code review feedback

2026-02-02 17:31:14 -05:00 · 2025-02-10 11:05:41 -08:00
parent dae0f9cf6d 1cbd40f36b
commit 4a742a8873
9 changed files with 33 additions and 6 deletions
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -91,4 +91,4 @@ jobs:
          fail_action: true
          allow_issue_writing: false
          rules_file_name: 'zap.conf'
-          cmd_options: '-I -d'
+          cmd_options: '-I'
--- a/app/init.py
+++ b/app/init.py
@@ -286,6 +286,13 @@ def init_app(app):
    @app.after_request
    def after_request(response):
        response.headers.add("X-Content-Type-Options", "nosniff")
+
+        # Some dynamic scan findings
+        response.headers.add("Cross-Origin-Opener-Policy", "same-origin")
+        response.headers.add("Cross-Origin-Embedder-Policy", "require-corp")
+        response.headers.add("Cross-Origin-Resource-Policy", "same-origin")
+        response.headers.add("Cross-Origin-Opener-Policy", "same-origin")
+
        return response

    @app.errorhandler(Exception)
--- a/app/celery/nightly_tasks.py
+++ b/app/celery/nightly_tasks.py
@@ -52,7 +52,8 @@ def cleanup_unfinished_jobs():
        # The query already checks that the processing_finished time is null, so here we are saying
        # if it started more than 4 hours ago, that's too long
        try:
-            acceptable_finish_time = job.processing_started + timedelta(minutes=5)
+            if job.processing_started is not None:
+                acceptable_finish_time = job.processing_started + timedelta(minutes=5)
        except TypeError:
            current_app.logger.exception(
                f"Job ID {job.id} processing_started is {job.processing_started}.",
--- a/app/commands.py
+++ b/app/commands.py
@@ -846,6 +846,19 @@ def create_new_service(name, message_limit, restricted, email_from, created_by_i
        db.session.rollback()


+@notify_command(name="get-service-sender-phones")
+@click.option("-s", "--service_id", required=True, prompt=True)
+def get_service_sender_phones(service_id):
+    sender_phone_numbers = """
+            select sms_sender, is_default
+            from service_sms_senders
+            where service_id = :service_id
+        """
+    rows = db.session.execute(text(sender_phone_numbers), {"service_id": service_id})
+    for row in rows:
+        print(row)
+
+
@notify_command(name="promote-user-to-platform-admin")
@click.option("-u", "--user-email-address", required=True, prompt=True)
 def promote_user_to_platform_admin(user_email_address):
--- a/app/dao/notifications_dao.py
+++ b/app/dao/notifications_dao.py
@@ -270,7 +270,6 @@ def get_notifications_for_job(
 def get_recent_notifications_for_job(
    service_id, job_id, filter_dict=None, page=1, page_size=None
 ):
-    print(f"FILTER_DICT AT DAO LEVEL {filter_dict}")
    if page_size is None:
        page_size = current_app.config["PAGE_SIZE"]

@@ -281,7 +280,6 @@ def get_recent_notifications_for_job(

    stmt = _filter_query(stmt, filter_dict)
    stmt = stmt.order_by(desc(Notification.job_row_number))
-    print(f"STMT {stmt}")
    results = db.session.execute(stmt).scalars().all()

    page_size = current_app.config["PAGE_SIZE"]
--- a/app/job/rest.py
+++ b/app/job/rest.py
@@ -128,7 +128,6 @@ def get_all_notifications_for_service_job(service_id, job_id):
@job_blueprint.route("/<job_id>/recent_notifications", methods=["GET"])
 def get_recent_notifications_for_service_job(service_id, job_id):
    data = notifications_filter_schema.load(request.args)
-    print(f"DATA COMING IN AT REST LEVEL IS {data}")
    page = data["page"] if "page" in data else 1
    page_size = (
        data["page_size"]
--- a/application.py
+++ b/application.py
@@ -2,9 +2,12 @@
 from __future__ import print_function

 from flask import Flask
+from werkzeug.serving import WSGIRequestHandler

 from app import create_app

+WSGIRequestHandler.version_string = lambda self: "SecureServer"
+
 application = Flask("app")

 create_app(application)
--- a/notifications_utils/request_helper.py
+++ b/notifications_utils/request_helper.py
@@ -76,6 +76,11 @@ class ResponseHeaderMiddleware(object):
                if SPAN_ID_HEADER.lower() not in lower_existing_header_names:
                    headers.append((SPAN_ID_HEADER, str(req.span_id)))

+                headers = [
+                    (key, value)
+                    for key, value in headers
+                    if key.lower() not in ["server", "last-modified"]
+                ]
                return start_response(status, headers, exc_info)

            return self._app(environ, rewrite_response_headers)
--- a/zap.conf
+++ b/zap.conf
@@ -50,7 +50,7 @@
 10061	WARN	(X-AspNet-Version Response Header - Passive/release)
 10062	FAIL	(PII Disclosure - Passive/beta)
 10095	IGNORE	(Backup File Disclosure - Active/beta)
-10096	WARN	(Timestamp Disclosure - Passive/release)
+10096	IGNORE	(Timestamp Disclosure - Passive/release)
 10097	WARN	(Hash Disclosure - Passive/beta)
 10098	WARN	(Cross-Domain Misconfiguration - Passive/release)
 10104	WARN	(User Agent Fuzzer - Active/beta)
@@ -119,3 +119,4 @@
 90030	WARN	(WSDL File Detection - Passive/alpha)
 90033	WARN	(Loosely Scoped Cookie - Passive/release)
 90034	WARN	(Cloud Metadata Potentially Exposed - Active/beta)
+100001	IGNORE	(Unexpected Content-Type was returned)