cloud config propagation url and tests adjusted · jenkinsci/bitbucket-push-and-pull-request-plugin@dfbb5bc · GitHub

GitHub Advanced Security / Jenkins Security Scan succeeded Sep 12, 2024 in 3s

4 new alerts

New alerts in code changed by this pull request

4 warnings

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 354 in src/main/java/io/jenkins/plugins/bitbucketpushandpullrequest/BitBucketPPRTrigger.java

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If DescriptorImpl#doFillCredentialsIdItems connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

Check warning on line 75 in src/main/java/io/jenkins/plugins/bitbucketpushandpullrequest/config/BitBucketPPRPluginConfig.java

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in BitBucketPPRPluginConfig#doCheckPropagationUrl

Check warning on line 75 in src/main/java/io/jenkins/plugins/bitbucketpushandpullrequest/config/BitBucketPPRPluginConfig.java

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If BitBucketPPRPluginConfig#doCheckPropagationUrl connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

Check warning on line 158 in src/main/java/io/jenkins/plugins/bitbucketpushandpullrequest/config/BitBucketPPRPluginConfig.java

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If BitBucketPPRPluginConfig#doFillCredentialsIdItems connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST