[PM-336] Nullable Platform & Unowned Services

[justindbaur]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-336

📔 Objective

Enable nullable in services that are either owned by platform or unowned currently.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – de1a59d7-3004-445f-b396-55699c58d76c

New Issues (5)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 164	details Method Put at line 164 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from model. This parameter val... ID: O%2BHxUDVmhn4DDWQtZQFQAhiT9ZY%3D Attack Vector
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 86	details Method Put at line 86 of /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs gets a parameter from a user request from model. This param... ID: tdBhFufVwEv2BYlT6X8qz8sKXeo%3D Attack Vector
	CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133	details Method Put at line 133 of /src/Api/AdminConsole/Public/Controllers/GroupsController.cs gets a parameter from a user request from model. This parame... ID: En5BEJJONHFvKUkaerwROu5tjB0%3D Attack Vector
	CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 96	details Method Patch at line 96 of /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs gets a parameter from a user request from model. This par... ID: qOrS%2Bmn6Gg1L4tTtOw7xqc0462I%3D Attack Vector
	Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/Billing/BusinessUnitConversionInvite.html.hbs: 12	details A Content Security Policy is not explicitly defined within the web-application. ID: IIshHvFH05usl0d7kdglsEkC7i8%3D Attack Vector

Fixed Issues (3)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Billing/Controllers/AccountsController.cs: 142
	CSRF	/src/Api/Controllers/DevicesController.cs: 75
	CSRF	/src/Api/Controllers/DevicesController.cs: 62

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud