mse#4543 - Add altcha to login form and its feature flag to disable it #52

gdupont · 2025-03-31T14:43:03+02:00

gdupont commented

2025-03-31 14:43:03 +02:00

PR sur hydra-sql-theme : CNOUS/hydra-sql-mse-theme#12 + CNOUS/hydra-sql-mse-theme#13
PR sur sso-kustom : CadolesKube/sso-kustom#72
PR sur kustomization : CNOUS/mse-kustom#377

Pour tester :

builder l'image d'hydra-sql sur son propre harbor (ou utiliser reg.cadoles.com/gdupont/hydra-sql-base:final-test8)
modifier le fichier misc/k8s/kustomization/overlays/dev/patches/hydra-sql-deployment.yaml dans le MSE et ajouter son image
se connecter au MSE et vérifier la présence d'altcha
une alerte doit apparaître si on ne coche pas la case
si on coche la case on doit pouvoir se connecter

ticket lié https://forge.cadoles.com/CNOUS/mse/issues/4543 PR sur hydra-sql-theme : https://forge.cadoles.com/CNOUS/hydra-sql-mse-theme/pulls/12 + https://forge.cadoles.com/CNOUS/hydra-sql-mse-theme/pulls/13 PR sur sso-kustom : https://forge.cadoles.com/CadolesKube/sso-kustom/pulls/72 PR sur kustomization : https://forge.cadoles.com/CNOUS/mse-kustom/pulls/377 Pour tester : - builder l'image d'hydra-sql sur son propre harbor (ou utiliser `reg.cadoles.com/gdupont/hydra-sql-base:final-test8`) - modifier le fichier `misc/k8s/kustomization/overlays/dev/patches/hydra-sql-deployment.yaml` dans le MSE et ajouter son image - se connecter au MSE et vérifier la présence d'altcha - une alerte doit apparaître si on ne coche pas la case - si on coche la case on doit pouvoir se connecter

gdupont added 2 commits 2025-03-31 14:43:04 +02:00

feat(altcha): add altcha and update dependencies

Cadoles/hydra-sql/pipeline/head There was a failure building this commit

Details

1cb5ae6bc3

feat(altcha): add altcha validation layer to login

Cadoles/hydra-sql/pipeline/head This commit is unstable

Details

Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable

Details

3f667eede1

jenkins commented

2025-03-31 14:44:50 +02:00

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

CVE-2024-50345: Open redirect via browser-sanitized URLs

symfony/runtime (v5.4.40)

CVE-2024-50340: Ability to change environment from query

symfony/security-http (v5.4.44)

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-03-31 14:44:55 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	8
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/Controller/FlagController`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* no_empty_statement
* trailing_comma_in_multiline
* no_unused_imports
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/Controller/FlagController`</summary>

**Output**

applied fixers:

ordered_imports```

`src/Flag/FlagAccessor`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Hydra/Client`</summary>

**Output**

applied fixers:

global_namespace_import
trailing_comma_in_multiline
no_unused_imports```

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 8 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/Controller/FlagController` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * no_empty_statement * trailing_comma_in_multiline * no_unused_imports * ordered_imports``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline * ordered_imports``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/Controller/FlagController`</summary> **Output** ``` applied fixers: --------------- * ordered_imports``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * global_namespace_import * trailing_comma_in_multiline * no_unused_imports``` </details>

jenkins commented

2025-03-31 14:45:00 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-03-31 14:45:33 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-03-31 15:29:29 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	2.0.0, 3.0.0, 3.11.2, 3.14.1
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	3.14.1, 2.0.0, 3.0.0, 3.11.2

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.14.1, 2.0.0, 3.0.0, 3.11.2</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-03-31 15:29:51 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-03-31 15:56:08 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	2.0.0, 3.0.0, 3.11.2, 3.14.1
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	3.14.1, 2.0.0, 3.0.0, 3.11.2

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.14.1, 2.0.0, 3.0.0, 3.11.2</td> </tr> </table> <h4>No Misconfigurations found</h4>

gdupont force-pushed 4543-add-altcha-to-login from 3f667eede1 to 9cc4c7ac74

2025-04-02 13:33:02 +02:00

Compare

jenkins commented

2025-04-02 13:37:49 +02:00

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

CVE-2024-50345: Open redirect via browser-sanitized URLs

symfony/runtime (v5.4.40)

CVE-2024-50340: Ability to change environment from query

symfony/security-http (v5.4.44)

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-02 13:37:53 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	8
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/Controller/FlagController`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* no_empty_statement
* trailing_comma_in_multiline
* no_unused_imports
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/Controller/FlagController`</summary>

**Output**

applied fixers:

ordered_imports```

`src/Flag/FlagAccessor`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Hydra/Client`</summary>

**Output**

applied fixers:

global_namespace_import
trailing_comma_in_multiline
no_unused_imports```

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 8 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/Controller/FlagController` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * no_empty_statement * trailing_comma_in_multiline * no_unused_imports * ordered_imports``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline * ordered_imports``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/Controller/FlagController`</summary> **Output** ``` applied fixers: --------------- * ordered_imports``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * global_namespace_import * trailing_comma_in_multiline * no_unused_imports``` </details>

jenkins commented

2025-04-02 13:37:57 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-02 13:38:27 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-02 14:05:45 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	3.0.0, 3.11.2, 3.14.1, 2.0.0
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-02 14:06:08 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-02 14:20:28 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	3.0.0, 3.11.2, 3.14.1, 2.0.0
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>

gdupont force-pushed 4543-add-altcha-to-login from 9cc4c7ac74 to fa987f5d44

2025-04-02 14:32:18 +02:00

Compare

gdupont changed title from ~~WIP: 4543-add-altcha-to-login~~ to Add altcha to login form and its feature flag to disable it

2025-04-02 14:33:04 +02:00

jenkins commented

2025-04-02 14:33:07 +02:00

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

CVE-2024-50345: Open redirect via browser-sanitized URLs

symfony/runtime (v5.4.40)

CVE-2024-50340: Ability to change environment from query

symfony/security-http (v5.4.44)

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-02 14:33:09 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* global_namespace_import
* trailing_comma_in_multiline
* no_unused_imports```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * global_namespace_import * trailing_comma_in_multiline * no_unused_imports``` </details>

jenkins commented

2025-04-02 14:33:13 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-02 14:33:42 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

gdupont force-pushed 4543-add-altcha-to-login from fa987f5d44 to 4de44dcc8f

2025-04-02 14:36:33 +02:00

Compare

jenkins commented

2025-04-02 14:38:16 +02:00

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

CVE-2024-50345: Open redirect via browser-sanitized URLs

symfony/runtime (v5.4.40)

CVE-2024-50340: Ability to change environment from query

symfony/security-http (v5.4.44)

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-02 14:38:20 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-02 14:38:25 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-02 14:39:17 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-02 14:53:48 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1436.4de44dc (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.3.0, 5.4.0, 7.1.8, 7.1.0, 5.1.0, 5.2.0, 5.4.47, 6.3.0, 5.0.0, 6.4.15, 4.4.0, 6.1.0, 6.2.0, 6.4.0
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	5.2.0, 5.3.0, 6.3.0, 7.1.7, 5.0.0, 6.1.0, 6.2.0, 4.0.0, 5.1.0, 5.4.0, 7.1.0, 3.0.0, 5.4.46, 6.4.0, 6.4.14
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	7.1.0, 6.1.0, 6.4.14, 6.2.0, 6.3.0, 6.4.0, 7.1.7, 5.4.0, 5.4.46
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	5.4.0, 6.1.0, 6.4.15, 7.1.8, 5.4.47, 6.2.0, 6.3.0, 6.4.0, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	3.0.0, 3.11.2, 3.14.1, 2.0.0
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	2.0.0, 3.0.0, 3.11.2, 3.14.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1436.4de44dc (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.3.0, 5.4.0, 7.1.8, 7.1.0, 5.1.0, 5.2.0, 5.4.47, 6.3.0, 5.0.0, 6.4.15, 4.4.0, 6.1.0, 6.2.0, 6.4.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.2.0, 5.3.0, 6.3.0, 7.1.7, 5.0.0, 6.1.0, 6.2.0, 4.0.0, 5.1.0, 5.4.0, 7.1.0, 3.0.0, 5.4.46, 6.4.0, 6.4.14</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>7.1.0, 6.1.0, 6.4.14, 6.2.0, 6.3.0, 6.4.0, 7.1.7, 5.4.0, 5.4.46</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>5.4.0, 6.1.0, 6.4.15, 7.1.8, 5.4.47, 6.2.0, 6.3.0, 6.4.0, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-02 14:54:15 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

gdupont force-pushed 4543-add-altcha-to-login from 4de44dcc8f to 934eefa802

2025-04-02 15:04:35 +02:00

Compare

jenkins commented

2025-04-02 15:05:38 +02:00

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

CVE-2024-50345: Open redirect via browser-sanitized URLs

symfony/runtime (v5.4.40)

CVE-2024-50340: Ability to change environment from query

symfony/security-http (v5.4.44)

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-02 15:05:41 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-02 15:05:44 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-02 15:06:10 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-02 15:20:43 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	3.0.0, 3.11.2, 3.14.1, 2.0.0
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-02 15:21:06 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-02 15:34:27 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	3.0.0, 3.11.2, 3.14.1, 2.0.0
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>

gdupont force-pushed 4543-add-altcha-to-login from 934eefa802 to 633e93c129

2025-04-02 16:30:52 +02:00

Compare

jenkins commented

2025-04-02 16:31:34 +02:00

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

CVE-2024-50345: Open redirect via browser-sanitized URLs

symfony/runtime (v5.4.40)

CVE-2024-50340: Ability to change environment from query

symfony/security-http (v5.4.44)

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-02 16:31:36 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-02 16:31:41 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-02 16:32:09 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-02 16:46:18 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1630.633e93c (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	3.0.0, 3.11.2, 3.14.1, 2.0.0
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1630.633e93c (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-02 16:46:46 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-02 17:02:55 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1630.633e93c (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
`twig/twig`	CVE-2024-51754	LOW	v3.14.0	3.0.0, 3.11.2, 3.14.1, 2.0.0
`twig/twig`	CVE-2024-51755	LOW	v3.14.0	3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1630.633e93c (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>

gdupont changed title from ~~Add altcha to login form and its feature flag to disable it~~ to #4543 - Add altcha to login form and its feature flag to disable it

2025-04-07 13:47:56 +02:00

gdupont changed title from ~~#4543 - Add altcha to login form and its feature flag to disable it~~ to mse#4543 - Add altcha to login form and its feature flag to disable it

2025-04-07 13:48:13 +02:00

gdupont force-pushed 4543-add-altcha-to-login from 633e93c129 to d5f275c739

2025-04-09 17:07:46 +02:00

Compare

jenkins commented

2025-04-09 17:13:34 +02:00

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

CVE-2024-50345: Open redirect via browser-sanitized URLs

symfony/runtime (v5.4.40)

CVE-2024-50340: Ability to change environment from query

symfony/security-http (v5.4.44)

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-09 17:13:43 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-09 17:13:51 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-09 17:14:30 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-09 17:43:30 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.9-pr52.1707.d5f275c (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.3.0, 5.0.0, 5.4.47, 6.4.15, 5.2.0, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 4.4.0, 5.1.0, 6.2.0, 7.1.0, 7.1.8
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	4.0.0, 5.2.0, 6.3.0, 5.3.0, 6.1.0, 6.4.0, 7.1.0, 7.1.7, 3.0.0, 5.4.0, 5.4.46, 6.4.14, 5.0.0, 5.1.0, 6.2.0
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 5.4.46, 6.2.0, 6.4.0, 7.1.7, 6.1.0, 6.3.0, 6.4.14, 7.1.0
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	5.4.47, 6.2.0, 7.1.8, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 6.4.15, 7.1.0
`twig/twig`	CVE-2024-51754	MEDIUM	v3.14.0	2.0.0, 3.0.0, 3.11.2, 3.14.1
`twig/twig`	CVE-2024-51755	MEDIUM	v3.14.0	2.0.0, 3.0.0, 3.11.2, 3.14.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.9-pr52.1707.d5f275c (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.3.0, 5.0.0, 5.4.47, 6.4.15, 5.2.0, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 4.4.0, 5.1.0, 6.2.0, 7.1.0, 7.1.8</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>4.0.0, 5.2.0, 6.3.0, 5.3.0, 6.1.0, 6.4.0, 7.1.0, 7.1.7, 3.0.0, 5.4.0, 5.4.46, 6.4.14, 5.0.0, 5.1.0, 6.2.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.2.0, 6.4.0, 7.1.7, 6.1.0, 6.3.0, 6.4.14, 7.1.0</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>5.4.47, 6.2.0, 7.1.8, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>MEDIUM</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>MEDIUM</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-09 17:44:22 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-09 18:08:46 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.9-pr52.1707.d5f275c (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target `app/composer.lock`

Vulnerabilities (6)

Package	ID	Severity	Installed Version	Fixed Version
`symfony/http-client`	CVE-2024-50342	LOW	v5.4.44	5.3.0, 5.0.0, 5.4.47, 6.4.15, 5.2.0, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 4.4.0, 5.1.0, 6.2.0, 7.1.0, 7.1.8
`symfony/http-foundation`	CVE-2024-50345	LOW	v5.4.44	4.0.0, 5.2.0, 6.3.0, 5.3.0, 6.1.0, 6.4.0, 7.1.0, 7.1.7, 3.0.0, 5.4.0, 5.4.46, 6.4.14, 5.0.0, 5.1.0, 6.2.0
`symfony/runtime`	CVE-2024-50340	HIGH	v5.4.40	5.4.0, 5.4.46, 6.2.0, 6.4.0, 7.1.7, 6.1.0, 6.3.0, 6.4.14, 7.1.0
`symfony/security-http`	CVE-2024-51996	HIGH	v5.4.44	5.4.47, 6.2.0, 7.1.8, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 6.4.15, 7.1.0
`twig/twig`	CVE-2024-51754	MEDIUM	v3.14.0	2.0.0, 3.0.0, 3.11.2, 3.14.1
`twig/twig`	CVE-2024-51755	MEDIUM	v3.14.0	2.0.0, 3.0.0, 3.11.2, 3.14.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.9-pr52.1707.d5f275c (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.3.0, 5.0.0, 5.4.47, 6.4.15, 5.2.0, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 4.4.0, 5.1.0, 6.2.0, 7.1.0, 7.1.8</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>4.0.0, 5.2.0, 6.3.0, 5.3.0, 6.1.0, 6.4.0, 7.1.0, 7.1.7, 3.0.0, 5.4.0, 5.4.46, 6.4.14, 5.0.0, 5.1.0, 6.2.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.2.0, 6.4.0, 7.1.7, 6.1.0, 6.3.0, 6.4.14, 7.1.0</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>5.4.47, 6.2.0, 7.1.8, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>MEDIUM</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>MEDIUM</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

gdupont referenced this pull request from CadolesKube/sso-kustom

2025-04-10 11:12:02 +02:00

MSE#4543 add altcha to hydra sql #72

gdupont force-pushed 4543-add-altcha-to-login from d5f275c739 to 3c06f6e09e

2025-04-10 12:56:19 +02:00

Compare

jenkins commented

2025-04-10 13:00:35 +02:00

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-10 13:00:39 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-10 13:00:44 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-10 13:01:13 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-10 13:14:58 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1256.3c06f6e (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1256.3c06f6e (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-10 13:15:20 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-10 13:28:37 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1256.3c06f6e (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1256.3c06f6e (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

gdupont force-pushed 4543-add-altcha-to-login from 3c06f6e09e to c37eb95ef4

2025-04-10 13:42:54 +02:00

Compare

jenkins commented

2025-04-10 13:43:39 +02:00

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-10 13:43:43 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-10 13:43:46 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-10 13:44:13 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-10 13:57:23 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1342.c37eb95 (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1342.c37eb95 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-10 13:57:47 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

gdupont force-pushed 4543-add-altcha-to-login from c37eb95ef4 to f0bebe781c

2025-04-10 13:57:56 +02:00

Compare

jenkins commented

2025-04-10 13:59:26 +02:00

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-10 13:59:28 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-10 13:59:32 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-10 14:00:08 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-10 14:23:48 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1357.f0bebe7 (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1357.f0bebe7 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-10 14:24:11 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

gdupont force-pushed 4543-add-altcha-to-login from f0bebe781c to 0c626ef23c

2025-04-10 14:48:14 +02:00

Compare

jenkins commented

2025-04-10 14:48:27 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1357.f0bebe7 (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1357.f0bebe7 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-10 14:49:06 +02:00

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-10 14:49:09 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-10 14:49:12 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-10 14:49:38 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

gdupont force-pushed 4543-add-altcha-to-login from 0c626ef23c to 49df10a513

2025-04-10 15:04:41 +02:00

Compare

jenkins commented

2025-04-10 15:05:33 +02:00

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-10 15:05:35 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-10 15:05:42 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-10 15:06:06 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-10 15:30:04 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1504.49df10a (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (17)

Package	ID	Severity	Installed Version	Fixed Version
`@babel/helpers`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`@babel/runtime`	CVE-2025-27789	MEDIUM	7.24.1	7.26.10, 8.0.0-alpha.17
`body-parser`	CVE-2024-45590	HIGH	1.20.2	1.20.3
`braces`	CVE-2024-4068	HIGH	3.0.2	3.0.3
`cookie`	CVE-2024-47764	LOW	0.6.0	0.7.0
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6
`express`	CVE-2024-43796	LOW	4.19.2	4.20.0, 5.0.0
`http-proxy-middleware`	CVE-2024-21536	HIGH	2.0.6	2.0.7, 3.0.3
`micromatch`	CVE-2024-4067	MEDIUM	4.0.5	4.0.8
`nanoid`	CVE-2024-55565	MEDIUM	3.3.7	5.0.9, 3.3.8
`path-to-regexp`	CVE-2024-45296	HIGH	0.1.7	1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
`path-to-regexp`	CVE-2024-52798	HIGH	0.1.7	0.1.12
`send`	CVE-2024-43799	LOW	0.18.0	0.19.0
`serve-static`	CVE-2024-43800	LOW	1.15.0	1.16.0, 2.1.0
`webpack`	CVE-2024-43788	MEDIUM	5.91.0	5.94.0
`ws`	CVE-2024-37890	HIGH	8.16.0	5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1504.49df10a (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-10 15:30:26 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

gdupont force-pushed 4543-add-altcha-to-login from 49df10a513 to 42def448d1

2025-04-10 15:38:26 +02:00

Compare

jenkins commented

2025-04-10 15:39:13 +02:00

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-10 15:39:17 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-10 15:39:22 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-10 15:39:50 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

gdupont force-pushed 4543-add-altcha-to-login from 42def448d1 to 12523398f6

2025-04-10 16:01:27 +02:00

Compare

jenkins commented

2025-04-10 16:02:27 +02:00

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.

jenkins commented

2025-04-10 16:02:31 +02:00

Test report

PHP CS Fixer

Overview

State	Total
Passed	0
Skipped	0
Failed	7
Error	0

Total duration: 0s

See details

Status	Name	Class
⨯	`src/Form/LoginType`
⨯	`src/Altcha/AltchaTransformer`
⨯	`src/Altcha/Form/AltchaType`
⨯	`src/Altcha/Form/AltchaModel`
⨯	`src/Altcha/AltchaValidator`
⨯	`src/Flag/FlagAccessor`
⨯	`src/Hydra/Client`

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output**

applied fixers:

no_superfluous_phpdoc_tags
no_empty_phpdoc```

`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output**

applied fixers:

phpdoc_separation```

`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output**

applied fixers:

trailing_comma_in_multiline```

`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>

# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | ⨯ | `src/Form/LoginType` || | ⨯ | `src/Altcha/AltchaTransformer` || | ⨯ | `src/Altcha/Form/AltchaType` || | ⨯ | `src/Altcha/Form/AltchaModel` || | ⨯ | `src/Altcha/AltchaValidator` || | ⨯ | `src/Flag/FlagAccessor` || | ⨯ | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>

jenkins commented

2025-04-10 16:02:36 +02:00

Rapport PHPStan


 [OK] No errors

## Rapport PHPStan ``` [OK] No errors ```

jenkins commented

2025-04-10 16:03:00 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

mlamalle approved these changes 2025-04-10 16:09:58 +02:00

mlamalle merged commit 303b0279f8 into develop

2025-04-10 16:12:22 +02:00

mlamalle referenced this issue from a commit

2025-04-10 16:12:23 +02:00

Merge pull request 'mse#4543 - Add altcha to login form and its feature flag to disable it' (#52) from 4543-add-altcha-to-login into develop

mlamalle deleted branch 4543-add-altcha-to-login

2025-04-10 16:12:24 +02:00

jenkins commented

2025-04-10 16:34:59 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1601.1252339 (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (1)

Package	ID	Severity	Installed Version	Fixed Version
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1601.1252339 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (1)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> </table> <h4>No Misconfigurations found</h4>

jenkins commented

2025-04-10 16:35:21 +02:00

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rien à signaler.

## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```

jenkins commented

2025-04-10 17:02:20 +02:00

Rapport d'analyse de l'image avec Trivy

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1601.1252339 (alpine 3.17.1)`

Vulnerabilities (4)

Package	ID	Severity	Installed Version	Fixed Version
`libcrypto3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`libexpat`	CVE-2024-50602	MEDIUM	2.6.3-r0	2.6.4-r0
`libssl3`	CVE-2024-9143	LOW	3.0.15-r0	3.0.15-r1
`musl-utils`	CVE-2025-26519	UNKNOWN	1.2.3-r5	1.2.3-r6

No Misconfigurations found

Target `Node.js`

Vulnerabilities (1)

Package	ID	Severity	Installed Version	Fixed Version
`cross-spawn`	CVE-2024-21538	HIGH	7.0.3	7.0.5, 6.0.6

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1601.1252339 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (1)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> </table> <h4>No Misconfigurations found</h4>

gdupont referenced this pull request from CadolesKube/sso-kustom

2025-04-15 10:24:04 +02:00

feat(altcha) #4543 bis : remove feature flag endpoint #73

Sign in to join this conversation.

3 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Cadoles/hydra-sql#52

mse#4543 - Add altcha to login form and its feature flag to disable it #52

Symfony Security Check Report

symfony/http-client (v5.4.44)

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

twig/twig (v3.14.0)

Test report

PHP CS Fixer

Overview

Errors

applied fixers:

applied fixers:

applied fixers:

applied fixers:

Rapport PHPStan

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)

Vulnerabilities (4)

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

No Misconfigurations found

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)

Vulnerabilities (4)

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

No Misconfigurations found

Symfony Security Check Report

symfony/http-client (v5.4.44)

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

twig/twig (v3.14.0)

Test report

PHP CS Fixer

Overview

Errors

applied fixers:

applied fixers:

applied fixers:

applied fixers:

Rapport PHPStan

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)

Vulnerabilities (4)

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

No Misconfigurations found

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)

Vulnerabilities (4)

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

No Misconfigurations found

Symfony Security Check Report

symfony/http-client (v5.4.44)

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)`

Target `Node.js`

Target `app/composer.lock`

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)`

Target `Node.js`

Target `app/composer.lock`

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)`

Target `Node.js`

Target `app/composer.lock`

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)`

Target `Node.js`

Target `app/composer.lock`

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1436.4de44dc (alpine 3.17.1)`

Target `Node.js`

Target `app/composer.lock`

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec Hadolint

Target `reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)`

Target `Node.js`

Target `app/composer.lock`

Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec Hadolint

Target `reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)`

Target `Node.js`

Target `app/composer.lock`