Security Vulnerability

2019-01-21 Thread mohan reddy 
SM-7 Missing secure flag on session ID 

In secure HTTPS applications, cookies must have the “Secure” flag set. The 
“Secure” flag informs browsers that a cookie should only be sent on 
connections that are encrypted with SSL. 

Without the “secure” flag, the non-encrypted HTTP domain for the 
application receives same-origin access to cookies set by the secure HTTPS 
domain; browsers will send unencrypted plaintext copies of cookies without 
the “secure” flag. 

Because any attacker on the Internet can fake the non-encrypted HTTP domain 
(it’s the encryption provided by TLS in HTTPS that prevents that from 
happening), and because cookies usually form the core of the authentication 
and authorization model of a web application, failing to set the “Secure” 
flag negates much of the security provided by SSL. 

RECOMMENDATION: Consult framework documentation to set the “Secure” flag on 
the cookie. Setting the “Secure” flag is usually simple; the framework may 
have a configuration setting that ensures all cookies are “Secure”, almost 
always provides a configuration option to ensure the Session cookie is 
“Secure”, and will usually offer the “Secure” flag as an option on the line 
of code that creates any given cookie.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/69005922-2061-494c-a246-c9cddd91b640%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: System.InvalidOperationException : The 'Microsoft.ACE.OLEDB.12.0' provider is not registered on the local machine.

2018-10-16 Thread mohan reddy 
Hey Gayatri,
Please reach me out for clarification

-Mohan Reddy


On Thu 4 Oct, 2018 01:10 Gayathri Katragadda,  wrote:

> I am using access data base engine to read data from excel data. from
> visual studio i am able to run all the tests without any issue. but while
> running from Jenkins i am getting this error message.
>
> System.Reflection.TargetInvocationException : Exception has been thrown by 
> the target of an invocation.
>   > System.InvalidOperationException : The 'Microsoft.ACE.OLEDB.12.0' 
> provider is not registered on the local machine.
>at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] 
> arguments, Signature sig, Boolean constructor)
>at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, 
> Object[] parameters, Object[] arguments)
>at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags 
> invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
>at NUnit.Framework.TestCaseSourceAttribute.GetTestCaseSource(IMethodInfo 
> method) in 
> C:\src\nunit\nunit\src\NUnitFramework\framework\Attributes\TestCaseSourceAttribute.cs:line
>  277
>at NUnit.Framework.TestCaseSourceAttribute.GetTestCasesFor(IMethodInfo 
> method) in 
> C:\src\nunit\nunit\src\NUnitFramework\framework\Attributes\TestCaseSourceAttribute.cs:line
>  173
> --InvalidOperationException
>at 
> System.Data.OleDb.OleDbServicesWrapper.GetDataSource(OleDbConnectionString 
> constr, DataSourceWrapper& datasrcWrapper)
>at System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString 
> constr, OleDbConnection connection)
>at 
> System.Data.OleDb.OleDbConnectionFactory.CreateConnection(DbConnectionOptions 
> options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, 
> DbConnectionPool pool, DbConnection owningObject)
>at 
> System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection
>  owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions 
> userOptions)
>at 
> System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection 
> owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions 
> userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& 
> connection)
>at 
> System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection
>  outerConnection, DbConnectionFactory connectionFactory, 
> TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
>at 
> System.Data.ProviderBase.DbConnectionInternal.OpenConnection(DbConnection 
> outerConnection, DbConnectionFactory connectionFactory)
>at System.Data.OleDb.OleDbConnection.Open()
>at LinqToExcel.Query.ExcelUtilities.GetWorksheetNames(ExcelQueryArgs args)
>at LinqToExcel.ExcelQueryFactory.GetWorksheetNames()
>at 
> Automation_Framework.Excel_Data_Reader.CommonBaseDataReader.get_WorkSheetNames()
>  in 
> C:\WIC\HANDS\EBT\Test_Automation\Hands_Automation_SmokeSuite_src\Automation_Framework\Excel
>  Data Reader\Model\CommonBaseDataReader.cs:line 37
>at 
> Automation_Framework.Excel_Data_Reader.CommonDataReader.get_FamilyInfoData() 
> in 
> C:\WIC\HANDS\EBT\Test_Automation\Hands_Automation_SmokeSuite_src\Automation_Framework\Excel
>  Data Reader\Model\CommonDataReader.cs:line 244
>at 
> Automation_Framework.Excel_Data_Reader.CommonDataReader.IntializeFamilyDetails()
>  in 
> C:\WIC\HANDS\EBT\Test_Automation\Hands_Automation_SmokeSuite_src\Automation_Framework\Excel
>  Data Reader\Model\CommonDataReader.cs:line 80
>at Automation_Framework.Excel_Data_Reader.CommonDataReader.get_Families() 
> in 
> C:\WIC\HANDS\EBT\Test_Automation\Hands_Automation_SmokeSuite_src\Automation_Framework\Excel
>  Data Reader\Model\CommonDataReader.cs:line 32
>at Automation_Smoke_Tests.Data.CommonInfoTestData.Families() in 
> C:\WIC\HANDS\EBT\Test_Automation\Hands_Automation_SmokeSuite_src\Automation_Selenium_Tests\Data\CommonInfoTestData.cs:line
>  102
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/4bc07231-2f14-4d22-bb56-2eecee8643ef%40googlegroups.com
> <https://groups.google.com/d/msgid/jenkinsci-users/4bc07231-2f14-4d22-bb56-2eecee8643ef%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscr

Re: Jenkins - Security Vulnerability

2018-05-22 Thread mohan reddy 
Hi All,

I just want to know if we have any thing can be done to bring this to 
closure.

Any help that you provide is greatly appreciated.


-Mohan

On Monday, May 21, 2018 at 6:43:37 PM UTC+5:30, mohan reddy wrote:
>
> Hi Team,
>
> I was hoping that you would put me in the correct direction. I have 
> reached out to support team who work on Jira tickets (
> https://issues.jenkins-ci.org/browse/SECURITY-880) but no luck.
>
> We'd like to enable the secure flag on session ID's and any help that 
> would provide is greatly appreciated.
>
> Below, is the info:
>
>
> In secure HTTPS applications, cookies must have the “Secure” flag set. The 
> “Secure” flag informs browsers that a cookie should only be sent on 
> connections that are encrypted with SSL.
>
> Without the “secure” flag, the non-encrypted HTTP domain for the 
> application receives same-origin access to cookies set by the secure HTTPS 
> domain; browsers will send unencrypted plaintext copies of cookies without 
> the “secure” flag.
>
> Because any attacker on the Internet can fake the non-encrypted HTTP 
> domain (it’s the encryption provided by TLS in HTTPS that prevents that 
> from happening), and because cookies usually form the core of the 
> authentication and authorization model of a web application, failing to set 
> the “Secure” flag negates much of the security provided by SSL.
>
> *RECOMMENDATION*: Consult framework documentation to set the “Secure” 
> flag on the cookie. Setting the “Secure” flag is usually simple; the 
> framework may have a configuration setting that ensures all cookies are 
> “Secure”, almost always provides a configuration option to ensure the 
> Session cookie is “Secure”, and will usually offer the “Secure” flag as an 
> option on the line of code that creates any given cookie. 
>
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/4197debb-9da6-4cc0-9328-562dfb0b74ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.