CDCgov
Production
This PR ...
If you are suggesting a fix for a currently exploitable issue, please disclose the issue to the prime-reportstream team directly outside of GitHub instead of filing a PR, so we may immediately patch the affected systems before a disclosure. See SECURITY.md/Reporting a Vulnerability for more information.
Test Steps:
- Include steps to test these changes
Changes
- Include a comprehensive list of changes in this PR
- (For web UI changes) Include screenshots/video of changes
Checklist
Testing
- [ ] Tested locally?
- [ ] Ran
./prime testor./gradlew testSmokeagainst local Docker ReportStream container? - [ ] (For Changes to /frontend-react/...) Ran
npm run lint:write? - [ ] Added tests?
Process
- [ ] Are there licensing issues with any new dependencies introduced?
- [ ] Includes a summary of what a code reviewer should test/verify?
- [ ] Updated the release notes?
- [ ] Database changes are submitted as a separate PR?
- [ ] DevOps team has been notified if PR requires ops support?
Linked Issues
- Fixes #issue
To Be Done
Create GitHub issues to track the work remaining, if any
- #issue
Specific Security-related subjects a reviewer should pay specific attention to
- Does this PR introduce new endpoints?
- new endpoint A
- new endpoint B
- Does this PR include changes in authentication and/or authorization of existing endpoints?
- Does this change introduce new dependencies that need vetting?
- Does this change require changes to our infrastructure?
- Does logging contain sensitive data?
- Does this PR include or remove any sensitive information itself?
If you answered 'yes' to any of the questions above, conduct a detailed Review that addresses at least:
- What are the potential security threats and mitigations? Please list the STRIDE threats and how they are mitigated
- Spoofing (faking authenticity)
- Threat T, which could be achieved by A, is mitigated by M
- Tampering (influence or sabotage the integrity of information, data, or system)
- Repudiation (the ability to dispute the origin or originator of an action)
- Information disclosure (data made available to entities who should not have it)
- Denial of service (make a resource unavailable)
- Elevation of Privilege (reduce restrictions that apply or gain privileges one should not have)
- Spoofing (faking authenticity)
- Have you ensured logging does not contain sensitive data?
- Have you received any additional approvals needed for this change?
Dependency Review
✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
| Package | Version | Score | Details |
|---|
Scanned Manifest Files
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Test Results
1 287 tests +40 1 283 :white_check_mark: +40 7m 32s :stopwatch: -6s 168 suites + 6 4 :zzz: ± 0 168 files + 6 0 :x: ± 0
Results for commit 64b1f226. ± Comparison against base commit 7895c629.
This pull request removes 9 and adds 49 tests. Note that renamed tests count towards both.
gov.cdc.prime.router.azure.BlobAccessTests ‑ copy blob()
gov.cdc.prime.router.azure.ReportFunctionTests ‑ getReceiver()
gov.cdc.prime.router.azure.ReportFunctionTests ‑ processFhirDataRequest no environment, receiver name, or org name and output format blank()
gov.cdc.prime.router.fhirengine.azure.FHIRTranslatorIntegrationTests ‑ successfully translate for HL7 receiver with enrichments when isSendOriginal is false()
gov.cdc.prime.router.fhirengine.engine.FhirTranslatorTests ‑ test receiver enrichment()
gov.cdc.prime.router.fhirengine.utils.HL7ReaderTests ‑ get getMessages can parse a message that uses the deprecated CE type in OBX2()
gov.cdc.prime.router.fhirengine.utils.HL7ReaderTests ‑ get getMessages no mapped models()
gov.cdc.prime.router.fhirengine.utils.HL7ReaderTests ‑ get getMessages v27 succeeds()
gov.cdc.prime.router.fhirengine.utils.HL7ReaderTests ‑ test getMessageProfile()
cli.ProcessFhirCommandsTests ‑ applyConditionFilters - with filter errors()
cli.ProcessFhirCommandsTests ‑ applyConditionFilters()
cli.ProcessFhirCommandsTests ‑ evaluateReceiverFilters - with filter errors()
cli.ProcessFhirCommandsTests ‑ evaluateReceiverFilters()
cli.ProcessFhirCommandsTests ‑ handleReceiverFilters()
gov.cdc.prime.router.ReceiverTests ‑ test MAJURO receiver timezone()
gov.cdc.prime.router.azure.ReportFunctionTests ‑ processFhirDataRequest nonCLI request in staging without access token should fail()
gov.cdc.prime.router.azure.ReportFunctionTests ‑ processFhirDataRequest receiver name, or org name and output format blank()
gov.cdc.prime.router.azure.ReportFunctionTests ‑ return ack if requested and enabled()
gov.cdc.prime.router.azure.SenderFunctionTest ‑ test SenderFunction conditionCodeComparisonPostRequest exception error()
…
:recycle: This comment has been updated with latest results.
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Integration Test Results
62 files 62 suites 32m 56s :stopwatch: 390 tests 380 :white_check_mark: 10 :zzz: 0 :x: 393 runs 383 :white_check_mark: 10 :zzz: 0 :x:
Results for commit e82d0db2.
Branch deployed to Chromatic 🚀.
- ⚠️ Detected 0 tests with visual changes.
- ✅ All tests passed.
View via:
- Chromatic: https://www.chromatic.com/build?appId=6419b81d4a47163c3050f14a&number=1581
- Storybook: https://6419b81d4a47163c3050f14a-kzkdumigib.chromatic.com/
⚠️ Broken Links ⚠️
❌ https://www.hhs.gov/vulnerability-disclosure-policy/index.html
Error: Request failed with status code 403
❌ https://www.fedramp.gov/program-basics/
Error: Request failed with status code 404
❌ /assets/xlsm/20241204_ReportStream-Mapping-Template.xlsm
Error: Internal link: Page error
❌ https://www.cdc.gov/poxvirus/mpox/lab-personnel/report-results.html
Error: Request failed with status code 404