Skip to content

Added James’ individual contributions (mental_health_hub demo)#147

Open
gituser14d wants to merge 1 commit intomainfrom
james_contributions
Open

Added James’ individual contributions (mental_health_hub demo)#147
gituser14d wants to merge 1 commit intomainfrom
james_contributions

Conversation

@gituser14d
Copy link

@gituser14d gituser14d commented Sep 26, 2025

Summary

This PR adds my individual contributions for the Mental Health Hub project.
Includes:

  • Logging demo
  • Incident response plan
  • Flask JWT authentication demo
  • Streamlit Hub app (with modular components)
  • Documentation (README.md files)

Notes

  • All work is contained within the mental_health_hub (James Nardella) folder.
  • Each subproject includes its own README.md for setup and usage.

@gituser14d
Added James’ individual contributions (mental_health_hub demo)
57b3bf5 
Includes logging demo, Flask JWT authentication, Streamlit hub app, storytelling module, and associated documentation.
@gituser14d gituser14d requested review from a team as code owners September 26, 2025 04:40
@github-actions
Copy link

github-actions bot commented Sep 26, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-09-26 04:41:17.134119

Test results:
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_science/voice_assistant/generate_response.py:19:10
18	def get_request(query):
19	    req = requests.get(f'https://www.google.com/search?q={query}')
20	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./data_science/voice_assistant/text_to_speech.py:5:0
4	import os
5	import subprocess
6	# Function to generate a response using our NLP model

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'super-secret-key'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./mental_health_hub (James Nardella)/flask_jwt_demo/Token-Based Authentication (JWT).py:7:11
6	app = Flask(__name__) #creates the flask app
7	app.config['SECRET_KEY'] = "super-secret-key"  #
8	

--------------------------------------------------
>> Issue: [B201:flask_debug_true] A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.
   Severity: High   Confidence: Medium
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b201_flask_debug_true.html
   Location: ./mental_health_hub (James Nardella)/flask_jwt_demo/Token-Based Authentication (JWT).py:110:4
109	if __name__ == "__main__":
110	    app.run(debug=True)

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./mental_health_hub (James Nardella)/flask_jwt_demo/test_api.py:4:4
3	#register
4	r = requests.post("http://127.0.0.1:5000/register", json={
5	    "username": "alice",
6	    "password": "mypassword"
7	})
8	print(r.json())

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./mental_health_hub (James Nardella)/flask_jwt_demo/test_api.py:11:4
10	#login
11	r = requests.post("http://127.0.0.1:5000/login", json={
12	    "username": "alice",
13	    "password": "mypassword"
14	})
15	data = r.json()

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./mental_health_hub (James Nardella)/flask_jwt_demo/test_api.py:21:4
20	#access protected route
21	r = requests.get("http://127.0.0.1:5000/protected", headers={
22	    "Authorization": f"Bearer {token}"
23	})
24	print(r.json())

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./mental_health_hub (James Nardella)/logging_demo/python activity_logger.py:8:24
7	def generate_ip():
8	    return f"192.168.1.{random.randint(2, 254)}"
9	

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'super-secret-key'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./mental_health_hub (James Nardella)/streamlit_hub_app/auth_module.py:8:13
7	# Secret key for signing JWTs
8	SECRET_KEY = "super-secret-key"
9	

--------------------------------------------------

Code scanned:
	Total lines of code: 1593
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 6
		Medium: 4
		High: 1
	Total issues (by confidence):
		Undefined: 0
		Low: 4
		Medium: 3
		High: 4
Files skipped (0):

⛔️ Critical vulnerabilities detected. Please review and address these security issues before merging.

Next Steps:

  1. Review each critical finding above and fix them according to OWASP top 10 mitigations.

Mouse933
Mouse933 requested changes Jan 18, 2026
View reviewed changes
Copy link

@Mouse933 Mouse933 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, please see the comments attached to the test logging files for some questions I've asked regarding the credentials shown in plaintext there, just needing clarification on how that works.

Outside this, Bandit has picked up a possible high priority security issue with your code, see the details below. These issues need to be addressed before this can be merged thanks :)

Issue: [B201:flask_debug_true] A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.
Severity: High Confidence: Medium
CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b201_flask_debug_true.html
Location: ./mental_health_hub (James Nardella)/flask_jwt_demo/Token-Based Authentication (JWT).py:110:4
109 if name == "main":
110 app.run(debug=True)

mental_health_hub (James Nardella)/flask_jwt_demo/test_api.py
Copy link

@Mouse933 Mouse933 Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious regarding this test API, as it does seem to have hardcoded values stored on it, is there any way outside users can access this? Or is it simply an isolated testing unit?

mental_health_hub (James Nardella)/logging_demo/python activity_logger.py
Copy link

@Mouse933 Mouse933 Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once again as this accepts any password for the correct accounts, I would like to know how this logging demo functions as part of the full program. Thanks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mouse933 Mouse933 Mouse933 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gituser14d @Mouse933