- {!establishmentTask(task) &&
+ {!establishmentTaskCorrespondence(task) &&
{COPY.TASK_SNAPSHOT_TASK_INSTRUCTIONS_LABEL}
@@ -251,7 +251,7 @@ class CorrespondenceTaskRows extends React.PureComponent {
|
{isCancelled(task) ? : closedAtIcon(task, timeline)}
diff --git a/client/test/app/hearings/components/__snapshots__/Details.test.js.snap b/client/test/app/hearings/components/__snapshots__/Details.test.js.snap
index 99e6d78bccc..c9d95687dec 100644
--- a/client/test/app/hearings/components/__snapshots__/Details.test.js.snap
+++ b/client/test/app/hearings/components/__snapshots__/Details.test.js.snap
@@ -479,63 +479,138 @@ exports[`Details Displays HearingConversion when converting from central 1`] = `
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -42625,66 +42700,144 @@ exports[`Details Displays HearingConversion when converting from video 1`] = `
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -86121,63 +86274,138 @@ exports[`Details Displays HearingConversion when converting from virtual 1`] = `
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -177659,82 +177887,182 @@ exports[`Details Displays VirtualHearing details when there is a virtual hearing
-
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -226373,82 +226701,182 @@ exports[`Details Does not display EmailConfirmationModal when updating transcrip
-
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -315955,86 +316383,190 @@ exports[`Details Matches snapshot with default props 1`] = `
-
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
diff --git a/client/test/app/hearings/components/__snapshots__/HearingConversion.test.js.snap b/client/test/app/hearings/components/__snapshots__/HearingConversion.test.js.snap
index 018c843fd40..4d32887c439 100644
--- a/client/test/app/hearings/components/__snapshots__/HearingConversion.test.js.snap
+++ b/client/test/app/hearings/components/__snapshots__/HearingConversion.test.js.snap
@@ -353,66 +353,144 @@ exports[`HearingConversion Displays email fields when hearing type is switched f
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
diff --git a/client/test/app/hearings/components/__snapshots__/ScheduleVeteran.test.js.snap b/client/test/app/hearings/components/__snapshots__/ScheduleVeteran.test.js.snap
index beb2d859dc7..06c2e23fa62 100644
--- a/client/test/app/hearings/components/__snapshots__/ScheduleVeteran.test.js.snap
+++ b/client/test/app/hearings/components/__snapshots__/ScheduleVeteran.test.js.snap
@@ -26201,66 +26201,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -118894,66 +118972,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -156194,66 +156350,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -194615,66 +194849,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -231911,66 +232223,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -269211,66 +269601,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -335645,66 +336113,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -404518,66 +405064,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -475611,66 +476235,144 @@ SAN FRANCISCO, CA 94103
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
diff --git a/client/test/app/hearings/components/details/__snapshots__/DetailsForm.test.js.snap b/client/test/app/hearings/components/details/__snapshots__/DetailsForm.test.js.snap
index 47155ee3647..de736b1dd81 100644
--- a/client/test/app/hearings/components/details/__snapshots__/DetailsForm.test.js.snap
+++ b/client/test/app/hearings/components/details/__snapshots__/DetailsForm.test.js.snap
@@ -45170,86 +45170,190 @@ exports[`DetailsForm Matches snapshot with default props when passed in 1`] = `
-
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -90644,86 +90748,190 @@ exports[`DetailsForm Matches snapshot with for AMA hearing 1`] = `
-
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
diff --git a/client/test/app/hearings/components/modalForms/__snapshots__/HearingTime.test.js.snap b/client/test/app/hearings/components/modalForms/__snapshots__/HearingTime.test.js.snap
index d6eff75bfd6..73100683693 100644
--- a/client/test/app/hearings/components/modalForms/__snapshots__/HearingTime.test.js.snap
+++ b/client/test/app/hearings/components/modalForms/__snapshots__/HearingTime.test.js.snap
@@ -58,66 +58,144 @@ exports[`HearingTime Matches snapshot when enableZone is true 1`] = `
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -9008,66 +9086,144 @@ exports[`HearingTime Matches snapshot when other time is not selected 1`] = `
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -9133,66 +9289,144 @@ exports[`HearingTime Matches snapshot when other time is selected 1`] = `
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -18082,66 +18316,144 @@ exports[`HearingTime Matches snapshot when readonly prop is set 1`] = `
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -26984,66 +27296,144 @@ exports[`HearingTime Matches snapshot with default props when passed in 1`] = `
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
diff --git a/client/test/app/queue/cavc/__snapshots__/AddCavcRemandView.test.js.snap b/client/test/app/queue/cavc/__snapshots__/AddCavcRemandView.test.js.snap
index 57f1ad07fd8..761d75aea32 100644
--- a/client/test/app/queue/cavc/__snapshots__/AddCavcRemandView.test.js.snap
+++ b/client/test/app/queue/cavc/__snapshots__/AddCavcRemandView.test.js.snap
@@ -377,46 +377,94 @@ exports[`AddCavcRemandView renders correctly 1`] = `
+
+
+
+
+
+
@@ -3633,86 +3681,182 @@ exports[`AddCavcRemandView renders correctly 1`] = `
-
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
-
-
-
+
+
+
+
+
+
@@ -3760,26 +3904,50 @@ exports[`AddCavcRemandView renders correctly 1`] = `
-
-
-
-
+
+
+
+
+
-
-
+ Task will go on hold for selected number of days
+
+
+
+
+
+
+
- Marks the extension request as denied
-
-
-
+
+ Marks the extension request as denied
+
+
+
+
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index 148c53721d1..8da9f451982 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -18,9 +18,26 @@
},
"user_input": "SchedulePeriod.find(params[:schedule_period_id]).spreadsheet_location",
"confidence": "Medium",
- "cwe_id": [
- 22
- ],
+ "note": ""
+ },
+ {
+ "warning_type": "File Access",
+ "warning_code": 16,
+ "fingerprint": "3c37feede17bd60a0b4b4701d902b864de1120cbaa12e3421704244c3b0ff827",
+ "check_name": "SendFile",
+ "message": "Model attribute used in file name",
+ "file": "app/controllers/correspondence_review_package_controller.rb",
+ "line": 57,
+ "link": "https://brakemanscanner.org/docs/warning_types/file_access/",
+ "code": "send_file(Document.limit(200)[pdf_params[:pdf_id].to_i].serve, :type => \"application/pdf\", :disposition => ((\"inline\" or \"attachment; filename='#{pdf_params[:type]}-#{pdf_params[:id]}.pdf'\")))",
+ "render_path": null,
+ "location": {
+ "type": "method",
+ "class": "CorrespondenceReviewPackageController",
+ "method": "pdf"
+ },
+ "user_input": "Document.limit(200)[pdf_params[:pdf_id].to_i].serve",
+ "confidence": "Medium",
"note": ""
},
{
@@ -41,9 +58,6 @@
},
"user_input": "Document.find(params[:id]).serve",
"confidence": "Medium",
- "cwe_id": [
- 22
- ],
"note": ""
},
{
@@ -76,7 +90,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/jobs/ama_notification_efolder_sync_job.rb",
- "line": 112,
+ "line": 113,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "Appeal.find_by_sql(\" SELECT appeals.* FROM appeals\\n JOIN tasks t ON appeals.id = t.appeal_id\\n AND t.appeal_type = 'Appeal'\\n JOIN (#{appeals_on_latest_notifications(ids)}) AS notifs ON\\n notifs.appeals_id = appeals.\\\"uuid\\\"::text AND notifs.appeals_type = 'Appeal'\\n JOIN (#{appeals_on_latest_doc_uploads(ids)}) AS vbms_uploads ON\\n vbms_uploads.appeal_id = appeals.id AND vbms_uploads.appeal_type = 'Appeal'\\n WHERE (\\n notifs.notified_at > vbms_uploads.attempted_at\\n OR\\n notifs.created_at > vbms_uploads.attempted_at\\n )\\n AND t.TYPE = 'RootTask' AND t.status NOT IN ('completed', 'cancelled')\\n GROUP BY appeals.id\\n\")",
"render_path": null,
@@ -87,9 +101,6 @@
},
"user_input": "appeals_on_latest_notifications(ids)",
"confidence": "Medium",
- "cwe_id": [
- 89
- ],
"note": ""
},
{
@@ -99,7 +110,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/jobs/legacy_notification_efolder_sync_job.rb",
- "line": 113,
+ "line": 114,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "LegacyAppeal.find_by_sql(\" SELECT la.* FROM legacy_appeals la\\n JOIN tasks t ON la.id = t.appeal_id\\n AND t.appeal_type = 'LegacyAppeal'\\n JOIN (#{appeals_on_latest_notifications(ids)}) AS notifs ON\\n notifs.appeals_id = la.vacols_id AND notifs.appeals_type = 'LegacyAppeal'\\n JOIN (#{appeals_on_latest_doc_uploads(ids)}) AS vbms_uploads ON\\n vbms_uploads.appeal_id = la.id AND vbms_uploads.appeal_type = 'LegacyAppeal'\\n WHERE (\\n notifs.notified_at > vbms_uploads.attempted_at\\n OR\\n notifs.created_at > vbms_uploads.attempted_at\\n )\\n AND t.type = 'RootTask' AND t.status NOT IN ('completed', 'cancelled')\\n GROUP BY la.id\\n\")",
"render_path": null,
@@ -110,9 +121,6 @@
},
"user_input": "appeals_on_latest_notifications(ids)",
"confidence": "Medium",
- "cwe_id": [
- 89
- ],
"note": ""
},
{
@@ -122,7 +130,7 @@
"check_name": "SQL",
"message": "Possible SQL injection",
"file": "app/models/task.rb",
- "line": 284,
+ "line": 283,
"link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
"code": "Arel.sql(\"CASE WHEN #{CachedAppeal.table_name}.is_aod = TRUE THEN #{(\"0 ELSE 1\" or \"1 ELSE 0\")} END, CASE WHEN #{CachedAppeal.table_name}.case_type = 'Court Remand' THEN #{(\"0 ELSE 1\" or \"1 ELSE 0\")} END, #{CachedAppeal.table_name}.docket_number #{order}, #{Task.table_name}.created_at #{order}\")",
"render_path": null,
@@ -133,9 +141,6 @@
},
"user_input": "order",
"confidence": "Medium",
- "cwe_id": [
- 89
- ],
"note": ""
},
{
@@ -156,12 +161,9 @@
},
"user_input": "Document.find(document_id).serve",
"confidence": "Medium",
- "cwe_id": [
- 22
- ],
"note": ""
}
],
- "updated": "2024-06-27 14:50:46 -0400",
- "brakeman_version": "5.4.1"
+ "updated": "2024-08-08 13:35:28 -0700",
+ "brakeman_version": "4.10.1"
}
|