prime-reportstream icon indicating copy to clipboard operation
prime-reportstream copied to clipboard
verified publisher icon CDCgov

Initial commit FL receiver UP migration

Open oslynn opened this issue 1 year ago • 4 comments

This PR is pre-work for FL receiver UP migration.

Test Steps:

  1. Include steps to test these changes

Changes

  • Include a comprehensive list of changes in this PR
  • (For web UI changes) Include screenshots/video of changes

Checklist

Testing

  • [ ] Tested locally?
  • [ ] Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
  • [ ] (For Changes to /frontend-react/...) Ran npm run lint:write?
  • [ ] Added tests?

Process

  • [ ] Are there licensing issues with any new dependencies introduced?
  • [ ] Includes a summary of what a code reviewer should test/verify?
  • [ ] Updated the release notes?
  • [ ] Database changes are submitted as a separate PR?
  • [ ] DevOps team has been notified if PR requires ops support?

Linked Issues

  • Fixes #issue
  • https://app.zenhub.com/workspaces/engagement-6166edbd409257001e09f1b2/issues/gh/cdcgov/prime-reportstream/13887

To Be Done

Create GitHub issues to track the work remaining, if any

  • #issue

Specific Security-related subjects a reviewer should pay specific attention to

  • Does this PR introduce new endpoints?
    • new endpoint A
    • new endpoint B
  • Does this PR include changes in authentication and/or authorization of existing endpoints?
  • Does this change introduce new dependencies that need vetting?
  • Does this change require changes to our infrastructure?
  • Does logging contain sensitive data?
  • Does this PR include or remove any sensitive information itself?

If you answered 'yes' to any of the questions above, conduct a detailed Review that addresses at least:

  • What are the potential security threats and mitigations? Please list the STRIDE threats and how they are mitigated
    • Spoofing (faking authenticity)
      • Threat T, which could be achieved by A, is mitigated by M
    • Tampering (influence or sabotage the integrity of information, data, or system)
    • Repudiation (the ability to dispute the origin or originator of an action)
    • Information disclosure (data made available to entities who should not have it)
    • Denial of service (make a resource unavailable)
    • Elevation of Privilege (reduce restrictions that apply or gain privileges one should not have)
  • Have you ensured logging does not contain sensitive data?
  • Have you received any additional approvals needed for this change?

oslynn avatar May 20 '24 15:05 oslynn

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files

github-actions[bot] avatar May 20 '24 15:05 github-actions[bot]

Test Results

1 229 tests  ±0   1 225 :white_check_mark: ±0   7m 19s :stopwatch: +12s   154 suites ±0       4 :zzz: ±0    154 files   ±0       0 :x: ±0 

Results for commit 2da8c752. ± Comparison against base commit 457e00ca.

:recycle: This comment has been updated with latest results.

github-actions[bot] avatar May 20 '24 15:05 github-actions[bot]

Integration Test Results

 63 files   63 suites   28m 29s :stopwatch: 406 tests 397 :white_check_mark: 9 :zzz: 0 :x: 409 runs  400 :white_check_mark: 9 :zzz: 0 :x:

Results for commit 2da8c752.

:recycle: This comment has been updated with latest results.

github-actions[bot] avatar May 20 '24 16:05 github-actions[bot]

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Jul 02 '24 22:07 sonarqubecloud[bot]