platform-support-slack-integration[bot]
commented
3 months ago Slack Thread Link: https://dsva.slack.com/archives/CBU0KDSB1/p1722878746577539
Closed platform-support-slack-integration[bot] closed 3 months ago
platform-support-slack-integration[bot]
commented
3 months ago Slack Thread Link: https://dsva.slack.com/archives/CBU0KDSB1/p1722878746577539
Submitted By: nathan.wright Topic: Security Team: Tier 1 Support
TLDR: Is it okay to pass ICNs as params to sidekiq jobs?
Longer version: The VANotify team https://github.com/department-of-veterans-affairs/vets-api/tree/master/modules/va_notify sends out notifications (email, sms) to veterans for various business cases - form submission confirmations, in progress form reminders, etc.
One of the ways that we send the notifications is via ICN. If a user fills out a form and we do not know their email address we can lookup their ICN (via their account) and then pass that on to VANotify api (outside of vets-api) which looks up the veterans info in VA Profile.
Our sidekiq job that does this work: https://github.com/department-of-veterans-affairs/vets-api/blob/master/modules/va_notify/app/sidekiq/va_notify/icn_job.rb#L19 takes in the ICN as a param. Is this usage of ICNs ok?