38c36959 100644 --- a/doc/user/application_security/dast/checks/798.32.md +++ b/doc/user/application_security/dast/checks/798.32.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Dropbox short lived API token diff --git a/doc/user/application_security/dast/checks/798.33.md b/doc/user/application_security/dast/checks/798.33.md index 0306521b906..4761ac9d157 100644 --- a/doc/user/application_security/dast/checks/798.33.md +++ b/doc/user/application_security/dast/checks/798.33.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Drone CI Access Token diff --git a/doc/user/application_security/dast/checks/798.34.md b/doc/user/application_security/dast/checks/798.34.md index 31f45b9f8de..5323a026257 100644 --- a/doc/user/application_security/dast/checks/798.34.md +++ b/doc/user/application_security/dast/checks/798.34.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Duffel API token diff --git a/doc/user/application_security/dast/checks/798.35.md b/doc/user/application_security/dast/checks/798.35.md index 1921de9b015..16aa601674e 100644 --- a/doc/user/application_security/dast/checks/798.35.md +++ b/doc/user/application_security/dast/checks/798.35.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Dynatrace API token diff --git a/doc/user/application_security/dast/checks/798.36.md b/doc/user/application_security/dast/checks/798.36.md index 4660aebe537..24827bc66fa 100644 --- a/doc/user/application_security/dast/checks/798.36.md +++ b/doc/user/application_security/dast/checks/798.36.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token EasyPost API token diff --git a/doc/user/application_security/dast/checks/798.37.md b/doc/user/application_security/dast/checks/798.37.md index 3c786661479..4f3ca41e0ea 100644 --- a/doc/user/application_security/dast/checks/798.37.md +++ b/doc/user/application_security/dast/checks/798.37.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token EasyPost test API token diff --git a/doc/user/application_security/dast/checks/798.38.md b/doc/user/application_security/dast/checks/798.38.md index 1274b0251eb..b8a6ea5b237 100644 --- a/doc/user/application_security/dast/checks/798.38.md +++ b/doc/user/application_security/dast/checks/798.38.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Etsy Access Token diff --git a/doc/user/application_security/dast/checks/798.39.md b/doc/user/application_security/dast/checks/798.39.md index 6a00de081a6..1cad4237cfe 100644 --- a/doc/user/application_security/dast/checks/798.39.md +++ b/doc/user/application_security/dast/checks/798.39.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Facebook diff --git a/doc/user/application_security/dast/checks/798.4.md b/doc/user/application_security/dast/checks/798.4.md index 687327113c9..30e0c34c960 100644 --- a/doc/user/application_security/dast/checks/798.4.md +++ b/doc/user/application_security/dast/checks/798.4.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Age secret key diff --git a/doc/user/application_security/dast/checks/798.40.md b/doc/user/application_security/dast/checks/798.40.md index 3cf14dd4a14..7ea8df02055 100644 --- a/doc/user/application_security/dast/checks/798.40.md +++ b/doc/user/application_security/dast/checks/798.40.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Fastly API key diff --git a/doc/user/application_security/dast/checks/798.41.md b/doc/user/application_security/dast/checks/798.41.md index 95e2aaa67eb..8e5eb3e8f43 100644 --- a/doc/user/application_security/dast/checks/798.41.md +++ b/doc/user/application_security/dast/checks/798.41.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Finicity Client Secret diff --git a/doc/user/application_security/dast/checks/798.42.md b/doc/user/application_security/dast/checks/798.42.md index e2eedb3e983..5ff876021ef 100644 --- a/doc/user/application_security/dast/checks/798.42.md +++ b/doc/user/application_security/dast/checks/798.42.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Finicity API token diff --git a/doc/user/application_security/dast/checks/798.43.md b/doc/user/application_security/dast/checks/798.43.md index 99f4c7dd922..44a8e5d44b1 100644 --- a/doc/user/application_security/dast/checks/798.43.md +++ b/doc/user/application_security/dast/checks/798.43.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Flickr Access Token diff --git a/doc/user/application_security/dast/checks/798.44.md b/doc/user/application_security/dast/checks/798.44.md index 9b13005f49c..5cebcb5c93d 100644 --- a/doc/user/application_security/dast/checks/798.44.md +++ b/doc/user/application_security/dast/checks/798.44.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Finnhub Access Token diff --git a/doc/user/application_security/dast/checks/798.46.md b/doc/user/application_security/dast/checks/798.46.md index 9697056af49..c71eacbee34 100644 --- a/doc/user/application_security/dast/checks/798.46.md +++ b/doc/user/application_security/dast/checks/798.46.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Flutterwave Secret Key diff --git a/doc/user/application_security/dast/checks/798.47.md b/doc/user/application_security/dast/checks/798.47.md index c257dc9bf11..24cf3a02121 100644 --- a/doc/user/application_security/dast/checks/798.47.md +++ b/doc/user/application_security/dast/checks/798.47.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Flutterwave Encryption Key diff --git a/doc/user/application_security/dast/checks/798.48.md b/doc/user/application_security/dast/checks/798.48.md index ed7d6f41db4..f8778c2b0ba 100644 --- a/doc/user/application_security/dast/checks/798.48.md +++ b/doc/user/application_security/dast/checks/798.48.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Frame.io API token diff --git a/doc/user/application_security/dast/checks/798.49.md b/doc/user/application_security/dast/checks/798.49.md index 5f3eb52d523..41a3e8ace3d 100644 --- a/doc/user/application_security/dast/checks/798.49.md +++ b/doc/user/application_security/dast/checks/798.49.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token FreshBooks Access Token diff --git a/doc/user/application_security/dast/checks/798.5.md b/doc/user/application_security/dast/checks/798.5.md index 4240b522bb1..03afbecb820 100644 --- a/doc/user/application_security/dast/checks/798.5.md +++ b/doc/user/application_security/dast/checks/798.5.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Airtable API Key diff --git a/doc/user/application_security/dast/checks/798.50.md b/doc/user/application_security/dast/checks/798.50.md index eb04b11f23f..0542a00ff71 100644 --- a/doc/user/application_security/dast/checks/798.50.md +++ b/doc/user/application_security/dast/checks/798.50.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token GoCardless API token diff --git a/doc/user/application_security/dast/checks/798.52.md b/doc/user/application_security/dast/checks/798.52.md index b5a8ac7ac82..78864a51172 100644 --- a/doc/user/application_security/dast/checks/798.52.md +++ b/doc/user/application_security/dast/checks/798.52.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token GitHub Personal Access Token diff --git a/doc/user/application_security/dast/checks/798.53.md b/doc/user/application_security/dast/checks/798.53.md index 37e19a96315..37ef66ec726 100644 --- a/doc/user/application_security/dast/checks/798.53.md +++ b/doc/user/application_security/dast/checks/798.53.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token GitHub OAuth Access Token diff --git a/doc/user/application_security/dast/checks/798.54.md b/doc/user/application_security/dast/checks/798.54.md index ba332ca1bd5..bf8ab699f9d 100644 --- a/doc/user/application_security/dast/checks/798.54.md +++ b/doc/user/application_security/dast/checks/798.54.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token GitHub App Token diff --git a/doc/user/application_security/dast/checks/798.55.md b/doc/user/application_security/dast/checks/798.55.md index c12f5b719ba..0e7528ba008 100644 --- a/doc/user/application_security/dast/checks/798.55.md +++ b/doc/user/application_security/dast/checks/798.55.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token GitHub Refresh Token diff --git a/doc/user/application_security/dast/checks/798.56.md b/doc/user/application_security/dast/checks/798.56.md index 787bc947561..6c9e4bbfd9a 100644 --- a/doc/user/application_security/dast/checks/798.56.md +++ b/doc/user/application_security/dast/checks/798.56.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token GitLab Personal Access Token diff --git a/doc/user/application_security/dast/checks/798.57.md b/doc/user/application_security/dast/checks/798.57.md index 2fade7e2ec3..d0c700c8662 100644 --- a/doc/user/application_security/dast/checks/798.57.md +++ b/doc/user/application_security/dast/checks/798.57.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Gitter Access Token diff --git a/doc/user/application_security/dast/checks/798.58.md b/doc/user/application_security/dast/checks/798.58.md index 50cc509b7da..86396d00ba1 100644 --- a/doc/user/application_security/dast/checks/798.58.md +++ b/doc/user/application_security/dast/checks/798.58.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token HashiCorp Terraform user/org API token diff --git a/doc/user/application_security/dast/checks/798.59.md b/doc/user/application_security/dast/checks/798.59.md index 284f8a0df82..471ece22913 100644 --- a/doc/user/application_security/dast/checks/798.59.md +++ b/doc/user/application_security/dast/checks/798.59.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Heroku API Key diff --git a/doc/user/application_security/dast/checks/798.6.md b/doc/user/application_security/dast/checks/798.6.md index 79caf91addb..cfdfa706c15 100644 --- a/doc/user/application_security/dast/checks/798.6.md +++ b/doc/user/application_security/dast/checks/798.6.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Algolia API Key diff --git a/doc/user/application_security/dast/checks/798.60.md b/doc/user/application_security/dast/checks/798.60.md index ba9a31ac22e..bdfe162e615 100644 --- a/doc/user/application_security/dast/checks/798.60.md +++ b/doc/user/application_security/dast/checks/798.60.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token HubSpot API Token diff --git a/doc/user/application_security/dast/checks/798.61.md b/doc/user/application_security/dast/checks/798.61.md index d7287e66640..c359dd9cc90 100644 --- a/doc/user/application_security/dast/checks/798.61.md +++ b/doc/user/application_security/dast/checks/798.61.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Intercom API Token diff --git a/doc/user/application_security/dast/checks/798.62.md b/doc/user/application_security/dast/checks/798.62.md index 33ae895bd41..0d34ab89508 100644 --- a/doc/user/application_security/dast/checks/798.62.md +++ b/doc/user/application_security/dast/checks/798.62.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Kraken Access Token diff --git a/doc/user/application_security/dast/checks/798.63.md b/doc/user/application_security/dast/checks/798.63.md index 8719cdc3e2b..e065750150d 100644 --- a/doc/user/application_security/dast/checks/798.63.md +++ b/doc/user/application_security/dast/checks/798.63.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Kucoin Access Token diff --git a/doc/user/application_security/dast/checks/798.64.md b/doc/user/application_security/dast/checks/798.64.md index 97c2f7e38bc..12cd11d8d79 100644 --- a/doc/user/application_security/dast/checks/798.64.md +++ b/doc/user/application_security/dast/checks/798.64.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Kucoin Secret Key diff --git a/doc/user/application_security/dast/checks/798.65.md b/doc/user/application_security/dast/checks/798.65.md index aace3be2df7..083bfec3350 100644 --- a/doc/user/application_security/dast/checks/798.65.md +++ b/doc/user/application_security/dast/checks/798.65.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token LaunchDarkly Access Token diff --git a/doc/user/application_security/dast/checks/798.66.md b/doc/user/application_security/dast/checks/798.66.md index 4bbdbf181c8..c83eaba8d29 100644 --- a/doc/user/application_security/dast/checks/798.66.md +++ b/doc/user/application_security/dast/checks/798.66.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Linear API Token diff --git a/doc/user/application_security/dast/checks/798.67.md b/doc/user/application_security/dast/checks/798.67.md index 8f64103c0ea..8b39f42d090 100644 --- a/doc/user/application_security/dast/checks/798.67.md +++ b/doc/user/application_security/dast/checks/798.67.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Linear Client Secret diff --git a/doc/user/application_security/dast/checks/798.68.md b/doc/user/application_security/dast/checks/798.68.md index 59c1c6067dd..54a2e418cd2 100644 --- a/doc/user/application_security/dast/checks/798.68.md +++ b/doc/user/application_security/dast/checks/798.68.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token LinkedIn Client ID diff --git a/doc/user/application_security/dast/checks/798.69.md b/doc/user/application_security/dast/checks/798.69.md index 46c0c82f997..0a341f494fc 100644 --- a/doc/user/application_security/dast/checks/798.69.md +++ b/doc/user/application_security/dast/checks/798.69.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token LinkedIn Client secret diff --git a/doc/user/application_security/dast/checks/798.7.md b/doc/user/application_security/dast/checks/798.7.md index 33cbd9f22a9..2989c68a311 100644 --- a/doc/user/application_security/dast/checks/798.7.md +++ b/doc/user/application_security/dast/checks/798.7.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Alibaba AccessKey ID diff --git a/doc/user/application_security/dast/checks/798.70.md b/doc/user/application_security/dast/checks/798.70.md index 07a345c2173..cfd1660bd7f 100644 --- a/doc/user/application_security/dast/checks/798.70.md +++ b/doc/user/application_security/dast/checks/798.70.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Lob API Key diff --git a/doc/user/application_security/dast/checks/798.72.md b/doc/user/application_security/dast/checks/798.72.md index 0544c0c7079..c89fb2bf8c6 100644 --- a/doc/user/application_security/dast/checks/798.72.md +++ b/doc/user/application_security/dast/checks/798.72.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Mailchimp API key diff --git a/doc/user/application_security/dast/checks/798.74.md b/doc/user/application_security/dast/checks/798.74.md index 0de447fff1e..94d17b2c1be 100644 --- a/doc/user/application_security/dast/checks/798.74.md +++ b/doc/user/application_security/dast/checks/798.74.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Mailgun private API token diff --git a/doc/user/application_security/dast/checks/798.75.md b/doc/user/application_security/dast/checks/798.75.md index 15ee8df124e..e2a764bf826 100644 --- a/doc/user/application_security/dast/checks/798.75.md +++ b/doc/user/application_security/dast/checks/798.75.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Mailgun webhook signing key diff --git a/doc/user/application_security/dast/checks/798.77.md b/doc/user/application_security/dast/checks/798.77.md index 47efba890e6..f79b6645b26 100644 --- a/doc/user/application_security/dast/checks/798.77.md +++ b/doc/user/application_security/dast/checks/798.77.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Mattermost Access Token diff --git a/doc/user/application_security/dast/checks/798.78.md b/doc/user/application_security/dast/checks/798.78.md index 9905508136c..b2c73b54562 100644 --- a/doc/user/application_security/dast/checks/798.78.md +++ b/doc/user/application_security/dast/checks/798.78.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token MessageBird API token diff --git a/doc/user/application_security/dast/checks/798.8.md b/doc/user/application_security/dast/checks/798.8.md index 3c0b0319a03..3b99bae1f4e 100644 --- a/doc/user/application_security/dast/checks/798.8.md +++ b/doc/user/application_security/dast/checks/798.8.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Alibaba Secret Key diff --git a/doc/user/application_security/dast/checks/798.80.md b/doc/user/application_security/dast/checks/798.80.md index abfb6cb8025..9a18a21d5d1 100644 --- a/doc/user/application_security/dast/checks/798.80.md +++ b/doc/user/application_security/dast/checks/798.80.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Netlify Access Token diff --git a/doc/user/application_security/dast/checks/798.81.md b/doc/user/application_security/dast/checks/798.81.md index accdbde0f6a..fef989c0bbf 100644 --- a/doc/user/application_security/dast/checks/798.81.md +++ b/doc/user/application_security/dast/checks/798.81.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token New Relic user API Key diff --git a/doc/user/application_security/dast/checks/798.82.md b/doc/user/application_security/dast/checks/798.82.md index 9d1acb2335a..23ebba1641e 100644 --- a/doc/user/application_security/dast/checks/798.82.md +++ b/doc/user/application_security/dast/checks/798.82.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token New Relic user API ID diff --git a/doc/user/application_security/dast/checks/798.83.md b/doc/user/application_security/dast/checks/798.83.md index 900b96ed210..3f36e78cfda 100644 --- a/doc/user/application_security/dast/checks/798.83.md +++ b/doc/user/application_security/dast/checks/798.83.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token New Relic ingest browser API token diff --git a/doc/user/application_security/dast/checks/798.84.md b/doc/user/application_security/dast/checks/798.84.md index e53a23e1016..69f4c1249b4 100644 --- a/doc/user/application_security/dast/checks/798.84.md +++ b/doc/user/application_security/dast/checks/798.84.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token npm access token diff --git a/doc/user/application_security/dast/checks/798.86.md b/doc/user/application_security/dast/checks/798.86.md index 82581b62391..700ed99ebc5 100644 --- a/doc/user/application_security/dast/checks/798.86.md +++ b/doc/user/application_security/dast/checks/798.86.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Okta Access Token diff --git a/doc/user/application_security/dast/checks/798.87.md b/doc/user/application_security/dast/checks/798.87.md index 1c79c58f096..3fb1fe4a857 100644 --- a/doc/user/application_security/dast/checks/798.87.md +++ b/doc/user/application_security/dast/checks/798.87.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Plaid Client ID diff --git a/doc/user/application_security/dast/checks/798.88.md b/doc/user/application_security/dast/checks/798.88.md index 404704dde21..6d143dce5fa 100644 --- a/doc/user/application_security/dast/checks/798.88.md +++ b/doc/user/application_security/dast/checks/798.88.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Plaid Secret key diff --git a/doc/user/application_security/dast/checks/798.89.md b/doc/user/application_security/dast/checks/798.89.md index 690d1d5b0af..123f2730b30 100644 --- a/doc/user/application_security/dast/checks/798.89.md +++ b/doc/user/application_security/dast/checks/798.89.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Plaid API Token diff --git a/doc/user/application_security/dast/checks/798.9.md b/doc/user/application_security/dast/checks/798.9.md index fd4a2f3cafc..a86f8241bf7 100644 --- a/doc/user/application_security/dast/checks/798.9.md +++ b/doc/user/application_security/dast/checks/798.9.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Asana Client ID diff --git a/doc/user/application_security/dast/checks/798.90.md b/doc/user/application_security/dast/checks/798.90.md index b1d0db82d07..884fca83dd3 100644 --- a/doc/user/application_security/dast/checks/798.90.md +++ b/doc/user/application_security/dast/checks/798.90.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token PlanetScale password diff --git a/doc/user/application_security/dast/checks/798.91.md b/doc/user/application_security/dast/checks/798.91.md index 104731daae9..bfccaf3262d 100644 --- a/doc/user/application_security/dast/checks/798.91.md +++ b/doc/user/application_security/dast/checks/798.91.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token PlanetScale API token diff --git a/doc/user/application_security/dast/checks/798.92.md b/doc/user/application_security/dast/checks/798.92.md index fbd5346d681..ceec84a3fe8 100644 --- a/doc/user/application_security/dast/checks/798.92.md +++ b/doc/user/application_security/dast/checks/798.92.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token PlanetScale OAuth token diff --git a/doc/user/application_security/dast/checks/798.93.md b/doc/user/application_security/dast/checks/798.93.md index 314f9a51dc4..1d67a889d1a 100644 --- a/doc/user/application_security/dast/checks/798.93.md +++ b/doc/user/application_security/dast/checks/798.93.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Postman API token diff --git a/doc/user/application_security/dast/checks/798.94.md b/doc/user/application_security/dast/checks/798.94.md index 29bf93e80d7..aedeabce11c 100644 --- a/doc/user/application_security/dast/checks/798.94.md +++ b/doc/user/application_security/dast/checks/798.94.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Private Key diff --git a/doc/user/application_security/dast/checks/798.95.md b/doc/user/application_security/dast/checks/798.95.md index d583fff0e14..fa34f58a48e 100644 --- a/doc/user/application_security/dast/checks/798.95.md +++ b/doc/user/application_security/dast/checks/798.95.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Pulumi API token diff --git a/doc/user/application_security/dast/checks/798.96.md b/doc/user/application_security/dast/checks/798.96.md index b52230140d7..de93a54ec63 100644 --- a/doc/user/application_security/dast/checks/798.96.md +++ b/doc/user/application_security/dast/checks/798.96.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token PyPI upload token diff --git a/doc/user/application_security/dast/checks/798.97.md b/doc/user/application_security/dast/checks/798.97.md index 37bda02dfe0..711288eba9c 100644 --- a/doc/user/application_security/dast/checks/798.97.md +++ b/doc/user/application_security/dast/checks/798.97.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token RubyGems API token diff --git a/doc/user/application_security/dast/checks/798.98.md b/doc/user/application_security/dast/checks/798.98.md index 8b8fc555a69..08460c09520 100644 --- a/doc/user/application_security/dast/checks/798.98.md +++ b/doc/user/application_security/dast/checks/798.98.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token RapidAPI Access Token diff --git a/doc/user/application_security/dast/checks/798.99.md b/doc/user/application_security/dast/checks/798.99.md index bd5060582b9..b43bf291cc0 100644 --- a/doc/user/application_security/dast/checks/798.99.md +++ b/doc/user/application_security/dast/checks/798.99.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Exposure of confidential secret or token Sendbird Access ID diff --git a/doc/user/application_security/dast/checks/829.1.md b/doc/user/application_security/dast/checks/829.1.md index 9cf12c3fecb..7df250c2047 100644 --- a/doc/user/application_security/dast/checks/829.1.md +++ b/doc/user/application_security/dast/checks/829.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Inclusion of Functionality from Untrusted Control Sphere diff --git a/doc/user/application_security/dast/checks/829.2.md b/doc/user/application_security/dast/checks/829.2.md index edd6383baf3..d9d3e5a6341 100644 --- a/doc/user/application_security/dast/checks/829.2.md +++ b/doc/user/application_security/dast/checks/829.2.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Invalid Sub-Resource Integrity values detected diff --git a/doc/user/application_security/dast/checks/89.1.md b/doc/user/application_security/dast/checks/89.1.md index 231076240cc..688e2c49664 100644 --- a/doc/user/application_security/dast/checks/89.1.md +++ b/doc/user/application_security/dast/checks/89.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # SQL Injection @@ -20,7 +20,7 @@ situations where dynamic queries must be created, never use direct user input, b instead use a map or dictionary of valid values and resolve them using a user-supplied key. For example, some database drivers do not allow parameterized queries for `>` or `<` comparison -operators. In these cases, do not use a user supplied `>` or `<` value, but rather have the user +operators. In these cases, do not use a user-supplied `>` or `<` value, but rather have the user supply a `gt` or `lt` value. The alphabetical values are then used to look up the `>` and `<` values to be used in the construction of the dynamic query. The same goes for other queries where column or table names are required but can not be parameterized. diff --git a/doc/user/application_security/dast/checks/917.1.md b/doc/user/application_security/dast/checks/917.1.md index dd41b5e2e4f..68b9665e393 100644 --- a/doc/user/application_security/dast/checks/917.1.md +++ b/doc/user/application_security/dast/checks/917.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Expression Language Injection diff --git a/doc/user/application_security/dast/checks/918.1.md b/doc/user/application_security/dast/checks/918.1.md new file mode 100644 index 00000000000..88a8a632547 --- /dev/null +++ b/doc/user/application_security/dast/checks/918.1.md @@ -0,0 +1,33 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# Server-Side Request Forgery + +## Description + +The application is susceptible to Server-Side Request Forgery (SSRF), a high-risk vulnerability +that allows attackers to make unauthorized requests to internal and external resources. This +vulnerability arises when user-controlled input is not properly validated or sanitized before +being used in requests to resources, enabling attackers to manipulate these requests for +malicious purposes. + +## Remediation + +Avoid using user-supplied data for constructing requests. If there is a business need for this, +consider an allowlist approach and/or block requests to internal resources using firewall +rules or a robust request library with anti-SSRF support. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 918.1 | false | 918 | Active | high | + +## Links + +- [CWE](https://cwe.mitre.org/data/definitions/918.html) +- [OWASP](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery) +- [Server-Side Request Forgery Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html) diff --git a/doc/user/application_security/dast/checks/94.1.md b/doc/user/application_security/dast/checks/94.1.md index f8a8b32c5dc..ec30b41c5e8 100644 --- a/doc/user/application_security/dast/checks/94.1.md +++ b/doc/user/application_security/dast/checks/94.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Server-side code injection (PHP) diff --git a/doc/user/application_security/dast/checks/94.2.md b/doc/user/application_security/dast/checks/94.2.md index 1c3e5b2993b..d6e7c5f482f 100644 --- a/doc/user/application_security/dast/checks/94.2.md +++ b/doc/user/application_security/dast/checks/94.2.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Server-side code injection (Ruby) diff --git a/doc/user/application_security/dast/checks/94.3.md b/doc/user/application_security/dast/checks/94.3.md index a38b4c02dd0..772cdb1d3ea 100644 --- a/doc/user/application_security/dast/checks/94.3.md +++ b/doc/user/application_security/dast/checks/94.3.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Server-side code injection (Python) diff --git a/doc/user/application_security/dast/checks/94.4.md b/doc/user/application_security/dast/checks/94.4.md index 64d089bb7e7..9dddada84f9 100644 --- a/doc/user/application_security/dast/checks/94.4.md +++ b/doc/user/application_security/dast/checks/94.4.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Server-side code injection (NodeJS) diff --git a/doc/user/application_security/dast/checks/943.1.md b/doc/user/application_security/dast/checks/943.1.md index 7cdefec91c7..debae65669a 100644 --- a/doc/user/application_security/dast/checks/943.1.md +++ b/doc/user/application_security/dast/checks/943.1.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Improper neutralization of special elements in data query logic diff --git a/doc/user/application_security/dast/checks/98.1.md b/doc/user/application_security/dast/checks/98.1.md new file mode 100644 index 00000000000..b30147f7969 --- /dev/null +++ b/doc/user/application_security/dast/checks/98.1.md @@ -0,0 +1,34 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# PHP Remote File Inclusion + +## Description + +The server is vulnerable to PHP Remote File Inclusion (RFI), which enables attackers to load +remote files and have them executed as PHP scripts on the server side. This vulnerability occurs +when untrusted user input is directly used in script inclusion without proper validation. Attackers +can leverage this vulnerability to include and execute arbitrary remote files, potentially +compromising the system's integrity and confidentiality. + +## Remediation + +Avoid using user-controlled data directly in `include` and `require` statements and instead consider +an allow-list approach for dynamically including scripts. + +If possible, also consider setting `allow_url_include=Off` in the server's PHP configuration to +ensure URLs cannot be used in `include` and `require` statements. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 98.1 | false | 98 | Active | high | + +## Links + +- [CWE](https://cwe.mitre.org/data/definitions/98.html) +- [File inclusion Vulnerability - Wikipedia](https://en.wikipedia.org/wiki/File_inclusion_vulnerability) diff --git a/doc/user/application_security/dast/checks/index.md b/doc/user/application_security/dast/checks/index.md index 58a21e608c8..0a4b16aaa1d 100644 --- a/doc/user/application_security/dast/checks/index.md +++ b/doc/user/application_security/dast/checks/index.md @@ -1,7 +1,7 @@ --- stage: Secure group: Dynamic Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # DAST browser-based crawler vulnerability checks **(ULTIMATE)** @@ -168,12 +168,18 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne | ID | Check | Severity | Type | |:---|:------|:---------|:-----| | [113.1](113.1.md) | Improper Neutralization of CRLF Sequences in HTTP Headers | High | Active | +| [1336.1](1336.1.md) | Server-Side Template Injection | High | Active | +| [16.11](16.11.md) | TRACE HTTP method enabled | High | Active | | [22.1](22.1.md) | Improper limitation of a pathname to a restricted directory (Path traversal) | High | Active | | [611.1](611.1.md) | External XML Entity Injection (XXE) | High | Active | +| [74.1](74.1.md) | XSLT Injection | High | Active | +| [78.1](78.1.md) | OS Command Injection | High | Active | | [89.1](89.1.md) | SQL Injection | High | Active | | [917.1](917.1.md) | Expression Language Injection | High | Active | +| [918.1](918.1.md) | Server-Side Request Forgery | High | Active | | [94.1](94.1.md) | Server-side code injection (PHP) | High | Active | | [94.2](94.2.md) | Server-side code injection (Ruby) | High | Active | | [94.3](94.3.md) | Server-side code injection (Python) | High | Active | | [94.4](94.4.md) | Server-side code injection (NodeJS) | High | Active | | [943.1](943.1.md) | Improper neutralization of special elements in data query logic | High | Active | +| [98.1](98.1.md) | PHP Remote File Inclusion | High | Active | diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md index db9f1cd802f..0cc016dfd1b 100644 --- a/doc/user/application_security/dast/proxy-based.md +++ b/doc/user/application_security/dast/proxy-based.md @@ -6,6 +6,11 @@ info: To determine the technical writer assigned to the Stage/Group associated w # DAST proxy-based analyzer **(ULTIMATE ALL)** +WARNING: +Proxy-based DAST is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/430966). +We plan to [remove support for Proxy-based DAST](../../../update/deprecations.md#proxy-based-dast-deprecated). Please migrate to [Browser-based DAST](browser_based.md) +to continue analyzing your projects for security findings via dynamic analysis. + The DAST proxy-based analyzer can be added to your [GitLab CI/CD](../../../ci/index.md) pipeline. This helps you discover vulnerabilities in web applications that do not use JavaScript heavily. For applications that do, see the [DAST browser-based analyzer](browser_based.md). diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 27e4503d287..77fcadd4cea 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -207,7 +207,8 @@ include: A FIPS-compliant image is only available for the Semgrep-based analyzer. -To use SAST in a FIPS-compliant manner, you must [exclude other analyzers from running](analyzers.md#customize-analyzers). +WARNING: +To use SAST in a FIPS-compliant manner, you must [exclude other analyzers from running](analyzers.md#customize-analyzers). If you use a FIPS-enabled image to run Semgrep in [a runner with non-root user](https://docs.gitlab.com/runner/install/kubernetes.html#running-with-non-root-user), you must update the `run_as_user` attribute under `runners.kubernetes.pod_security_context` to use the ID of `gitlab` user [created by the image](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/a5d822401014f400b24450c92df93467d5bbc6fd/Dockerfile.fips#L58), which is `1000`. ## Summary of features per tier diff --git a/lib/gitlab/instrumentation/redis_interceptor.rb b/lib/gitlab/instrumentation/redis_interceptor.rb index 377354f8d07..9c89af6a0dc 100644 --- a/lib/gitlab/instrumentation/redis_interceptor.rb +++ b/lib/gitlab/instrumentation/redis_interceptor.rb @@ -39,7 +39,6 @@ module Gitlab def instrument_reconnection_errors yield rescue ::Redis::BaseConnectionError => ex - instrumentation_class.log_exception(ex) instrumentation_class.instance_count_connection_exception(ex) raise ex diff --git a/spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb b/spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb index e73de608ec8..e9bd0056e5f 100644 --- a/spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb +++ b/spec/lib/gitlab/instrumentation/redis_interceptor_spec.rb @@ -84,7 +84,6 @@ RSpec.describe Gitlab::Instrumentation::RedisInterceptor, :request_store, featur expect(redis._client).to receive(:write).with([:get, 'foobar']).and_raise(::Redis::ConnectionError) end - expect(instrumentation_class).to receive(:log_exception).with(instance_of(Redis::ConnectionError)).and_call_original expect(instrumentation_class).to receive(:instance_count_connection_exception) .with(instance_of(Redis::ConnectionError)).and_call_original diff --git a/workhorse/.tool-versions b/workhorse/.tool-versions index 83d3f70dc6b..3eaf48ee72a 100644 --- a/workhorse/.tool-versions +++ b/workhorse/.tool-versions @@ -1 +1 @@ -golang 1.21.4 +golang 1.21.5 diff --git a/workhorse/go.mod b/workhorse/go.mod index 4093ce6fb49..78c5d013601 100644 --- a/workhorse/go.mod +++ b/workhorse/go.mod @@ -6,10 +6,10 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.2.0 github.com/BurntSushi/toml v1.3.2 github.com/alecthomas/chroma/v2 v2.11.1 - github.com/aws/aws-sdk-go v1.45.20 + github.com/aws/aws-sdk-go v1.48.10 github.com/disintegration/imaging v1.6.2 github.com/getsentry/raven-go v0.2.0 - github.com/golang-jwt/jwt/v5 v5.0.0 + github.com/golang-jwt/jwt/v5 v5.2.0 github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f github.com/gorilla/websocket v1.5.1 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 @@ -25,7 +25,7 @@ require ( gitlab.com/gitlab-org/gitaly/v16 v16.6.1 gitlab.com/gitlab-org/labkit v1.21.0 gocloud.dev v0.34.0 - golang.org/x/image v0.7.0 + golang.org/x/image v0.14.0 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 golang.org/x/net v0.17.0 golang.org/x/oauth2 v0.11.0 @@ -114,7 +114,7 @@ require ( golang.org/x/mod v0.13.0 // indirect golang.org/x/sync v0.4.0 // indirect golang.org/x/sys v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.134.0 // indirect diff --git a/workhorse/go.sum b/workhorse/go.sum index ef107774065..3eaebed3cee 100644 --- a/workhorse/go.sum +++ b/workhorse/go.sum @@ -95,8 +95,8 @@ github.com/alecthomas/chroma/v2 v2.11.1/go.mod h1:4TQu7gdfuPjSh76j78ietmqh9LiurG github.com/alecthomas/repr v0.2.0 h1:HAzS41CIzNW5syS8Mf9UwXhNH1J9aix/BvDRf1Ml2Yk= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aws/aws-sdk-go v1.44.256/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.45.20 h1:U/wLZEwqVB6o2XlcJ7um8kczx+A1X2MgO2y4wdKDQTs= -github.com/aws/aws-sdk-go v1.45.20/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.48.10 h1:0LIFG3wp2Dt6PsxKWCg1Y1xRrn2vZnW5/gWdgaBalKg= +github.com/aws/aws-sdk-go v1.48.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.20.0 h1:INUDpYLt4oiPOJl0XwZDK2OVAVf0Rzo+MGVTv9f+gy8= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.11 h1:/MS8AzqYNAhhRNalOmxUvYs8VEbNGifTnzhPFdcRQkQ= github.com/aws/aws-sdk-go-v2/config v1.18.32 h1:tqEOvkbTxwEV7hToRcJ1xZRjcATqwDVsWbAscgRKyNI= @@ -187,8 +187,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= -github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= +github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f h1:16RtHeWGkJMc80Etb8RPCcKevXGldr57+LOyZt8zOlg= github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f/go.mod h1:ijRvpgDJDI262hYq/IQVYgf8hd8IHUs93Ol0kvMBAx4= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -501,8 +501,8 @@ golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a/go.mod h1:AbB0pIl golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.7.0 h1:gzS29xtG1J5ybQlv0PuyfE3nmc6R4qB73m6LUUmvFuw= -golang.org/x/image v0.7.0/go.mod h1:nd/q4ef1AKKYl/4kft7g+6UyGbdiqWqTP1ZAbRoV7Rg= +golang.org/x/image v0.14.0 h1:tNgSxAFe3jC4uYqvZdTr84SZoM1KfwdC9SKIFrLjFn4= +golang.org/x/image v0.14.0/go.mod h1:HUYqC05R2ZcZ3ejNQsIHQDQiwWM4JBqmm6MKANTp4LE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -695,8 +695,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20170424234030-8be79e1e0910/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -- cgit v1.2.3