feat: regrading request end to end

[MmagdyHafezZ]

PR Description

Overview:

Type of Issue:

• Feature (feat): New functionality or feature added.
• Bug Fix (bug): Issue or bug resolved.
• Chore (chore): Maintenance, refactoring, or non-functional changes.
• Documentation Update (doc): Documentation improvements or additions.

Change Type:

• Major: Significant changes that introduce new features, large refactoring, or breaking changes. Requires thorough review and testing.
• Minor: Small to medium changes, such as adding new functionality that is backward-compatible or minor refactoring. Moderate review needed.
• Patch: Bug fixes, small tweaks, or documentation updates. Light review is sufficient.

Test Coverage

• Unit tests updated
• Manual verification done

Evidence:

Impact / Risk

email service, mark chatbot

[ibm-mend-app]

Mend Code Security Check

New finding (1 of 3)

The Mend Code Security Check of your branch failed because of a Log Forging finding in this line.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
Low	Log Forging	CWE-117	admin-email.service.ts:36	1	2025-11-04 10:09am
Vulnerable Code mark/apps/api/src/auth/services/admin-email.service.ts Lines 31 to 36 in d4b0240 }; const result = await this.emailService.sendEmail(emailOptions); if (!result) { this.logger.error(`Failed to send verification code to ${email}`); 1 Data Flow/s detected mark/apps/api/src/auth/controllers/admin-auth.controller.ts Line 95 in d4b0240 async sendVerificationCode( mark/apps/api/src/auth/controllers/admin-auth.controller.ts Line 98 in d4b0240 const { email } = request; mark/apps/api/src/auth/controllers/admin-auth.controller.ts Line 115 in d4b0240 const emailSent = await this.adminEmailService.sendVerificationCode( mark/apps/api/src/auth/services/admin-email.service.ts Line 17 in d4b0240 async sendVerificationCode(email: string, code: string): Promise<boolean> { mark/apps/api/src/auth/services/admin-email.service.ts Line 36 in d4b0240 this.logger.error(`Failed to send verification code to ${email}`); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Log Forging Training ● Videos    ▪ Secure Code Warrior Log Forging Video ● Further Reading    ▪ OWASP Log Forging 🏴 Suppress Finding ... as False Alarm ... as Acceptable Risk

[ibm-mend-app]

Mend Code Security Check

New finding (2 of 3)

The Mend Code Security Check of your branch failed because of a Log Forging finding in this line.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
Low	Log Forging	CWE-117	admin.service.ts:887	1	2025-11-04 10:09am
Vulnerable Code mark/apps/api/src/api/admin/admin.service.ts Lines 882 to 887 in d4b0240 if (!request) { throw new Error(`Regrading request with ID ${id} not found`); } const oldGrade = request.assignmentAttempt.grade || 0; this.logger.log( 1 Data Flow/s detected mark/apps/api/src/api/admin/controllers/regrading-requests.controller.ts Line 76 in d4b0240 approveRegradingRequest( mark/apps/api/src/api/admin/controllers/regrading-requests.controller.ts Line 81 in d4b0240 return this.adminService.approveRegradingRequest( mark/apps/api/src/api/admin/admin.service.ts Line 865 in d4b0240 async approveRegradingRequest( mark/apps/api/src/api/admin/admin.service.ts Line 888 in d4b0240 `[ApproveRegrading] Attempt ID: ${request.attemptId}, Old Grade: ${oldGrade}, New Grade: ${newGrade}`, mark/apps/api/src/api/admin/admin.service.ts Line 887 in d4b0240 this.logger.log( Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Log Forging Training ● Videos    ▪ Secure Code Warrior Log Forging Video ● Further Reading    ▪ OWASP Log Forging 🏴 Suppress Finding ... as False Alarm ... as Acceptable Risk

[ibm-mend-app]

Mend Code Security Check

New finding (3 of 3)

The Mend Code Security Check of your branch failed because of a Log Forging finding in this line.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
Low	Log Forging	CWE-117	admin.service.ts:870	1	2025-11-04 10:09am
Vulnerable Code mark/apps/api/src/api/admin/admin.service.ts Lines 865 to 870 in d4b0240 async approveRegradingRequest( id: number, newGrade: number, authorEmail?: string, ) { this.logger.log( 1 Data Flow/s detected mark/apps/api/src/api/admin/controllers/regrading-requests.controller.ts Line 76 in d4b0240 approveRegradingRequest( mark/apps/api/src/api/admin/controllers/regrading-requests.controller.ts Line 81 in d4b0240 return this.adminService.approveRegradingRequest( mark/apps/api/src/api/admin/admin.service.ts Line 865 in d4b0240 async approveRegradingRequest( mark/apps/api/src/api/admin/admin.service.ts Line 871 in d4b0240 `[ApproveRegrading] Request ID: ${id}, New Grade: ${newGrade}, Author: ${authorEmail}`, mark/apps/api/src/api/admin/admin.service.ts Line 870 in d4b0240 this.logger.log( Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Log Forging Training ● Videos    ▪ Secure Code Warrior Log Forging Video ● Further Reading    ▪ OWASP Log Forging 🏴 Suppress Finding ... as False Alarm ... as Acceptable Risk