Skip to content

Added Gargi Sarma's chat modules (ggserver, ggclient, chat_gg, auth_m… #150

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Gargi2023 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Added Gargi Sarma's chat modules (ggserver, ggclient, chat_gg, auth_m… #150

Gargi2023 wants to merge 1 commit into from

Conversation

@Gargi2023
Copy link

@Gargi2023 Gargi2023 commented Oct 8, 2025
edited by Mouse933
Loading

…odule, streamlit_hub_app) under mental_health_hub
tested locally; communication verified between client and server; ready for review## What are the changes?

Real-time Python chat system (ggserver, ggclient)

Streamlit chat UI (chat_gg, streamlit_hub_app)
Authentication component (auth_module)

Who worked on the changes?

New Components/Features

Enhanced Components/Features

Other Changes/Fixes

Additional Notes

TODOs

  • Example Checkbox

Checklist

  • Existing, relevant documentation has been updated to reflect my changes

Screenshots or example output

@Gargi2023
Added Gargi Sarma's chat modules (ggserver, ggclient, chat_gg, auth_m…
c64ff43 
…odule, streamlit_hub_app) under mental_health_hub
@Gargi2023 Gargi2023 requested review from a team as code owners October 8, 2025 06:59
@github-actions
Copy link

github-actions bot commented Oct 8, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-10-08 07:00:29.253087

Test results:
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_science/voice_assistant/generate_response.py:19:10
18	def get_request(query):
19	    req = requests.get(f'https://www.google.com/search?q={query}')
20	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./data_science/voice_assistant/text_to_speech.py:5:0
4	import os
5	import subprocess
6	# Function to generate a response using our NLP model

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'super-secret-key'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./mental_health_hub (GARGI SARMA)/auth_module 1.py:8:13
7	# Secret key for signing JWTs
8	SECRET_KEY = "super-secret-key"
9	

--------------------------------------------------

Code scanned:
	Total lines of code: 1181
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 4
		Medium: 1
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 1
		High: 3
Files skipped (0):

No critical security issues detected.

The code has passed all critical security checks.

@Gargi2023 Gargi2023 closed this Oct 8, 2025
@Gargi2023 Gargi2023 reopened this Oct 8, 2025
@github-actions
Copy link

github-actions bot commented Oct 8, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-10-08 07:04:48.947279

Test results:
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_science/voice_assistant/generate_response.py:19:10
18	def get_request(query):
19	    req = requests.get(f'https://www.google.com/search?q={query}')
20	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./data_science/voice_assistant/text_to_speech.py:5:0
4	import os
5	import subprocess
6	# Function to generate a response using our NLP model

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'super-secret-key'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./mental_health_hub (GARGI SARMA)/auth_module 1.py:8:13
7	# Secret key for signing JWTs
8	SECRET_KEY = "super-secret-key"
9	

--------------------------------------------------

Code scanned:
	Total lines of code: 1181
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 4
		Medium: 1
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 1
		Medium: 1
		High: 3
Files skipped (0):

No critical security issues detected.

The code has passed all critical security checks.

@Gargi2023
Copy link
Author

Gargi2023 commented Oct 8, 2025

Hello team
I successfully made the pull request and finished my upload.
Although the PR check was unsuccessful, I saw that other team PRs also displayed the same problem, which is most likely a workflow configuration fault.
Local testing and verification are done on my modules.
Please review whenever you can.

Gargi Sarma

Mouse933
Mouse933 requested changes Jan 8, 2026
View reviewed changes
Copy link

@Mouse933 Mouse933 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, please see my comments on your code regarding some clarification on how the secret key is working. Outside this, your code looks fine, there are no obvious security issues, it just needs to be adjusted slightly to pass the pull request checks.

mental_health_hub (GARGI SARMA)/auth_module 1.py
from logging_module import log_event # Import log_event function

# Secret key for signing JWTs
SECRET_KEY = "super-secret-key"
Copy link

@Mouse933 Mouse933 Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just needing to check regarding this secret key here, this is simply just a placeholder and the actual key is stored elsewhere right? If that's the case this is fine :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mouse933 Mouse933 Mouse933 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Gargi2023 @Mouse933