[Prod] Resolve email notifications issue; handle Unix timestamp disclosure; reset RTR goals filter on changes; address warnings

.circleci/config.yml

@@ -643,7 +643,7 @@ jobs:
             python3 -m venv venv
             source venv/bin/activate
             pip install -U pip setuptools wheel
-            pip install -U -r requirements.txt
+            pip install -U --use-pep517 -r requirements.txt
       - run:
           name: Check python version compatibility  with buildpack
           command: |
@@ -902,6 +902,9 @@ jobs:
     steps:
       - attach_workspace:
           at: .
+      - run:
+          name: Clean previous reports
+          command: rm -rf reports/*
       - run:
           name: Start up local server
           command: ./bin/prod-style-server
@@ -917,8 +920,11 @@ jobs:
       - run:
           name: Run OWASP ZAP
           command: ./bin/run-owasp-scan
+      - run:
+          name: Run Node.js cleaning script
+          command: node src/tools/clean-zap-report.js reports/owasp_report_.html reports/owasp_report_cleaned.html
       - store_artifacts:
-          path: reports/owasp_report.html
+          path: reports/owasp_report_cleaned.html
     resource_class: large
   deploy:
     executor: docker-executor

bin/run-owasp-scan

@@ -26,4 +26,4 @@ docker run \
   --network=$network \
   -t softwaresecurityproject/zap-stable:latest zap-baseline.py \
   -t http://server:8080 \
-  -c zap.conf -I -i -r owasp_report.html
+  -c zap.conf -I -i -r owasp_report_.html

docker-compose.override.yml

@@ -61,7 +61,7 @@ services:
     image: softwaresecurityproject/zap-stable:latest
     platform: linux/arm64
     user: zap
-    command: zap-full-scan.py -t http://backend:8080 -c zap.conf  -i -r owasp_report.html
+    command: zap-full-scan.py -t http://backend:8080 -c zap.conf  -i -r owasp_report_.html
     volumes:
       - ./zap.conf:/zap/wrk/zap.conf:ro
       - ./reports:/zap/wrk:rw

frontend/package.json

@@ -58,7 +58,8 @@
     "sass": "^1.51.0",
     "url-join": "^4.0.1",
     "use-deep-compare-effect": "^1.6.1",
-    "uuid": "^8.3.2"
+    "uuid": "^8.3.2",
+    "micromatch": "^4.0.7"
   },
   "engines": {
     "node": "18.20.3"

frontend/src/components/GoalCards/GoalDataController.js

@@ -72,6 +72,7 @@ function GoalDataController({
   const [logs, setLogs] = useState([]);
   const [logsLoaded, setLogsLoaded] = useState(false);
   const { setIsAppLoading, isAppLoading } = useContext(AppLoadingContext);
+  const [currentFilters, setCurrentFilters] = useState(filtersToQueryString(filters));
 
   useEffect(() => {
     let isLoaded = false;
@@ -145,6 +146,17 @@ function GoalDataController({
       }
     }
     const filterQuery = filtersToQueryString(filters);
+
+    // If filters is different from currentFilters, then reset the activePage and Offset.
+    if (filterQuery !== currentFilters) {
+      setSortConfig({
+        ...sortConfig,
+        activePage: 1,
+        offset: 0,
+      });
+      setCurrentFilters(filterQuery);
+    }
+
     fetchGoals(filterQuery);
   }, [
     sortConfig,

frontend/src/pages/RecipientRecord/pages/__tests__/GoalsObjectives.js

@@ -223,8 +223,12 @@ describe('Goals and Objectives', () => {
     // Default with 2 Rows.
     const goalsUrl = `/api/recipient/401/region/1/goals?sortBy=goalStatus&sortDir=asc&offset=0&limit=5&createDate.win=${yearToDate}`;
     fetchMock.get(goalsUrl,
-      { count: 2, goalRows: noFilterGoals, statuses: defaultStatuses }, { overwriteRoutes: true });
-
+      {
+        count: 2,
+        goalRows: noFilterGoals,
+        statuses: defaultStatuses,
+        allGoalIds: [],
+      }, { overwriteRoutes: true });
     act(() => renderGoalsAndObjectives());
 
     expect(await screen.findByText(/1-2 of 2/i)).toBeVisible();
@@ -247,6 +251,112 @@ describe('Goals and Objectives', () => {
     expect(notStartedStatuses.length).toBe(5);
   });
 
+  it('resets the page number when filters change', async () => {
+    // CLear all mocks.
+    fetchMock.restore();
+
+    // Default with 2 Rows.
+    let goalsUrl = '/api/recipient/401/region/1/goals?sortBy=goalStatus&sortDir=asc&offset=0&limit=10&status.in[]=Not%20started';
+    fetchMock.get(goalsUrl,
+      {
+        count: 11,
+        allGoalIds: [
+          { id: 1 },
+          { id: 2 },
+          { id: 3 },
+          { id: 4 },
+          { id: 5 },
+          { id: 6 },
+          { id: 7 },
+          { id: 8 },
+          { id: 9 },
+          { id: 10 },
+          { id: 11 }],
+        goalRows: [
+          { ...noFilterGoals[0], id: 1 },
+          { ...noFilterGoals[0], id: 2 },
+          { ...noFilterGoals[0], id: 3 },
+          { ...noFilterGoals[0], id: 4 },
+          { ...noFilterGoals[0], id: 5 },
+          { ...noFilterGoals[0], id: 6 },
+          { ...noFilterGoals[0], id: 7 },
+          { ...noFilterGoals[0], id: 8 },
+          { ...noFilterGoals[0], id: 9 },
+          { ...noFilterGoals[0], id: 10 },
+          { ...noFilterGoals[0], id: 11 },
+        ],
+        statuses: defaultStatuses,
+      },
+      { overwriteRoutes: true });
+
+    act(() => renderGoalsAndObjectives());
+
+    expect(await screen.findByText(/Showing 1-10 of 11 goals/i)).toBeVisible();
+
+    // Go to the next page.
+    goalsUrl = '/api/recipient/401/region/1/goals?sortBy=goalStatus&sortDir=asc&offset=10&limit=10&status.in[]=Not%20started';
+    fetchMock.get(goalsUrl,
+      {
+        count: 11,
+        allGoalIds: [
+          { id: 1 },
+          { id: 2 },
+          { id: 3 },
+          { id: 4 },
+          { id: 5 },
+          { id: 6 },
+          { id: 7 },
+          { id: 8 },
+          { id: 9 },
+          { id: 10 },
+          { id: 11 }],
+        goalRows: [
+          { ...noFilterGoals[0], id: 11 },
+        ],
+        statuses: defaultStatuses,
+      }, { overwriteRoutes: true });
+
+    const pageTwo = await screen.findByRole('link', { name: /go to page number 2/i });
+    userEvent.click(pageTwo);
+
+    expect(await screen.findByText(/Showing 11-11 of 11 goals/i)).toBeVisible();
+
+    // Change Filter and Apply.
+    userEvent.click(await screen.findByRole('button', { name: /open filters for this page/i }));
+
+    userEvent.selectOptions(await screen.findByRole('combobox', { name: 'topic' }), 'status');
+    userEvent.selectOptions(await screen.findByRole('combobox', { name: 'condition' }), 'is');
+
+    const statusSelect = await screen.findByLabelText(/select status to filter by/i);
+    await selectEvent.select(statusSelect, ['Draft']);
+
+    goalsUrl = '/api/recipient/401/region/1/goals?sortBy=goalStatus&sortDir=asc&offset=0&limit=10&status.in[]=Not%20started&status.in[]=Draft';
+    fetchMock.get(goalsUrl,
+      {
+        count: 1,
+        allGoalIds: [
+          { id: 1 },
+        ],
+        goalRows: [
+          { ...noFilterGoals[0], id: 11 },
+        ],
+        statuses: defaultStatuses,
+      }, { overwriteRoutes: true });
+
+    const apply = await screen.findByRole('button', { name: /apply filters to goals/i });
+    userEvent.click(apply);
+
+    // Expect the goalsUrl to have been called.
+    expect(fetchMock.called(goalsUrl)).toBe(true);
+
+    // Expect 1 Row.
+    expect(await screen.findByText(/Showing 1-1 of 1 goals/i)).toBeVisible();
+    // Expect go to page number 1 to be visible.
+    expect(await screen.findByRole('link', { name: /go to page number 1/i })).toBeVisible();
+    // expect go to page number 2 to not be visible.
+    expect(screen.queryByRole('link', { name: /go to page number 2/i })).toBeNull();
+  });
+
   it('renders correctly when filter is removed', async () => {
     act(() => renderGoalsAndObjectives());
     const removeFilter = await screen.findByRole('button', { name: /this button removes the filter/i });
@@ -362,6 +472,7 @@ describe('Goals and Objectives', () => {
 
     expect(await screen.findByText(/Unable to fetch goals/i)).toBeVisible();
   });
+  /// 2
 
   it('adjusts items per page', async () => {
     fetchMock.restore();

frontend/yarn.lock

@@ -8320,6 +8320,14 @@ micromatch@^4.0.2, micromatch@^4.0.4, micromatch@^4.0.5:
     braces "^3.0.2"
     picomatch "^2.3.1"
 
+micromatch@^4.0.7:
+  version "4.0.7"
+  resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.7.tgz#33e8190d9fe474a9895525f5618eee136d46c2e5"
+  integrity sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==
+  dependencies:
+    braces "^3.0.3"
+    picomatch "^2.3.1"
+
 [email protected], "mime-db@>= 1.43.0 < 2":
   version "1.52.0"
   resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"

package.json

@@ -129,7 +129,8 @@
     "http-cache-semantics": "^4.1.1",
     "xml2js": "^0.5.0",
     "semver": "^7.5.3",
-    "tough-cookie": "^4.1.3"
+    "tough-cookie": "^4.1.3",
+    "micromatch": "^4.0.7"
   },
   "eslintConfig": {
     "extends": [

similarity_api/src/requirements.txt

@@ -25,7 +25,7 @@ preshed==3.0.8
 psycopg2==2.9.7
 pydantic==2.4.0
 pydantic-core==2.10.0
-requests==2.32.0
+requests==2.32.3
 scikit-learn==1.5.0
 scipy==1.11.1
 smart-open==6.3.0

src/lib/mailer/index.js

@@ -1014,7 +1014,7 @@ export const processNotificationQueue = () => {
   notificationQueue.process(
     EMAIL_ACTIONS.NEEDS_ACTION,
     transactionQueueWrapper(
-      notifyApproverAssigned,
+      notifyChangesRequested,
       EMAIL_ACTIONS.NEEDS_ACTION,
     ),
   );
@@ -1030,23 +1030,23 @@ export const processNotificationQueue = () => {
   notificationQueue.process(
     EMAIL_ACTIONS.APPROVED,
     transactionQueueWrapper(
-      notifyApproverAssigned,
+      notifyReportApproved,
       EMAIL_ACTIONS.APPROVED,
     ),
   );
 
   notificationQueue.process(
     EMAIL_ACTIONS.COLLABORATOR_ADDED,
     transactionQueueWrapper(
-      notifyApproverAssigned,
+      notifyCollaboratorAssigned,
       EMAIL_ACTIONS.COLLABORATOR_ADDED,
     ),
   );
 
   notificationQueue.process(
     EMAIL_ACTIONS.RECIPIENT_REPORT_APPROVED,
     transactionQueueWrapper(
-      notifyApproverAssigned,
+      notifyRecipientReportApproved,
       EMAIL_ACTIONS.RECIPIENT_REPORT_APPROVED,
     ),
   );