Risk Insights persistance feature outline

[Banrion]

📔 Objective

This pull request creates an outline for shared requirements across the services and angular components.

The outline references changes already made that will be split into three branches that capture the scope of the jira tickets.

PM-20578
Api service - responsible for interacting with the api- making the save and the get calls

PM-20579
Report service - responsible for taking the data from the api and manipulating it into the reports
Encryption service - consumes data from the report service to handle decryption and encryption

PM-20580
Risk insights data service - responsible for shared component variables
Client side code - update angular components

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Checkmarx One – Scan Summary & Details – f45b7d5b-0e12-40ba-99f6-cbffd604f458

New Issues (48)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-40643	Npm-htmlparser2-3.10.1	details Recommended version: 5.0.0 Description: Joplin is a free, open-source note-taking and to-do application. Joplin fails to consider that "<" followed by a non-letter character will not be c... Attack Vector: NETWORK Attack Complexity: LOW ID: 0KjWh5Hr5PgjmSStJpCcVGkIKoxHKRYo1Z6Vo5ZlgLk%3D Vulnerable Package
	Absolute_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 334	details Method Lambda at line 334 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... ID: u%2Bq8kEU80HsgITKEkY0Ddou0kYc%3D Attack Vector
	Absolute_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 302	details Method Lambda at line 302 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... ID: ZszmkoDuF76FJFAInDVglX87Lcw%3D Attack Vector
	Absolute_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 302	details Method Lambda at line 302 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... ID: O7x%2F0wLkSm66%2FycU3W6TFugqPuM%3D Attack Vector
	Absolute_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 334	details Method Lambda at line 334 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... ID: pgQhiWjQOOLU5MJq%2BHEC6M92XGI%3D Attack Vector
	CVE-2025-47935	Npm-multer-1.4.5-lts.2	details Recommended version: 2.0.1 Description: Multer is a Node.js middleware for handling "multipart/form-data". In versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory le... Attack Vector: NETWORK Attack Complexity: LOW ID: WcM7a2Wy8m7x5ks6ci94Eb9YK3r4bKkNf4IG23OBwio%3D Vulnerable Package
	CVE-2025-47944	Npm-multer-1.4.5-lts.2	details Recommended version: 2.0.1 Description: Multer is a Node.js middleware for handling "multipart/form-data". A vulnerability that is present in versions 1.0.0 through 1.4.5-lts.2, and 2.0.0... Attack Vector: NETWORK Attack Complexity: LOW ID: 4ZF3uVShtc7LyGb5Pa1i%2B7H7Uo4kSBbohVRWgIKzt6Q%3D Vulnerable Package
	CVE-2025-48997	Npm-multer-1.4.5-lts.2	details Recommended version: 2.0.1 Description: Multer is a Node.js middleware for handling "multipart/form-data". A vulnerability allows an attacker to trigger a Denial of Service (DoS) by sendi... Attack Vector: NETWORK Attack Complexity: LOW ID: IPelG7YjuRRXitByiFHBokBDscnrnZ8WszIrjoxKAK4%3D Vulnerable Package
	CVE-2025-5068	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Use After Free in Blink in Google Chrome versions prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a cra... Attack Vector: NETWORK Attack Complexity: LOW ID: IUNqQTVTbld104RJ9jxg2aaP0AMteZhaSoHmvWjjZfM%3D Vulnerable Package
	CVE-2025-5280	Npm-electron-36.4.0	details Recommended version: 37.0.0 Description: Out-of-bounds Write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HT... Attack Vector: NETWORK Attack Complexity: LOW ID: sSW4iCaPrchpKB2bzftIA3RfeIjXd5bsxFE9mVUiAVs%3D Vulnerable Package
	CVE-2025-5419	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Out-of-bounds Read and Write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a c... Attack Vector: NETWORK Attack Complexity: LOW ID: E1aOUsq5B5T99Daxp3i7u7PavoeziMaHpp%2FeZNFwu34%3D Vulnerable Package
	CVE-2025-5958	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Use After Free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM... Attack Vector: NETWORK Attack Complexity: LOW ID: cy7CXP%2FG2HyE95jBIgUen23xcueoRQL7k8d2AFl%2Bfz4%3D Vulnerable Package
	CVE-2025-5959	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT... Attack Vector: NETWORK Attack Complexity: LOW ID: UhPIxXXTTKP%2F8s2lWTdH5ibzQtSmEcy7KhTmcPRAvpM%3D Vulnerable Package
	CVE-2025-6191	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Integer Overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out-of-bounds memory access via a ... Attack Vector: NETWORK Attack Complexity: LOW ID: U7CuOwtQfBQZpvqH85jg6auJ9E1Xrk%2FJ9%2Fd3e4JuvTA%3D Vulnerable Package
	CVE-2025-6192	Npm-electron-36.4.0	details Recommended version: 37.0.0 Description: Use After Free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted H... Attack Vector: NETWORK Attack Complexity: LOW ID: y8Da5LI4qcwf6cwq6%2FH%2Fz2763i%2FAVFwdoqayBwRAWg4%3D Vulnerable Package
	Client_DOM_XSS	/apps/web/src/connectors/redirect.ts: 6	details The method Lambda embeds untrusted data in generated output with href, at line 16 of /apps/web/src/connectors/redirect.ts. This untrusted data is... ID: J8h77eFiSWyRh3XTl0AMwUPdp0s%3D Attack Vector
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW ID: vk5kP2JJkn96dxYsxvtYRJ%2B3eO%2FYfW%2FfPrr5oPC5xFw%3D Vulnerable Package
	Relative_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 371	details Method Lambda at line 371 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... ID: %2BhkfV10LUkB5qp%2BCL%2Bh9k0uQSBg%3D Attack Vector
	Relative_Path_Traversal	/apps/cli/src/oss-serve-configurator.ts: 371	details Method Lambda at line 371 of /apps/cli/src/oss-serve-configurator.ts gets dynamic data from the query element. This element’s value then flows ... ID: te4BuMJMC34bGrJHkPfNl3YB%2BrY%3D Attack Vector
	CVE-2025-30359	Npm-webpack-dev-server-5.2.0	details Recommended version: 5.2.1 Description: The webpack-dev-server allows users to use webpack with a development server that provides live reloading. The webpack-dev-server users' source cod... Attack Vector: NETWORK Attack Complexity: HIGH ID: ECfLGvKfkD7l9QdX337OjlKTZkXWo4gixuZN1%2F9rSkc%3D Vulnerable Package
	CVE-2025-30360	Npm-webpack-dev-server-5.2.0	details Recommended version: 5.2.1 Description: Webpack-dev-server allows users to use webpack with a development server that provides live reloading. Webpack-dev-server users' source code may b... Attack Vector: NETWORK Attack Complexity: LOW ID: vObiTvr4LOv7iAOSimvIYCjYJZSF%2F7vOPiQHKymedIo%3D Vulnerable Package
	CVE-2025-5064	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data vi... Attack Vector: NETWORK Attack Complexity: LOW ID: 7ri5LsFaCqIy3yuUcPUcamJVLyfqoFfPLj6frW17Q%2B8%3D Vulnerable Package
	CVE-2025-5065	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a... Attack Vector: NETWORK Attack Complexity: LOW ID: pf0IICAKypFn4Gk3QoKzyrJraZdZgLcJoWMGfMfBk2o%3D Vulnerable Package
	CVE-2025-5066	Npm-electron-36.4.0	details Recommended version: 37.0.0 Description: Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engag... Attack Vector: NETWORK Attack Complexity: LOW ID: vZ6FwOtXqB01hGKdtgMK%2BuVHUeUy%2F8b%2Fp2QikfRO2%2Bg%3D Vulnerable Package
	CVE-2025-5281	Npm-electron-36.4.0	details Recommended version: 36.5.0 Description: Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information vi... Attack Vector: NETWORK Attack Complexity: LOW ID: 1eJbOzfSOazyi1sU6A4a1NqIn09fEJ4Fswvv5P7C2Vo%3D Vulnerable Package
	CVE-2025-5283	Npm-electron-36.4.0	details Recommended version: 37.0.0 Description: Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTM... Attack Vector: NETWORK Attack Complexity: LOW ID: HN58L3PhZqTwII5pDYP9go9BrPDMIcMhY0e5qenzc14%3D Vulnerable Package
	CVE-2025-6555	Npm-electron-36.4.0	details Description: Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted ... Attack Vector: NETWORK Attack Complexity: LOW ID: lO1RtKXuoTi0BkhIks93ZqXo8zQfg%2F6e6gdWUs6aYM4%3D Vulnerable Package
	CVE-2025-6556	Npm-electron-36.4.0	details Description: Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a... Attack Vector: NETWORK Attack Complexity: LOW ID: n1GAs%2F67bJFNPN%2FF3FbM1w1TDg2jPW9XToeqyzZGobQ%3D Vulnerable Package
	CVE-2025-6557	Npm-electron-36.4.0	details Description: Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engag... Attack Vector: NETWORK Attack Complexity: LOW ID: Zl8QRiP2I5dwpsppL%2FDdYM8sDkpsGnnC19eSQRA532w%3D Vulnerable Package
	Client_DOM_Open_Redirect	/apps/web/src/connectors/redirect.ts: 6	details The potentially tainted value provided by href in /apps/web/src/connectors/redirect.ts at line 6 is used as a destination URL by href in /apps/web... ID: ERUIOf8nz7H9qTeJgj9br44RfOU%3D Attack Vector
	Client_DOM_Open_Redirect	/apps/desktop/src/auth/scripts/duo.js: 277	details The potentially tainted value provided by substring in /apps/desktop/src/auth/scripts/duo.js at line 277 is used as a destination URL by open in /... ID: 0J7MONsxfaUSQFRMXNuzAJ0kfRE%3D Attack Vector
	HttpOnly_Cookie_Flag_Not_Set	/apps/web/src/connectors/sso.ts: 37	details The web application's initiateBrowserSso method creates a cookie cookie, at line 37 of /apps/web/src/connectors/sso.ts, and returns it in the resp... ID: GaFGH21C7jMu1QpVRaBCDH%2Bd0W8%3D Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/commands/get.command.ts: 405	details The application takes sensitive, personal data cipher, found at line 405 of /apps/cli/src/commands/get.command.ts, and stores it in an unprotecte... ID: q7HHydnpXhACzwE4xIueYeF8zso%3D Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/commands/get.command.ts: 404	details The application takes sensitive, personal data cipherService, found at line 404 of /apps/cli/src/commands/get.command.ts, and stores it in an unp... ID: n%2BaXc6CneE7FbAK0qCWs1kYCUVQ%3D Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/tools/export.command.ts: 75	details The application takes sensitive, personal data password, found at line 75 of /apps/cli/src/tools/export.command.ts, and stores it in an unprotect... ID: ujO3S48DoYDAJ1Cs%2FLyFXOahkU8%3D Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/tools/export.command.ts: 79	details The application takes sensitive, personal data password, found at line 79 of /apps/cli/src/tools/export.command.ts, and stores it in an unprotect... ID: lkBnHxIV9NiZA5ehPMhNSkwSarI%3D Attack Vector
	Insecure_Storage_of_Sensitive_Data	/apps/cli/src/commands/get.command.ts: 389	details The application takes sensitive, personal data cipher, found at line 389 of /apps/cli/src/commands/get.command.ts, and stores it in an unprotecte... ID: %2B9UKP%2ByuVtF893fdkCUTS%2BsJZ8I%3D Attack Vector
	Missing_HSTS_Header	/apps/cli/src/auth/commands/login.command.ts: 679	details The web-application does not define an HSTS header, leaving it vulnerable to attack. ID: WSZpSsoTSrLlZDx0o9kF3SorED8%3D Attack Vector
	Use_of_Broken_or_Risky_Cryptographic_Algorithm	/libs/node/src/services/node-crypto-function.service.ts: 362	details In toNodeCryptoAesMode, the application protects sensitive data using a cryptographic algorithm, "aes-256-ecb", that is considered weak or even t... ID: wAe1lEPOyUMesbINEsSjvvGqu4A%3D Attack Vector
	Angular_Usage_of_Unsafe_DOM_Sanitizer	/apps/desktop/src/app/components/avatar.component.ts: 78	details Usage of an unsafe class bypassSecurityTrustResourceUrl, which overrides output sanitization, was found at /apps/desktop/src/app/components/avatar... ID: RmRXHNEUBCsm490STUuSJBvaQVw%3D Attack Vector
	Angular_Usage_of_Unsafe_DOM_Sanitizer	/libs/components/src/avatar/avatar.component.ts: 92	details Usage of an unsafe class bypassSecurityTrustResourceUrl, which overrides output sanitization, was found at /libs/components/src/avatar/avatar.comp... ID: VI4H41L4c4TnJpMpljg7%2B9YEfZw%3D Attack Vector
	Angular_Usage_of_Unsafe_DOM_Sanitizer	/libs/components/src/icon/icon.component.ts: 24	details Usage of an unsafe class bypassSecurityTrustHtml, which overrides output sanitization, was found at /libs/components/src/icon/icon.component.ts i... ID: 8BNotoA3XEu%2B3TgDXF9hPlWH1W0%3D Attack Vector
	CVE-2024-6531	Npm-bootstrap-4.6.0	details Recommended version: 5.0.0 Description: A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel com... Attack Vector: NETWORK Attack Complexity: HIGH ID: AozrWZ3wYpil6mWnGwXg00mEzXugajKD7JsWiKQr990%3D Vulnerable Package
	Client_Use_Of_Iframe_Without_Sandbox	/apps/browser/src/autofill/overlay/inline-menu/pages/menu-container/autofill-inline-menu-container.ts: 68	details The application employs an HTML iframe at whose contents are not properly sandboxed ID: eC9rGjAaHK3DyR9G%2BtM7mnxXkNU%3D Attack Vector
	Client_Use_Of_Iframe_Without_Sandbox	/apps/browser/src/autofill/overlay/inline-menu/iframe-content/autofill-inline-menu-iframe.service.ts: 87	details The application employs an HTML iframe at whose contents are not properly sandboxed ID: mfl0i7Wn6Zj3Z71nx1CQn0bYd3s%3D Attack Vector
	Cx8bc4df28-fcf5	Npm-debug-3.2.7	details Recommended version: 4.4.0 Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e... Attack Vector: NETWORK Attack Complexity: HIGH ID: EDSkv%2BUAnZEHh3iHxkD2M%2F48c%2Fy9nTVGNNEHIckovSU%3D Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-2.6.9	details Recommended version: 4.4.0 Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e... Attack Vector: NETWORK Attack Complexity: HIGH ID: STjLS5VfYcAhWRqUYgz7cSWZu%2FCMu%2BKI2xczIGhserY%3D Vulnerable Package
	Missing_CSP_Header	/apps/cli/src/auth/commands/login.command.ts: 679	details A Content Security Policy is not explicitly defined within the web-application. ID: lLZgm2yuYYaMNn1QRee4PLSAeIA%3D Attack Vector

[Banrion]

Obselete now