Skip to content

Ai integration prototype#969

Open
sMeilbeck wants to merge 34 commits intodevfrom
AI-integration-prototype
Open

Ai integration prototype#969
sMeilbeck wants to merge 34 commits intodevfrom
AI-integration-prototype

Conversation

@sMeilbeck
Copy link
Collaborator

@sMeilbeck sMeilbeck commented Dec 2, 2025

No description provided.

sMeilbeck added 30 commits June 24, 2025 16:55
@sMeilbeck
stash - waiting for ngx-owl.carousel-o fix
e65ecf6
@sMeilbeck
frontend node notice
295b827
@sMeilbeck
in between update
33a8c7c
@sMeilbeck
update Jest and other packages
e10b292
@sMeilbeck
Run Story + webkit fix for seleniumDriver
16aa4d0
@sMeilbeck
Adjusting CI Test Node version by removing 18 and adding 24
949b4f9
@sMeilbeck
initial commit
baa7406
@sMeilbeck
log backend problem
2a3eef8
@sMeilbeck
testing health check and waiting for dependance in docker-test
700b0c6
@sMeilbeck
removed version in docker-test; reintroduced db service
8d48284
@sMeilbeck
localhost to db
561226d
@sMeilbeck
trying new Github Action secret
2c6fe3c
@sMeilbeck
change environment setup
e0c71de
@sMeilbeck
Anpassung env beim sanity check
7329863
@sMeilbeck
change to MS_TEAMS_WEBHOOK_URI_TEST
456bece
@sMeilbeck
initial working integration (with some mocking)
d68e1d8
@sMeilbeck
Generation of multiple storys in a queue. Better user notifications
f983203
@sMeilbeck
stash
506dc45
@sMeilbeck
removed auto-merge, fixed save scenario
d189e5a
@sMeilbeck
basic implementation of user defined models/provider, bug fixes
72f0c90
@sMeilbeck
stash
8fe2594
@sMeilbeck
stash 24.10
c7e1103
@sMeilbeck
finalize serverHelper reduction
09b2f8f
@sMeilbeck
stash .ts to .js
d3bf81d
@sMeilbeck
parts still buggy, but stash
1698025
@sMeilbeck
fix aiConfig definition
8d7ab9a
@sMeilbeck
frontend fixes for AI
f3c5fcb
@sMeilbeck
story data fixes, migration from example to MultipleScenario upon sce…
4d5f87a 
…nario update
@sMeilbeck
miscellaneous fixes mainly focusing on import
cb99a68
@sMeilbeck
fix 3-button Add step selection in background
d0249c2
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 2, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
5 Security Hotspots
E Security Rating on New Code (required ≥ A)
D Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 2, 2025
View reviewed changes
backend/src/controllers/report.controller.ts

// Temporarily write JSON to disk for html-reporter
const tempJsonPath = path.join(process.cwd(), `features/${reportName}.json`);
await fs.promises.writeFile(tempJsonPath, fullReport.jsonReport);

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarQube Cloud
backend/src/controllers/report.controller.ts

// Read HTML and send
const htmlPath = path.join(process.cwd(), `features/${reportName}.html`);
const htmlContent = await fs.promises.readFile(htmlPath, 'utf8');

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarQube Cloud
backend/src/controllers/report.controller.ts
res.json({ htmlFile: htmlContent, reportId: fullReport._id }); // Send HTML content

// Clean up temporary files
await fs.promises.unlink(tempJsonPath).catch(err => console.error(`Failed to delete temp JSON: ${err}`));

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarQube Cloud
backend/src/controllers/report.controller.ts

// Clean up temporary files
await fs.promises.unlink(tempJsonPath).catch(err => console.error(`Failed to delete temp JSON: ${err}`));
await fs.promises.unlink(htmlPath).catch(err => console.error(`Failed to delete temp HTML: ${err}`)); // Optional: keep HTML?

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarQube Cloud
backend/src/controllers/sanity.controller.ts
} catch (error) {
// Ensure temporary group folder is cleaned up on error if created
if (req.body?.name && fs.existsSync(path.join(process.cwd(), 'features', req.body.name))) {
fs.rm(path.join(process.cwd(), 'features', req.body.name), { recursive: true, force: true }, (err) => {

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarQube Cloud
backend/src/services/import-export.service.ts
): Promise<{ success: boolean }> {
const client = await dbConnector.establishConnection();
const session = client.startSession();
const zip = new AdmZip(file.buffer);

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarQube Cloud
backend/src/controllers/jira.controller.ts
const authString = externalAccountService.buildAuthString(jiraAccountName, jiraPassword, jiraAuthMethod);
const options = { method: 'GET', headers: { 'Authorization': authString }};
const jiraURL = `https://${jiraHost}/rest/auth/1/session`;
const response = await fetch(jiraURL, options);

Check warning

Code scanning / SonarCloud

Server-side requests should not be vulnerable to forging attacks Medium

Change this code to not construct the URL from user-controlled data. See more on SonarQube Cloud
backend/src/controllers/jira.controller.ts
}
};

const response = await fetch(url.toString(), options);

Check warning

Code scanning / SonarCloud

Server-side requests should not be vulnerable to traversing attacks Medium

Change this code to not construct the URL's path from user-controlled data. See more on SonarQube Cloud
backend/src/services/xray.service.ts

// 3. Send DELETE request to XRay
console.log(`Sending XRay DELETE request to: ${url}`);
const response = await fetch(url, options);

Check warning

Code scanning / SonarCloud

Server-side requests should not be vulnerable to traversing attacks Medium

Change this code to not construct the URL's path from user-controlled data. See more on SonarQube Cloud
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sMeilbeck