Skip to content

Add files via upload #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Asmi880 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add files via upload #149

Asmi880 wants to merge 1 commit into from

Conversation

@Asmi880
Copy link

@Asmi880 Asmi880 commented Oct 8, 2025

What are the changes?

Who worked on the changes?

New Components/Features

Enhanced Components/Features

Other Changes/Fixes

Additional Notes

TODOs

  • Example Checkbox

Checklist

  • Existing, relevant documentation has been updated to reflect my changes

Screenshots or example output

@Asmi880 Asmi880 requested review from a team as code owners October 8, 2025 05:31
@github-actions
Copy link

github-actions bot commented Oct 8, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-10-08 05:32:21.739467

Test results:
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_science/voice_assistant/generate_response.py:19:10
18	def get_request(query):
19	    req = requests.get(f'https://www.google.com/search?q={query}')
20	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./data_science/voice_assistant/text_to_speech.py:5:0
4	import os
5	import subprocess
6	# Function to generate a response using our NLP model

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------

Code scanned:
	Total lines of code: 2023
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 3
		Medium: 1
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 0
		High: 3
Files skipped (0):

No critical security issues detected.

The code has passed all critical security checks.

@Asmi880 Asmi880 closed this Oct 8, 2025
@Asmi880 Asmi880 reopened this Oct 8, 2025
@github-actions
Copy link

github-actions bot commented Oct 8, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-10-08 05:34:44.615289

Test results:
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_science/voice_assistant/generate_response.py:19:10
18	def get_request(query):
19	    req = requests.get(f'https://www.google.com/search?q={query}')
20	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./data_science/voice_assistant/text_to_speech.py:5:0
4	import os
5	import subprocess
6	# Function to generate a response using our NLP model

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------

Code scanned:
	Total lines of code: 2023
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 3
		Medium: 1
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 0
		High: 3
Files skipped (0):

No critical security issues detected.

The code has passed all critical security checks.

Mouse933
Mouse933 reviewed Jan 5, 2026
View reviewed changes
pages/12_Family_Support.py
# -----------------------------
# PIN setup (safe fallback)
# -----------------------------
DEFAULT_PIN = "1234" # fallback PIN
Copy link

@Mouse933 Mouse933 Jan 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just checking is the PIN here something that's set as a hardcoded value only when a fallback is needed? Or is anyone able to login to an account using it? So if someone were to get hold of someones account or device, would they be able to use the fallback pin to login?

Mouse933
Mouse933 requested changes Jan 7, 2026
View reviewed changes
Copy link

@Mouse933 Mouse933 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, please see the comment I added to the discussion regarding the hardcoded pin. Likewise, check over the files and make sure they meet the companies naming conventions for files and variables as the pull request checks failed.

Outside this, the rest looks good, just a few changes needed before this can be pushed :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mouse933 Mouse933 Mouse933 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Asmi880 @Mouse933