Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[16141] Implement ReceiverEnrichment Function #16854

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

wcutshall
Copy link
Collaborator

This PR ...

If you are suggesting a fix for a currently exploitable issue, please disclose the issue to the prime-reportstream team directly outside of GitHub instead of filing a PR, so we may immediately patch the affected systems before a disclosure. See SECURITY.md/Reporting a Vulnerability for more information.

Test Steps:

  1. Include steps to test these changes

Changes

  • Include a comprehensive list of changes in this PR
  • (For web UI changes) Include screenshots/video of changes

Checklist

Testing

  • Tested locally?
  • Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
  • (For Changes to /frontend-react/...) Ran npm run lint:write?
  • Added tests?

Process

  • Are there licensing issues with any new dependencies introduced?
  • Includes a summary of what a code reviewer should test/verify?
  • Updated the release notes?
  • Database changes are submitted as a separate PR?
  • DevOps team has been notified if PR requires ops support?

Linked Issues

  • Fixes #issue

To Be Done

Create GitHub issues to track the work remaining, if any

  • #issue

Specific Security-related subjects a reviewer should pay specific attention to

  • Does this PR introduce new endpoints?
    • new endpoint A
    • new endpoint B
  • Does this PR include changes in authentication and/or authorization of existing endpoints?
  • Does this change introduce new dependencies that need vetting?
  • Does this change require changes to our infrastructure?
  • Does logging contain sensitive data?
  • Does this PR include or remove any sensitive information itself?

If you answered 'yes' to any of the questions above, conduct a detailed Review that addresses at least:

  • What are the potential security threats and mitigations? Please list the STRIDE threats and how they are mitigated
    • Spoofing (faking authenticity)
      • Threat T, which could be achieved by A, is mitigated by M
    • Tampering (influence or sabotage the integrity of information, data, or system)
    • Repudiation (the ability to dispute the origin or originator of an action)
    • Information disclosure (data made available to entities who should not have it)
    • Denial of service (make a resource unavailable)
    • Elevation of Privilege (reduce restrictions that apply or gain privileges one should not have)
  • Have you ensured logging does not contain sensitive data?
  • Have you received any additional approvals needed for this change?

Copy link

github-actions bot commented Dec 19, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files

Copy link

github-actions bot commented Dec 19, 2024

Test Results

1 266 tests  ±0   1 262 ✅ ±0   8m 2s ⏱️ +20s
  164 suites ±0       4 💤 ±0 
  164 files   ±0       0 ❌ ±0 

Results for commit e308ee9. ± Comparison against base commit d56ee64.

♻️ This comment has been updated with latest results.

Copy link

github-actions bot commented Dec 19, 2024

Integration Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit e308ee9.

♻️ This comment has been updated with latest results.

Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
5.3% Coverage on New Code (required ≥ 80%)
16.3% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

@jack-h-wang jack-h-wang added the platform Platform Team label Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
platform Platform Team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants