From 5d89e0801e2296e9bfeb41e267a4c312cb46a545 Mon Sep 17 00:00:00 2001 From: DashlordBetaGouvBot Date: Sun, 13 Nov 2022 15:32:37 +0000 Subject: [PATCH] update: https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr --- .../http.json | 2 +- ...ldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mci8=.html | 2 +- .../lhr.json | 2314 ++++++++--------- .../nmapvuln.gnmap | 4 +- .../nmapvuln.html | 16 +- .../nmapvuln.nmap | 160 +- .../nmapvuln.xml | 15 +- .../testssl.csv | 14 +- .../testssl.html | 20 +- .../testssl.json | 16 +- .../thirdparties.json | 20 +- .../zap.html | 82 +- .../zap.json | 94 +- 13 files changed, 1274 insertions(+), 1485 deletions(-) diff --git a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/http.json b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/http.json index 245d33ade6b..f5fce7b088a 100644 --- a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/http.json +++ b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/http.json @@ -1 +1 @@ -{"url":"https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr","algorithm_version":2,"end_time":"Sun, 06 Nov 2022 13:44:05 GMT","grade":"B","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Connection":"keep-alive","Content-Encoding":"gzip","Content-Type":"text/html","Date":"Sun, 06 Nov 2022 13:44:04 GMT","Strict-Transport-Security":"max-age=31536000","Transfer-Encoding":"chunked","X-Request-ID":"0c3f6388-e320-406c-bd70-4457be25ce52","content-security-policy":"default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-Iiu5TBoXcb1T7le4WzRf1w=='; style-src 'self' *.crisp.chat 'unsafe-inline'","etag":"W/\"1qgccq9\"","link":"<./_app/immutable/assets/_layout-c7ab58fb.css>; rel=\"preload\";as=\"style\";nonce=\"Iiu5TBoXcb1T7le4WzRf1w==\"; nopush, <./_app/immutable/assets/LayerCDB-b5305bde.css>; rel=\"preload\";as=\"style\";nonce=\"Iiu5TBoXcb1T7le4WzRf1w==\"; nopush, <./_app/immutable/assets/Select-f845fd1b.css>; rel=\"preload\";as=\"style\";nonce=\"Iiu5TBoXcb1T7le4WzRf1w==\"; nopush, <./_app/immutable/start-5303cf5f.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-a5a5e432.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/singletons-f8cb6e56.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-157a85c1.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/preload-helper-aa6bc0ce.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/control-03134885.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/env-public-6aa99648.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/components/pages/_layout.svelte-85afa0c1.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/matomo-474420b0.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/stores-1f5d717d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/openComponent-4cdf917a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/auth-c5f53aee.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/apiUrl-26435ea0.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/object-75625798.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-2162ba9d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8fd82cc3.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/date-8042377a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8049b269.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/createClient-ef70c0ba.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/ab6c3355-28ee801d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/urql-svelte-66b0b56a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/IconButton-88c5e3e5.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/helpers-3a71b442.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-509314ae.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/components/pages/_page.svelte-638b7d5d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Footer-7370ceff.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Select.svelte_svelte_type_style_lang-49392798.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8db6fd50.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Button-e6949af9.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Link-489f1752.js>; rel=\"modulepreload\"; nopush","x-sveltekit-page":"true"},"scan_id":30693867,"score":75,"start_time":"Sun, 06 Nov 2022 13:44:02 GMT","state":"FINISHED","status_code":200,"tests_failed":2,"tests_passed":10,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"connect-src":["'self'","client.relay.crisp.chat","localhost:*","*.fabrique.social.gouv.fr","wss:","https:"],"default-src":["*.crisp.chat","'self'","*.fabrique.social.gouv.fr"],"font-src":["*.crisp.chat","blob:","'self'","data:"],"img-src":["*.crisp.chat","'self'","data:","*.fabrique.social.gouv.fr"],"script-src":["*.crisp.chat","'nonce-iiu5tboxcb1t7le4wzrf1w=='","'self'","*.fabrique.social.gouv.fr"],"style-src":["*.crisp.chat","'self'","'unsafe-inline'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":false,"defaultNone":false,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/","redirects":true,"route":["http://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/","https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000","includeSubDomains":false,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":null},"pass":false,"result":"x-content-type-options-not-implemented","score_description":"X-Content-Type-Options header not implemented","score_modifier":-5},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":null},"pass":false,"result":"x-frame-options-not-implemented","score_description":"X-Frame-Options (XFO) header not implemented","score_modifier":-20},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}} \ No newline at end of file +{"url":"https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr","algorithm_version":2,"end_time":"Sun, 13 Nov 2022 15:18:47 GMT","grade":"B","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Connection":"keep-alive","Content-Encoding":"gzip","Content-Type":"text/html","Date":"Sun, 13 Nov 2022 15:18:46 GMT","Strict-Transport-Security":"max-age=31536000","Transfer-Encoding":"chunked","X-Request-ID":"1ebf0398-c178-4b00-92ca-1861854b54ee","content-security-policy":"default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-/3+3OiaV2ViMMFtpKiBehw=='; style-src 'self' *.crisp.chat 'unsafe-inline'","etag":"W/\"d89jlk\"","link":"<./_app/immutable/assets/_layout-2b8e1e37.css>; rel=\"preload\";as=\"style\";nonce=\"/3+3OiaV2ViMMFtpKiBehw==\"; nopush, <./_app/immutable/assets/LayerCDB-b5305bde.css>; rel=\"preload\";as=\"style\";nonce=\"/3+3OiaV2ViMMFtpKiBehw==\"; nopush, <./_app/immutable/assets/Select-f845fd1b.css>; rel=\"preload\";as=\"style\";nonce=\"/3+3OiaV2ViMMFtpKiBehw==\"; nopush, <./_app/immutable/start-f567272e.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-a5a5e432.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/singletons-6d435ce3.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-157a85c1.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/preload-helper-aa6bc0ce.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/control-03134885.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/env-public-6aa99648.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/components/pages/_layout.svelte-57929c88.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/matomo-474420b0.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/stores-f4072e52.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/openComponent-4cdf917a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/auth-c5f53aee.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/apiUrl-26435ea0.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/object-75625798.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-2162ba9d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8fd82cc3.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/date-8042377a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8049b269.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/createClient-ef70c0ba.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/ab6c3355-28ee801d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/urql-svelte-66b0b56a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/IconButton-88c5e3e5.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/helpers-3a71b442.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-509314ae.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/components/pages/_page.svelte-3081c9ff.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Footer-d5e2b7ea.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Select.svelte_svelte_type_style_lang-fcc8ff29.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8db6fd50.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Button-e6949af9.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Link-0455e819.js>; rel=\"modulepreload\"; nopush","x-sveltekit-page":"true"},"scan_id":30873972,"score":75,"start_time":"Sun, 13 Nov 2022 15:18:43 GMT","state":"FINISHED","status_code":200,"tests_failed":2,"tests_passed":10,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"connect-src":["https:","client.relay.crisp.chat","*.fabrique.social.gouv.fr","localhost:*","wss:","'self'"],"default-src":["*.crisp.chat","'self'","*.fabrique.social.gouv.fr"],"font-src":["data:","*.crisp.chat","'self'","blob:"],"img-src":["data:","*.crisp.chat","'self'","*.fabrique.social.gouv.fr"],"script-src":["*.crisp.chat","'nonce-/3+3oiav2vimmftpkibehw=='","'self'","*.fabrique.social.gouv.fr"],"style-src":["*.crisp.chat","'self'","'unsafe-inline'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":false,"defaultNone":false,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/","redirects":true,"route":["http://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/","https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000","includeSubDomains":false,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":null},"pass":false,"result":"x-content-type-options-not-implemented","score_description":"X-Content-Type-Options header not implemented","score_modifier":-5},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":null},"pass":false,"result":"x-frame-options-not-implemented","score_description":"X-Frame-Options (XFO) header not implemented","score_modifier":-20},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}} \ No newline at end of file diff --git a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/lhr-aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mci8=.html b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/lhr-aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mci8=.html index 7bc29f4b37d..fae83e64e53 100644 --- a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/lhr-aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mci8=.html +++ b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/lhr-aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mci8=.html @@ -28,7 +28,7 @@
- + - - + - + diff --git a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.csv b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.csv index 8a29d7fb2aa..08df81044fc 100644 --- a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.csv +++ b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.csv @@ -29,7 +29,7 @@ "TLS_session_ticket","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","valid for 300 seconds only (= 30 days","","" +"cert_expirationStatus","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","64 >= 30 days","","" "cert_notBefore","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","2022-10-19 14:22","","" "cert_notAfter","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","2023-01-17 14:22","","" "cert_extlifeSpan","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","certificate has no extended life time according to browser forum","","" @@ -78,7 +78,7 @@ "intermediate_cert_badOCSP","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","intermediate certificate(s) is/are ok","","" "HTTP_status_code","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","200 OK ('/')","","" "HTTP_clock_skew","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","0 seconds from localtime","","" -"HTTP_headerTime","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","1667742370","","" +"HTTP_headerTime","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","1668352849","","" "HSTS_time","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","365 days (=31536000 seconds) > 15552000 seconds","","" "HSTS_subdomains","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","only for this domain","","" "HSTS_preload","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","domain is NOT marked for preloading","","" @@ -86,7 +86,7 @@ "banner_server","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","No Server banner line in header, interesting!","","" "banner_application","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","No application banner found","","" "cookie_count","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","0 at '/'","","" -"Content-Security-Policy","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-/fgbqvuyla5KF+3/6xWgpg=='; style-src 'self' *.crisp.chat 'unsafe-inline'","","" +"Content-Security-Policy","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-W2YSbOSzedjQM1bU4iwkng=='; style-src 'self' *.crisp.chat 'unsafe-inline'","","" "banner_reverseproxy","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","INFO","--","","CWE-200" "heartbleed","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119" "CCS","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30","443","OK","not vulnerable","CVE-2014-0224","CWE-310" @@ -203,7 +203,7 @@ "cert_trust","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","Ok via SAN and CN (SNI mandatory)","","" "cert_chain_of_trust","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","passed.","","" "cert_certificatePolicies_EV","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","no","","" -"cert_expirationStatus","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","72 >= 30 days","","" +"cert_expirationStatus","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","64 >= 30 days","","" "cert_notBefore","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","2022-10-19 14:22","","" "cert_notAfter","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","2023-01-17 14:22","","" "cert_extlifeSpan","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","certificate has no extended life time according to browser forum","","" @@ -232,7 +232,7 @@ "intermediate_cert_badOCSP","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","intermediate certificate(s) is/are ok","","" "HTTP_status_code","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","200 OK ('/')","","" "HTTP_clock_skew","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","0 seconds from localtime","","" -"HTTP_headerTime","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","1667742461","","" +"HTTP_headerTime","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","1668352938","","" "HSTS_time","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","365 days (=31536000 seconds) > 15552000 seconds","","" "HSTS_subdomains","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","only for this domain","","" "HSTS_preload","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","domain is NOT marked for preloading","","" @@ -240,7 +240,7 @@ "banner_server","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","No Server banner line in header, interesting!","","" "banner_application","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","No application banner found","","" "cookie_count","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","0 at '/'","","" -"Content-Security-Policy","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-xRycK3CR7Xa71oHdsY6veQ=='; style-src 'self' *.crisp.chat 'unsafe-inline'","","" +"Content-Security-Policy","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-yBsss6pYlbBiU1hiXYdOHw=='; style-src 'self' *.crisp.chat 'unsafe-inline'","","" "banner_reverseproxy","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","INFO","--","","CWE-200" "heartbleed","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119" "CCS","carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90","443","OK","not vulnerable","CVE-2014-0224","CWE-310" diff --git a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.html b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.html index 50fbec75d1c..336dcbd9253 100644 --- a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.html +++ b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.html @@ -21,13 +21,13 @@ ########################################################### Using "OpenSSL 1.0.2-bad (1.0.2k-dev)" [~183 ciphers] - on fv-az47-358:/home/testssl/bin/openssl.Linux.x86_64 + on fv-az304-21:/home/testssl/bin/openssl.Linux.x86_64 (built: "Sep 1 14:03:44 2022", platform: "linux-x86_64") Testing all IPv4 addresses (port 443): 5.104.101.30 109.232.236.90 ----------------------------------------------------- - Start 2022-11-06 13:45:19 -->> 5.104.101.30:443 (carnet-de-bord-preprod.dev.fabrique.social.gouv.fr) <<-- + Start 2022-11-13 15:19:59 -->> 5.104.101.30:443 (carnet-de-bord-preprod.dev.fabrique.social.gouv.fr) <<-- Further IP addresses: 109.232.236.90 rDNS (5.104.101.30): ows-5-104-101-30.eu-west-2.compute.outscale.com. @@ -97,7 +97,7 @@ "extended master secret/#23" Session Ticket RFC 5077 hint 300 seconds, session tickets keys seems to be rotated < daily SSL Session ID support yes - Session Resumption Tickets no, ID: no + Session Resumption Tickets no, ID: yes TLS clock skew Random values, no fingerprinting possible Certificate Compression none Client Authentication none @@ -113,7 +113,7 @@ Trust (hostname) Ok via SAN and CN (SNI mandatory) Chain of trust Ok EV cert (experimental) no - Certificate Validity (UTC) 72 >= 30 days (2022-10-19 14:22 --> 2023-01-17 14:22) + Certificate Validity (UTC) 64 >= 30 days (2022-10-19 14:22 --> 2023-01-17 14:22) ETS/"eTLS", visibility info not present Certificate Revocation List -- OCSP URI http://r3.o.lencr.org @@ -145,7 +145,7 @@ blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr - *.crisp.chat 'nonce-/fgbqvuyla5KF+3/6xWgpg=='; + *.crisp.chat 'nonce-W2YSbOSzedjQM1bU4iwkng=='; style-src 'self' *.crisp.chat 'unsafe-inline' Reverse Proxy banner -- @@ -226,10 +226,10 @@ Final Score 81 Overall Grade A+ - Done 2022-11-06 13:46:51 [ 94s] -->> 5.104.101.30:443 (carnet-de-bord-preprod.dev.fabrique.social.gouv.fr) <<-- + Done 2022-11-13 15:21:29 [ 91s] -->> 5.104.101.30:443 (carnet-de-bord-preprod.dev.fabrique.social.gouv.fr) <<-- ----------------------------------------------------- - Start 2022-11-06 13:46:52 -->> 109.232.236.90:443 (carnet-de-bord-preprod.dev.fabrique.social.gouv.fr) <<-- + Start 2022-11-13 15:21:30 -->> 109.232.236.90:443 (carnet-de-bord-preprod.dev.fabrique.social.gouv.fr) <<-- Further IP addresses: 5.104.101.30 rDNS (109.232.236.90): ows-109-232-236-90.eu-west-2.compute.outscale.com. @@ -315,7 +315,7 @@ Trust (hostname) Ok via SAN and CN (SNI mandatory) Chain of trust Ok EV cert (experimental) no - Certificate Validity (UTC) 72 >= 30 days (2022-10-19 14:22 --> 2023-01-17 14:22) + Certificate Validity (UTC) 64 >= 30 days (2022-10-19 14:22 --> 2023-01-17 14:22) ETS/"eTLS", visibility info not present Certificate Revocation List -- OCSP URI http://r3.o.lencr.org @@ -347,7 +347,7 @@ blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr - *.crisp.chat 'nonce-xRycK3CR7Xa71oHdsY6veQ=='; + *.crisp.chat 'nonce-yBsss6pYlbBiU1hiXYdOHw=='; style-src 'self' *.crisp.chat 'unsafe-inline' Reverse Proxy banner -- @@ -428,7 +428,7 @@ Final Score 81 Overall Grade A+ - Done 2022-11-06 13:48:23 [ 186s] -->> 109.232.236.90:443 (carnet-de-bord-preprod.dev.fabrique.social.gouv.fr) <<-- + Done 2022-11-13 15:22:59 [ 181s] -->> 109.232.236.90:443 (carnet-de-bord-preprod.dev.fabrique.social.gouv.fr) <<-- ----------------------------------------------------- Done testing now all IP addresses (on port 443): 5.104.101.30 109.232.236.90 diff --git a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.json b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.json index 0a4c707ef54..e4dcde7fe4c 100644 --- a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.json +++ b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/testssl.json @@ -220,7 +220,7 @@ "ip" : "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30", "port" : "443", "severity" : "INFO", - "finding" : "not supported" + "finding" : "supported" } , { "id" : "TLS_timestamp", @@ -360,7 +360,7 @@ "ip" : "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30", "port" : "443", "severity" : "OK", - "finding" : "72 >= 30 days" + "finding" : "64 >= 30 days" } , { "id" : "cert_notBefore", @@ -563,7 +563,7 @@ "ip" : "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30", "port" : "443", "severity" : "INFO", - "finding" : "1667742370" + "finding" : "1668352849" } , { "id" : "HSTS_time", @@ -619,7 +619,7 @@ "ip" : "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/5.104.101.30", "port" : "443", "severity" : "OK", - "finding" : "default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-/fgbqvuyla5KF+3/6xWgpg=='; style-src 'self' *.crisp.chat 'unsafe-inline'" + "finding" : "default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-W2YSbOSzedjQM1bU4iwkng=='; style-src 'self' *.crisp.chat 'unsafe-inline'" } , { "id" : "banner_reverseproxy", @@ -1482,7 +1482,7 @@ "ip" : "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90", "port" : "443", "severity" : "OK", - "finding" : "72 >= 30 days" + "finding" : "64 >= 30 days" } , { "id" : "cert_notBefore", @@ -1685,7 +1685,7 @@ "ip" : "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90", "port" : "443", "severity" : "INFO", - "finding" : "1667742461" + "finding" : "1668352938" } , { "id" : "HSTS_time", @@ -1741,7 +1741,7 @@ "ip" : "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90", "port" : "443", "severity" : "OK", - "finding" : "default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-xRycK3CR7Xa71oHdsY6veQ=='; style-src 'self' *.crisp.chat 'unsafe-inline'" + "finding" : "default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-yBsss6pYlbBiU1hiXYdOHw=='; style-src 'self' *.crisp.chat 'unsafe-inline'" } , { "id" : "banner_reverseproxy", @@ -2248,6 +2248,6 @@ "ip" : "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/109.232.236.90", "port" : "443", "severity" : "INFO", - "finding" : "186" + "finding" : "181" } ] diff --git a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/thirdparties.json b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/thirdparties.json index 8dd9a5c5932..a30e053a1e1 100644 --- a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/thirdparties.json +++ b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/thirdparties.json @@ -6,7 +6,7 @@ "value": "1", "domain": "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr", "path": "/", - "expires": 1667744082, + "expires": 1668354562, "size": 16, "httpOnly": false, "secure": false, @@ -18,10 +18,10 @@ }, { "name": "_pk_id.53.bcf0", - "value": "5ac85c5e57969b51.1667742282.", + "value": "e041146318f757b5.1668352763.", "domain": "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr", "path": "/", - "expires": 1701697482, + "expires": 1702307963, "size": 42, "httpOnly": false, "secure": false, @@ -34,19 +34,19 @@ ], "headers": { "content-encoding": "gzip", - "content-security-policy": "default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-4oguy2voO0LWdcVRaAexIA=='; style-src 'self' *.crisp.chat 'unsafe-inline'", + "content-security-policy": "default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-MRXwJ+VZpfTGMsi4f8tKXQ=='; style-src 'self' *.crisp.chat 'unsafe-inline'", "content-type": "text/html", - "date": "Sun, 06 Nov 2022 13:44:41 GMT", - "etag": "W/\"u4y5gx\"", - "link": "<./_app/immutable/assets/_layout-c7ab58fb.css>; rel=\"preload\";as=\"style\";nonce=\"4oguy2voO0LWdcVRaAexIA==\"; nopush, <./_app/immutable/assets/LayerCDB-b5305bde.css>; rel=\"preload\";as=\"style\";nonce=\"4oguy2voO0LWdcVRaAexIA==\"; nopush, <./_app/immutable/assets/Select-f845fd1b.css>; rel=\"preload\";as=\"style\";nonce=\"4oguy2voO0LWdcVRaAexIA==\"; nopush, <./_app/immutable/start-5303cf5f.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-a5a5e432.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/singletons-f8cb6e56.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-157a85c1.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/preload-helper-aa6bc0ce.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/control-03134885.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/env-public-6aa99648.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/components/pages/_layout.svelte-85afa0c1.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/matomo-474420b0.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/stores-1f5d717d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/openComponent-4cdf917a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/auth-c5f53aee.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/apiUrl-26435ea0.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/object-75625798.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-2162ba9d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8fd82cc3.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/date-8042377a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8049b269.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/createClient-ef70c0ba.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/ab6c3355-28ee801d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/urql-svelte-66b0b56a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/IconButton-88c5e3e5.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/helpers-3a71b442.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-509314ae.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/components/pages/_page.svelte-638b7d5d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Footer-7370ceff.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Select.svelte_svelte_type_style_lang-49392798.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8db6fd50.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Button-e6949af9.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Link-489f1752.js>; rel=\"modulepreload\"; nopush", + "date": "Sun, 13 Nov 2022 15:19:21 GMT", + "etag": "W/\"ujfi2g\"", + "link": "<./_app/immutable/assets/_layout-2b8e1e37.css>; rel=\"preload\";as=\"style\";nonce=\"MRXwJ+VZpfTGMsi4f8tKXQ==\"; nopush, <./_app/immutable/assets/LayerCDB-b5305bde.css>; rel=\"preload\";as=\"style\";nonce=\"MRXwJ+VZpfTGMsi4f8tKXQ==\"; nopush, <./_app/immutable/assets/Select-f845fd1b.css>; rel=\"preload\";as=\"style\";nonce=\"MRXwJ+VZpfTGMsi4f8tKXQ==\"; nopush, <./_app/immutable/start-f567272e.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-a5a5e432.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/singletons-6d435ce3.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-157a85c1.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/preload-helper-aa6bc0ce.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/control-03134885.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/env-public-6aa99648.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/components/pages/_layout.svelte-57929c88.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/matomo-474420b0.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/stores-f4072e52.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/openComponent-4cdf917a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/auth-c5f53aee.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/apiUrl-26435ea0.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/object-75625798.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-2162ba9d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8fd82cc3.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/date-8042377a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8049b269.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/createClient-ef70c0ba.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/ab6c3355-28ee801d.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/urql-svelte-66b0b56a.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/IconButton-88c5e3e5.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/helpers-3a71b442.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-509314ae.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/components/pages/_page.svelte-3081c9ff.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Footer-d5e2b7ea.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Select.svelte_svelte_type_style_lang-fcc8ff29.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/index-8db6fd50.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Button-e6949af9.js>; rel=\"modulepreload\"; nopush, <./_app/immutable/chunks/Link-0455e819.js>; rel=\"modulepreload\"; nopush", "strict-transport-security": "max-age=31536000", - "x-request-id": "3feb89a5-48af-4e08-a6a1-b08f2afb21a4", + "x-request-id": "0ab6d183-9b4f-44c5-ad09-d85a8fb98cde", "x-sveltekit-page": "true" }, "endpoints": [ { "hostname": "carnet-de-bord-preprod.dev.fabrique.social.gouv.fr", - "ip": "109.232.236.90", + "ip": "5.104.101.30", "geoip": { "continent": { "code": "EU", @@ -78,7 +78,7 @@ } }, "location": { - "accuracy_radius": 500, + "accuracy_radius": 200, "latitude": 48.8582, "longitude": 2.3387, "time_zone": "Europe/Paris" diff --git a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/zap.html b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/zap.html index f87185b740c..3f4e89240bc 100644 --- a/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/zap.html +++ b/results/aHR0cHM6Ly9jYXJuZXQtZGUtYm9yZC1wcmVwcm9kLmRldi5mYWJyaXF1ZS5zb2NpYWwuZ291di5mcg==/zap.html @@ -127,7 +127,7 @@

- Generated on Sun, 6 Nov 2022 13:43:35 + Generated on Sun, 13 Nov 2022 15:18:17

@@ -301,7 +301,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-d/Ql0ZHlPrMd4E2hfBmp3g=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-lKN54rb8B+juZuxd6EsQJQ=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -327,7 +327,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-eQRsSstGHDmQiygIE1/ZDw=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-sKeo5JAf+V0I8MfxUkZrRA=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -353,7 +353,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-FArBj3JDQ8uNCkmTA7gx+A=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-UhWE7SH4aVsICBTEMJsw8A=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -379,7 +379,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-+zTN6KMRVql0fOj3j+4aEg=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-AsYJyI7yWV8shiNbuN2WMA=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -405,7 +405,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-yAuvM0ZjmORj88vFNN1U2A=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-d7Tmoz9IJB2yB05f44VO0Q=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -431,7 +431,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-T0SzEF4M2BFD+lrxxGnhag=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-KgyGD2tZDrbUgeJf43uHqw=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -525,7 +525,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-d/Ql0ZHlPrMd4E2hfBmp3g=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-lKN54rb8B+juZuxd6EsQJQ=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -551,7 +551,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-eQRsSstGHDmQiygIE1/ZDw=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-sKeo5JAf+V0I8MfxUkZrRA=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -577,7 +577,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-FArBj3JDQ8uNCkmTA7gx+A=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-UhWE7SH4aVsICBTEMJsw8A=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -603,7 +603,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-+zTN6KMRVql0fOj3j+4aEg=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-AsYJyI7yWV8shiNbuN2WMA=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -629,7 +629,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-yAuvM0ZjmORj88vFNN1U2A=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-d7Tmoz9IJB2yB05f44VO0Q=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -655,7 +655,7 @@

Alert Detail

Evidence - default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-T0SzEF4M2BFD+lrxxGnhag=='; style-src 'self' *.crisp.chat 'unsafe-inline' + default-src 'self' *.fabrique.social.gouv.fr *.crisp.chat; connect-src 'self' wss: https: *.fabrique.social.gouv.fr localhost:* client.relay.crisp.chat; font-src 'self' data: blob: *.crisp.chat; img-src 'self' data: *.fabrique.social.gouv.fr *.crisp.chat; script-src 'self' *.fabrique.social.gouv.fr *.crisp.chat 'nonce-KgyGD2tZDrbUgeJf43uHqw=='; style-src 'self' *.crisp.chat 'unsafe-inline' @@ -878,7 +878,7 @@

Alert Detail

Description -
The identified library svelte, version 85afa0c1 is vulnerable.
+
The identified library svelte, version 57929c88 is vulnerable.
@@ -915,7 +915,7 @@

Alert Detail

URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/(public)/mentions-legales/_layout.svelte-3aa672bf.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/(public)/politique-confidentialite/_layout.svelte-2e16bc0b.js Alert Detail Evidence - svelte-3aa672bf.js + svelte-2e16bc0b.js URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/(public)/politique-confidentialite/_layout.svelte-9dbbd27e.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/(public)/politique-confidentialite/_page.svelte-4d621f98.js Alert Detail Evidence - svelte-9dbbd27e.js + svelte-4d621f98.js URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/(public)/politique-confidentialite/_page.svelte-4d621f98.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_error.svelte-65b8ee70.js Alert Detail Evidence - svelte-4d621f98.js + svelte-65b8ee70.js URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js Alert Detail Evidence - svelte-85afa0c1.js + svelte-57929c88.js URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_page.svelte-638b7d5d.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_page.svelte-3081c9ff.js Alert Detail Evidence - svelte-638b7d5d.js + svelte-3081c9ff.js @@ -1283,7 +1283,7 @@

Alert Detail

URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-f8cb6e56.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-6d435ce3.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-f8cb6e56.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-6d435ce3.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/assets/_layout-c7ab58fb.css + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/assets/_layout-2b8e1e37.css Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_page.svelte-638b7d5d.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_page.svelte-3081c9ff.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/start-5303cf5f.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/start-f567272e.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/apiUrl-26435ea0.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/auth-c5f53aee.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-f8cb6e56.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-6d435ce3.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/stores-1f5d717d.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js Alert Detail Evidence - from + user URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/start-f567272e.js Alert Detail Evidence - user + query @@ -3157,7 +3157,7 @@

Alert Detail

URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/preload-helper-aa6bc0ce.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/matomo-474420b0.js Alert Detail URL - https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-f8cb6e56.js + https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/preload-helper-aa6bc0ce.js https://github.com/sveltejs/svelte/pull/7333

https://github.com/sveltejs/svelte/pull/1623

", "cweid": "829", "wascid": "-1", - "sourceid": "85" + "sourceid": "84" }, { "pluginid": "10063", @@ -298,14 +298,14 @@ "evidence": "" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-f8cb6e56.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-6d435ce3.js", "method": "GET", "param": "", "attack": "", "evidence": "" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js", "method": "GET", "param": "", "attack": "", @@ -332,7 +332,7 @@ "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy

https://developers.google.com/web/updates/2018/06/feature-policy

https://scotthelme.co.uk/a-new-security-header-feature-policy/

https://w3c.github.io/webappsec-feature-policy/

https://www.smashingmagazine.com/2018/12/feature-policy/

", "cweid": "693", "wascid": "15", - "sourceid": "7" + "sourceid": "1" }, { "pluginid": "10021", @@ -408,14 +408,14 @@ "evidence": "" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-f8cb6e56.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-6d435ce3.js", "method": "GET", "param": "X-Content-Type-Options", "attack": "", "evidence": "" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js", "method": "GET", "param": "X-Content-Type-Options", "attack": "", @@ -428,7 +428,7 @@ "reference": "

http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx

https://owasp.org/www-community/Security_Headers

", "cweid": "693", "wascid": "15", - "sourceid": "7" + "sourceid": "1" }, { "pluginid": "10094", @@ -455,28 +455,28 @@ "evidence": "/_app/immutable/assets/LayerCDB-b5305bde" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/assets/_layout-c7ab58fb.css", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/assets/_layout-2b8e1e37.css", "method": "GET", "param": "", "attack": "", "evidence": "/Marianne-Light_Italic-078754d7" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js", "method": "GET", "param": "", "attack": "", "evidence": "/chunks/openComponent-4cdf917a" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_page.svelte-638b7d5d.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_page.svelte-3081c9ff.js", "method": "GET", "param": "", "attack": "", "evidence": "/chunks/openComponent-4cdf917a" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/start-5303cf5f.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/start-f567272e.js", "method": "GET", "param": "", "attack": "", @@ -517,7 +517,7 @@ "reference": "

http://projects.webappsec.org/w/page/13246936/Information%20Leakage

", "cweid": "200", "wascid": "13", - "sourceid": "7" + "sourceid": "1" }, { "pluginid": "10019", @@ -577,7 +577,7 @@ "evidence": "user" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/apiUrl-26435ea0.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/auth-c5f53aee.js", "method": "GET", "param": "", "attack": "", @@ -605,32 +605,32 @@ "evidence": "from" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-f8cb6e56.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/singletons-6d435ce3.js", "method": "GET", "param": "", "attack": "", "evidence": "from" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/chunks/stores-1f5d717d.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js", "method": "GET", "param": "", "attack": "", "evidence": "from" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-57929c88.js", "method": "GET", "param": "", "attack": "", - "evidence": "from" + "evidence": "user" }, { - "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/components/pages/_layout.svelte-85afa0c1.js", + "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/_app/immutable/start-f567272e.js", "method": "GET", "param": "", "attack": "", - "evidence": "user" + "evidence": "query" }, { "uri": "https://carnet-de-bord-preprod.dev.fabrique.social.gouv.fr/robots.txt", @@ -649,7 +649,7 @@ ], "count": "12", "solution": "

Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.

", - "otherinfo": "

The following pattern was used: \\bUSER\\b and was detected in the element starting with: \"