Fix Archer Jira ticket description auto-population and security audit fixes

Auto-populate description field when creating Jira tickets from the Archer page with ticket metadata (EXC number, CVE, vendor, status, Archer URL). Previously the description was always empty, requiring manual entry. Includes security audit fixes for SQL injection prevention and input validation in compliance, VCL multi-vertical, and CCP metrics routes. Updates security audit tracker documentation.
2026-06-05 09:53:53 -06:00
parent e8aa7038ad
commit af5fa11421
6 changed files with 133 additions and 114 deletions
--- a/frontend/src/components/pages/ArcherPage.js
+++ b/frontend/src/components/pages/ArcherPage.js
@@ -131,12 +131,21 @@ export default function ArcherPage({

  // Open the Create Jira Ticket modal pre-populated with Archer ticket data
  const openCreateJiraModal = (ticket) => {
+    // Build description with available Archer ticket information
+    const descParts = [];
+    descParts.push(`Archer risk acceptance ticket: ${ticket.exc_number || 'N/A'}`);
+    if (ticket.cve_id) descParts.push(`CVE: ${ticket.cve_id}`);
+    if (ticket.vendor) descParts.push(`Vendor: ${ticket.vendor}`);
+    if (ticket.status) descParts.push(`Status: ${ticket.status}`);
+    if (ticket.archer_url) descParts.push(`Archer URL: ${ticket.archer_url}`);
+    const description = descParts.join('\n');
+
    setCreateJiraForm({
      summary: ticket.exc_number || '',
      cve_id: ticket.cve_id || '',
      vendor: ticket.vendor || '',
      source_context: 'archer',
-      description: '',
+      description,
      project_key: '',
      issue_type: '',
    });
--- a/frontend/src/components/pages/CCPMetricsPage.js
+++ b/frontend/src/components/pages/CCPMetricsPage.js
@@ -621,6 +621,7 @@ function VerticalDetailView({ vertical, onBack, onSelectMetric }) {
    const [loading, setLoading] = useState(true);
    const [expandedMetrics, setExpandedMetrics] = useState(new Set());
    const [teamFilter, setTeamFilter] = useState(''); // '' = all teams (rollup view)
+    // ⚠️ CONVENTION: Missing error state — .catch() below silently swallows fetch errors without displaying them to the user. Add an error state and render an error message.
    // ⚠️ CONVENTION: Missing error state — .catch() silently swallows fetch errors without displaying them to the user. Add an error state and render an error message (see main CCPMetricsPage pattern).

    useEffect(() => {
@@ -1132,7 +1133,7 @@ function DataManagementPanel({ onClose, onDataChanged }) {
            <div style={{ background: 'linear-gradient(180deg, #0F1A2E 0%, #0A1628 100%)', border: '1px solid rgba(239, 68, 68, 0.3)', borderRadius: '1rem', width: '90%', maxWidth: '800px', maxHeight: '80vh', overflow: 'auto', padding: '2rem' }} onClick={e => e.stopPropagation()}>
                <div style={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', marginBottom: '1.5rem' }}>
                    <h2 style={{ fontSize: '1.1rem', fontWeight: '700', color: '#E2E8F0', margin: 0 }}>Manage Data</h2>
-                    {/* ⚠️ CONVENTION: Use lucide-react <X /> icon instead of raw Unicode character */}
+                    {/* ⚠️ CONVENTION: Use lucide-react <X /> icon instead of raw Unicode character for the close button */}
                    <button onClick={onClose} style={{ background: 'none', border: 'none', color: '#64748B', cursor: 'pointer' }}>✕</button>
                </div>