Skip to content

Updated new branch #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cx-riyaj-shaikh wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Updated new branch #130

cx-riyaj-shaikh wants to merge 12 commits into from

Conversation

@cx-riyaj-shaikh
Copy link
Contributor

@cx-riyaj-shaikh cx-riyaj-shaikh commented Nov 17, 2025

Merge -Update vulnerabilities- PLUG-2718
- ScA Folder Exclusion PLUG-2656
- The retry mechanism for 403- PLUG-2709

@cx-riyaj-shaikh
PLUG-2656 | Added folder exclusion logic in zipper.ts for performance…
2be65cf 
… optimization

- Added logic to skip walking into large directories during file zipping
- Filters directories using include/exclude rules before traversal
- Verified locally using run-task.cmd
- Log confirms: "Prune directory (skip walking into): over100kfilesFolder"
- Improves performance for repositories with 100k+ files
@cx-riyaj-shaikh
fix: update vulnerable dependencies
6414d1e 
Upgraded pac-resolver, degenerator, braces, and related packages to resolve reported security vulnerabilities.
@cx-riyaj-shaikh
Fix vulnerabilities by upgrading xml2js and tmp
b056652 
Fix vulnerabilities by upgrading xml2js and tmp
@cx-riyaj-shaikh
Use consistent log terminology for skipped directories
328e831 
Use consistent log terminology for skipped directories
@cx-riyaj-shaikh
Update zipper.ts to handle dot and symbolic link directories
c65697b 
- Skipped '.' and '..' directories to avoid recursion.
- Skipped symbolic link directories using fs.lstatSync()
@cx-riyaj-shaikh
Fix logger call
f577c73
@cx-riyaj-shaikh
Add retry mechanism for 403 (token expired) during SCA upload flow (f…
867f237 
…ix for PLUG-2709)

This change enhances the HttpClient so that the Azure DevOps plugin can automatically retry SCA upload requests when the server returns 403 Forbidden due to an expired/invalid token.
@cx-riyaj-shaikh
Merge pull request #128 from checkmarx-ltd/vulnerability-fix-cx-commo…
9867f76 
…n-js-client

fix: update vulnerable dependencies
@cx-riyaj-shaikh
Merge pull request #127 from checkmarx-ltd/PLUG-2656-folder-exclusion
899097e 
PLUG-2656 | Added folder exclusion logic in zipper.ts for performance…
@cx-riyaj-shaikh
Merge pull request #129 from checkmarx-ltd/PLUG-2709-sca-403-retry
593234f 
Add retry mechanism for 403 (token expired) during SCA upload flow (fix for PLUG-2709)
@cx-andre-macedo
Copy link

cx-andre-macedo commented Nov 17, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details57f493dc-9c73-4c43-9562-3f4e09cc9183

New Issues (4)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CVE-2025-54798 Npm-tmp-0.1.0
detailsRecommended version: 0.2.4
Description: tmp is a temporary file and directory creator for node.js. In versions prior to 0.2.4, tmp is vulnerable to an arbitrary temporary file "/" directo...
Attack Vector: NETWORK
Attack Complexity: LOW
Exploitable Path: [email protected]/clients/cxClient.ts - ... - tmpNameSync@/package/lib/tmp.js

ID: 8siwnQ5XQ5v61U3x0ZL5QFU7yt6mt7L%2F%2F%2B%2FsXBOSsag%3D
Vulnerable Package
LOW CVE-2025-59436 Npm-ip-1.1.9
detailsDescription: The ip (aka node-ip) package might allow Server-Side Request Forgery (SSRF) because the IP address value '017700000001' is improperly categorized a...
Attack Vector: LOCAL
Attack Complexity: HIGH

ID: jH7AwUGNtC2jEYrrQ15SuKRSSpVVT0%2Bie72hZTZS8iU%3D
Vulnerable Package
LOW CVE-2025-59437 Npm-ip-1.1.9
detailsDescription: The ip (aka node-ip) package (in NPM) might allow Server-Side Request Forgery (SSRF) because the IP address value "0" is improperly categorized as ...
Attack Vector: LOCAL
Attack Complexity: HIGH

ID: QVP7xlN9OWonrWwPoNSNK4PrImo5mAlvZtMY4HZhzEI%3D
Vulnerable Package
LOW Unpinned Actions Full Length Commit SHA /release-drafter.yml: 14
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
ID: bu37qJ74U6SV5yg4ri4cNYDUKTc%3D
Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
CRITICAL CVE-2023-42282 Npm-ip-1.1.9
LOW CVE-2025-5889 Npm-brace-expansion-1.1.11

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 17, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
B Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@cx-riyaj-shaikh cx-riyaj-shaikh changed the title 2025 q4 integration branch Updated new branch Nov 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cx-riyaj-shaikh @cx-andre-macedo