Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

J hoang/appeals 34906 v5 #20464

Merged
merged 6 commits into from
Jan 9, 2024
Merged

J hoang/appeals 34906 v5 #20464

merged 6 commits into from
Jan 9, 2024

Conversation

jonathanh-va
Copy link
Contributor

@jonathanh-va jonathanh-va commented Jan 9, 2024
edited
Loading

Resolves APPEALS-34906

Description

Wrap the logic related to uploading documents to claim evidence behind a feature toggle for UAT testing.

Acceptance Criteria

  • Code compiles correctly

Best practices

Code Documentation Updates

  • Add or update code comments at the top of the class, module, and/or component.

Tests

Test Coverage

Did you include any test coverage for your code? Check below:

  • RSpec
  • Jest
  • Other

Code Climate

Your code does not add any new code climate offenses? If so why?

  • No new code climate issues added

Monitoring, Logging, Auditing, Error, and Exception Handling Checklist

Monitoring

  • Are performance metrics (e.g., response time, throughput) being tracked?
  • Are key application components monitored (e.g., database, cache, queues)?
  • Is there a system in place for setting up alerts based on performance thresholds?

Logging

  • Are logs being produced at appropriate log levels (debug, info, warn, error, fatal)?
  • Are logs structured (e.g., using log tags) for easier querying and analysis?
  • Are sensitive data (e.g., passwords, tokens) redacted or omitted from logs?
  • Is log retention and rotation configured correctly?
  • Are logs being forwarded to a centralized logging system if needed?

Auditing

  • Are user actions being logged for audit purposes?
  • Are changes to critical data being tracked ?
  • Are logs being securely stored and protected from tampering or exposing protected data?

Error Handling

  • Are errors being caught and handled gracefully?
  • Are appropriate error messages being displayed to users?
  • Are critical errors being reported to an error tracking system (e.g., Sentry, ELK)?
  • Are unhandled exceptions being caught at the application level ?

Exception Handling

  • Are custom exceptions defined and used where appropriate?
  • Is exception handling consistent throughout the codebase?
  • Are exceptions logged with relevant context and stack trace information?
  • Are exceptions being grouped and categorized for easier analysis and resolution?

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 9, 2024
View reviewed changes
app/views/explain/show.html.erb Outdated
}

const setDetailsPaneMessage = (htmlContent)=>{
document.getElementById("side_panel_message").innerHTML = htmlContent;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 9, 2024
View reviewed changes
app/services/correspondence_intake_processor.rb Outdated
{
appeal: appeal,
parent_id: appeal.root_task&.id,
assigned_to: data[:assigned_to].constantize.singleton,

Check failure

Code scanning / CodeQL

Code injection Critical

This code execution depends on a
user-provided value
Loading
.
app/services/correspondence_intake_processor.rb Outdated
class_for_data(data).create_from_params(
{
parent_id: correspondence.root_task.id,
assigned_to: data[:assigned_to].constantize.singleton,

Check failure

Code scanning / CodeQL

Code injection Critical

This code execution depends on a
user-provided value
Loading
.
app/services/correspondence_intake_processor.rb Outdated
end

def class_for_data(data)
data[:klass]&.constantize

Check failure

Code scanning / CodeQL

Code injection Critical

This code execution depends on a
user-provided value
Loading
.
@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 9, 2024
edited
Loading

Code Climate has analyzed commit b5e6fe1 and detected 13 issues on this pull request.

Here's the issue category breakdown:

Category Count
Duplication 2
Security 1
Complexity 6
Style 2
Bug Risk 1
Performance 1

View more on Code Climate.

@jonathanh-va jonathanh-va changed the base branch from master to feature/APPEALS-27311 January 9, 2024 20:58
@jonathanh-va jonathanh-va marked this pull request as ready for review January 9, 2024 21:34
@youfoundmanesh youfoundmanesh merged commit 867af2b into feature/APPEALS-27311 Jan 9, 2024
16 of 17 checks passed
craigrva pushed a commit that referenced this pull request Jan 24, 2024
@jonathanh-va @Kevma50287 @craigrva
J hoang/appeals 34906 v5 (#20464)
9e86522 
* wrap Intake appeal upload behind feature toggle

* update static doc path

* rubocop fix efolder uploader

* refactor intake_update in correspondence controller

* Ignore feature envy code climate

* Reek ignore warning

---------

Co-authored-by: Jonathan Hoang <trinhjoanthan.hoang@va.gov>
Co-authored-by: Kevin Ma <magavakevin10@gmail.com>
@Kevma50287 Kevma50287 deleted the JHoang/APPEALS-34906-v5 branch October 17, 2024 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@youfoundmanesh youfoundmanesh youfoundmanesh approved these changes

@cacevesva cacevesva Awaiting requested review from cacevesva

Assignees
No one assigned
Labels
Correspondence
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jonathanh-va @youfoundmanesh @Kevma50287