RET-5708 (#1899)

Mike-Brain · web-flow · commit 4a35c8be65a3 · 2025-04-02T12:05:07.000+01:00
* RET-5708

* ensure caseType is 'Single' by default if Multiple is not selected.

* RET-5708

* updated unit tests, adding null test on caseType defaulting to Single

* RET-5708
diff --git a/src/main/controllers/helpers/CaseHelpers.ts b/src/main/controllers/helpers/CaseHelpers.ts
@@ -42,7 +42,7 @@ export const setUserCaseWithRedisData = (req: AppRequest, caseData: string): voi
   req.session.userCase.claimantRepresentedQuestion =
     userDataMap.get(CaseDataCacheKey.CLAIMANT_REPRESENTED) === YesOrNo.YES.toString() ? YesOrNo.YES : YesOrNo.NO;
   req.session.userCase.caseType =
-    userDataMap.get(CaseDataCacheKey.CASE_TYPE) === CaseType.SINGLE.toString() ? CaseType.SINGLE : CaseType.MULTIPLE;
+    userDataMap.get(CaseDataCacheKey.CASE_TYPE) === CaseType.MULTIPLE.toString() ? CaseType.MULTIPLE : CaseType.SINGLE;
   req.session.userCase.typeOfClaim = JSON.parse(userDataMap.get(CaseDataCacheKey.TYPES_OF_CLAIM));
 };
 
diff --git a/src/test/unit/controller/helpers/CaseHelpers.test.ts b/src/test/unit/controller/helpers/CaseHelpers.test.ts
@@ -130,7 +130,7 @@ describe('getSectionStatusForEmployment()', () => {
 describe('setUserCaseWithRedisData', () => {
   it(
     'should set req.session.userCase when setUserCaseWithRedisData is called with correspondent' +
-      'req, and caseData parameters',
+      'req, and caseData parameters with caseType of Multiple',
     () => {
       const req = mockRequest({ session: mockSession([], [], []) });
       const caseData =
@@ -143,20 +143,34 @@ describe('setUserCaseWithRedisData', () => {
       );
     }
   );
+  it(
+    'should set req.session.userCase when setUserCaseWithRedisData is called with correspondent' +
+      'req, and caseData parameters with caseType of null, meaning it defaults to Single',
+    () => {
+      const req = mockRequest({ session: mockSession([], [], []) });
+      const caseData =
+        '[["claimantRepresentedQuestion","No"],["caseType",""],["typeOfClaim","[\\"breachOfContract\\",\\"discrimination\\",\\"payRelated\\",\\"unfairDismissal\\",\\"whistleBlowing\\"]"]]';
+
+      setUserCaseWithRedisData(req, caseData);
 
+      expect(JSON.stringify(req.session.userCase)).toEqual(
+        '{"id":"testUserCaseId","state":"AWAITING_SUBMISSION_TO_HMCTS","typeOfClaim":["breachOfContract","discrimination","payRelated","unfairDismissal","whistleBlowing"],"tellUsWhatYouWant":[],"createdDate":"August 19, 2022","lastModified":"August 19, 2022","claimantRepresentedQuestion":"No","caseType":"Single"}'
+      );
+    }
+  );
   it(
     'should set req.session.userCase when setUserCaseWithRedisData is called with correspondent' +
       'req, and caseData, session.usercase is undefined',
     () => {
       const req = mockRequest({ userCase: undefined, session: mockSession([], [], []) });
       req.session.userCase = undefined;
       const caseData =
-        '[["claimantRepresentedQuestion","No"],["caseType","Multiple"],["typeOfClaim","[\\"breachOfContract\\",\\"discrimination\\",\\"payRelated\\",\\"unfairDismissal\\",\\"whistleBlowing\\"]"]]';
+        '[["claimantRepresentedQuestion","No"],["caseType","Single"],["typeOfClaim","[\\"breachOfContract\\",\\"discrimination\\",\\"payRelated\\",\\"unfairDismissal\\",\\"whistleBlowing\\"]"]]';
 
       setUserCaseWithRedisData(req, caseData);
 
       expect(JSON.stringify(req.session.userCase)).toEqual(
-        '{"claimantRepresentedQuestion":"No","caseType":"Multiple","typeOfClaim":["breachOfContract","discrimination","payRelated","unfairDismissal","whistleBlowing"]}'
+        '{"claimantRepresentedQuestion":"No","caseType":"Single","typeOfClaim":["breachOfContract","discrimination","payRelated","unfairDismissal","whistleBlowing"]}'
       );
     }
   );
diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
@@ -0,0 +1 @@
+{"actions":[],"advisories":{"1101851":{"findings":[{"version":"2.0.1","paths":["puppeteer>@puppeteer/browsers>proxy-agent>socks-proxy-agent>socks>ip","playwright>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","mocha>chokidar>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","codeceptjs>mocha>chokidar>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","codeceptjs>mocha-junit-reporter>mocha>chokidar>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-29415\n- https://github.com/indutny/node-ip/issues/150\n- https://github.com/indutny/node-ip/pull/143\n- https://github.com/indutny/node-ip/pull/144\n- https://security.netapp.com/advisory/ntap-20250117-0010\n- https://github.com/advisories/GHSA-2p57-rm9w-gvfp","created":"2024-06-02T22:29:29.000Z","id":1101851,"npm_advisory_id":null,"overview":"The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.","reported_by":null,"title":"ip SSRF improper categorization in isPublic","metadata":null,"cves":["CVE-2024-29415"],"access":"public","severity":"high","module_name":"ip","vulnerable_versions":"<=2.0.1","github_advisory_id":"GHSA-2p57-rm9w-gvfp","recommendation":"None","patched_versions":"<0.0.0","updated":"2025-01-17T21:31:39.000Z","cvss":{"score":8.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},"cwe":["CWE-918"],"url":"https://github.com/advisories/GHSA-2p57-rm9w-gvfp"},"1103612":{"findings":[{"version":"3.0.4","paths":["puppeteer>@puppeteer/browsers>tar-fs","puppeteer>puppeteer-core>@puppeteer/browsers>tar-fs"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-12905\n- https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed\n- https://github.com/advisories/GHSA-pq67-2wwv-3xjx","created":"2025-03-27T18:31:28.000Z","id":1103612,"npm_advisory_id":null,"overview":"An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.7.","reported_by":null,"title":"tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File","metadata":null,"cves":["CVE-2024-12905"],"access":"public","severity":"high","module_name":"tar-fs","vulnerable_versions":">=3.0.0 <3.0.7","github_advisory_id":"GHSA-pq67-2wwv-3xjx","recommendation":"Upgrade to version 3.0.8 or later","patched_versions":">=3.0.8","updated":"2025-03-28T22:11:43.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},"cwe":["CWE-22"],"url":"https://github.com/advisories/GHSA-pq67-2wwv-3xjx"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":0,"high":7,"critical":0},"dependencies":705,"devDependencies":0,"optionalDependencies":0,"totalDependencies":705}}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+{"actions":[],"advisories":{"1101851":{"findings":[{"version":"2.0.1","paths":["puppeteer>@puppeteer/browsers>proxy-agent>socks-proxy-agent>socks>ip","playwright>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","mocha>chokidar>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","codeceptjs>mocha>chokidar>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","codeceptjs>mocha-junit-reporter>mocha>chokidar>fsevents>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-29415\n- https://github.com/indutny/node-ip/issues/150\n- https://github.com/indutny/node-ip/pull/143\n- https://github.com/indutny/node-ip/pull/144\n- https://security.netapp.com/advisory/ntap-20250117-0010\n- https://github.com/advisories/GHSA-2p57-rm9w-gvfp","created":"2024-06-02T22:29:29.000Z","id":1101851,"npm_advisory_id":null,"overview":"The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.","reported_by":null,"title":"ip SSRF improper categorization in isPublic","metadata":null,"cves":["CVE-2024-29415"],"access":"public","severity":"high","module_name":"ip","vulnerable_versions":"<=2.0.1","github_advisory_id":"GHSA-2p57-rm9w-gvfp","recommendation":"None","patched_versions":"<0.0.0","updated":"2025-01-17T21:31:39.000Z","cvss":{"score":8.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},"cwe":["CWE-918"],"url":"https://github.com/advisories/GHSA-2p57-rm9w-gvfp"},"1103612":{"findings":[{"version":"3.0.4","paths":["puppeteer>@puppeteer/browsers>tar-fs","puppeteer>puppeteer-core>@puppeteer/browsers>tar-fs"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-12905\n- https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed\n- https://github.com/advisories/GHSA-pq67-2wwv-3xjx","created":"2025-03-27T18:31:28.000Z","id":1103612,"npm_advisory_id":null,"overview":"An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.7.","reported_by":null,"title":"tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File","metadata":null,"cves":["CVE-2024-12905"],"access":"public","severity":"high","module_name":"tar-fs","vulnerable_versions":">=3.0.0 <3.0.7","github_advisory_id":"GHSA-pq67-2wwv-3xjx","recommendation":"Upgrade to version 3.0.8 or later","patched_versions":">=3.0.8","updated":"2025-03-28T22:11:43.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},"cwe":["CWE-22"],"url":"https://github.com/advisories/GHSA-pq67-2wwv-3xjx"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":0,"high":7,"critical":0},"dependencies":705,"devDependencies":0,"optionalDependencies":0,"totalDependencies":705}}