CONSTANT VIGILENCE

[jadudm]

At a glance

In order to extract content
as a developer
I want to trust no one.

Acceptance Criteria

We use DRY behavior-driven development wherever possible.

then...

Beta Give feedback

1. [a thing happens]

Shepherd

• UX shepherd:
• Design shepherd:
• Engineering shepherd:

Background

When we fetch a file, it might say that its extension is .pdf. The webserver might claim that it is a PDF, presenting the content-type as application/pdf. However, it might not be a PDF.

Insert Mad Eye Moody reference from Harry Potter...

I need to ask the temporary file "what are you" in terms of a signature, and assume that it is not what it seems. Further, I have to make sure that both the local disk and S3 are cleaned up as soon as I decide I don't want to process a file.

Whether a JSON object is left behind that helps me avoid fetching the file in the future is another thing entirely. (It becomes a record of what we did/didn't do.)

Security Considerations

Required per CM-4.

Fetching arbitrary content is a thing to be careful of.

---

Process checklist

• Has a clear story statement
• Can reasonably be done in a few days (otherwise, split this up!)
• Shepherds have been identified
• UX youexes all the things
• Design designs all the things
• Engineering engineers all the things
• Meets acceptance criteria
• Meets QASP conditions
• Presented in a review
• Includes screenshots or references to artifacts
• Tagged with the sprint where it was finished
• Archived

If there's UI...

• Screen reader - Listen to the experience with a screen reader extension, ensure the information presented in order
• Keyboard navigation - Run through acceptance criteria with keyboard tabs, ensure it works.
• Text scaling - Adjust viewport to 1280 pixels wide and zoom to 200%, ensure everything renders as expected. Document 400% zoom issues with USWDS if appropriate.