Skip to content

anonymization changes for review#49

Open
uvin-theminda wants to merge 3 commits intoRedback-Operations:mainfrom
uvin-theminda:feat/anonymization-test
Open

anonymization changes for review#49
uvin-theminda wants to merge 3 commits intoRedback-Operations:mainfrom
uvin-theminda:feat/anonymization-test

Conversation

@uvin-theminda
Copy link

@uvin-theminda uvin-theminda commented Sep 26, 2025

Added anonymization logic to profile endpoint (api/profile.py).
This PR is for testing and review by Riley.
Changes:

  • Introduced anonymize_user_record helper.
  • Modified GET /api/profile to return anonymized fields.
  • Verified backend returns expected data via curl.
  • ProfilePage.tsx updated accordingly.

@github-actions
Copy link

github-actions bot commented Sep 26, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-09-26 08:45:49.092552

Test results:
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
   Severity: Medium   Confidence: Low
   CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b608_hardcoded_sql_expressions.html
   Location: ./test_vul.py:16:12
15	    password = request.form['password']
16	    query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
17	    conn = sqlite3.connect('users.db')

--------------------------------------------------
>> Issue: [B201:flask_debug_true] A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.
   Severity: High   Confidence: Medium
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b201_flask_debug_true.html
   Location: ./test_vul.py:31:4
30	if __name__ == "__main__":
31	    app.run(debug=True)

--------------------------------------------------

Code scanned:
	Total lines of code: 650
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 1
		Medium: 1
		High: 1
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 2
		High: 0
Files skipped (0):

Dependency Check Results:
-----------------------

⛔️ Critical vulnerabilities detected. Please review and address these security issues before merging.

Next Steps:

  1. Review each critical finding above and fix them according to OWASP top 10 mitigations.

raymondchoy14
raymondchoy14 approved these changes Dec 6, 2025
View reviewed changes
Copy link

@raymondchoy14 raymondchoy14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raymondchoy14 raymondchoy14 raymondchoy14 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@uvin-theminda @raymondchoy14