Skip to content

Commit

Permalink
EVSRESTAPI-540: fix vulnerability scan issue (#314)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bcarlsenca
bcarlsenca authored Dec 19, 2024
1 parent cf62004 commit c875bb9
Show file tree
Hide file tree
Showing 11 changed files with 82 additions and 80 deletions.
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,9 +129,9 @@ dependencies {
exclude group: 'org.apache.logging.log4j', module: 'log4j-to-slf4j'
}
implementation 'ca.uhn.hapi.fhir:hapi-fhir-server-openapi:7.4.5'
implementation 'org.fhir:ucum:1.0.9'

// For the moment, these require explicit 6.4.0 to resolve vulnerabilities (as 7.4.5 above is current)
implementation 'org.fhir:ucum:1.0.9'
implementation 'ca.uhn.hapi.fhir:org.hl7.fhir.convertors:6.4.0'
implementation 'ca.uhn.hapi.fhir:org.hl7.fhir.dstu2:6.4.0'
implementation 'ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may:6.4.0'
Expand Down
14 changes: 7 additions & 7 deletions src/main/java/gov/nih/nci/evs/api/fhir/R4/CodeSystemProviderR4.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -678,19 +678,19 @@ public Bundle findCodeSystems(
// Skip non-matching
if ((id != null && !id.getValue().equals(cs.getId()))
|| (system != null && !system.getValue().equals(cs.getUrl()))) {
logger.info(" SKIP url mismatch = " + cs.getUrl());
logger.debug(" SKIP url mismatch = " + cs.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cs.getDate())) {
logger.info(" SKIP date mismatch = " + cs.getDate());
logger.debug(" SKIP date mismatch = " + cs.getDate());
continue;
}
if (title != null && !FhirUtility.compareString(title, cs.getTitle())) {
logger.info(" SKIP title mismatch = " + cs.getTitle());
logger.debug(" SKIP title mismatch = " + cs.getTitle());
continue;
}
if (version != null && !FhirUtility.compareString(version, cs.getVersion())) {
logger.info(" SKIP version mismatch = " + cs.getVersion());
logger.debug(" SKIP version mismatch = " + cs.getVersion());
continue;
}

Expand Down Expand Up @@ -737,15 +737,15 @@ private List<CodeSystem> findPossibleCodeSystems(
// Skip non-matching
if ((id != null && !id.getIdPart().equals(cs.getId()))
|| (url != null && !url.getValue().equals(cs.getUrl()))) {
logger.info(" SKIP url mismatch = " + cs.getUrl());
logger.debug(" SKIP url mismatch = " + cs.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cs.getDate())) {
logger.info(" SKIP date mismatch = " + cs.getDate());
logger.debug(" SKIP date mismatch = " + cs.getDate());
continue;
}
if (version != null && !version.getValue().equals(cs.getVersion())) {
logger.info(" SKIP version mismatch = " + cs.getVersion());
logger.debug(" SKIP version mismatch = " + cs.getVersion());
continue;
}

Expand Down
26 changes: 13 additions & 13 deletions src/main/java/gov/nih/nci/evs/api/fhir/R4/ConceptMapProviderR4.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -347,23 +347,23 @@ public Bundle findConceptMaps(
final ConceptMap cm = FhirUtilityR4.toR4(mapset);
// Skip non-matching
if (url != null && !url.getValue().equals(cm.getUrl())) {
logger.info(" SKIP url mismatch = " + cm.getUrl());
logger.debug(" SKIP url mismatch = " + cm.getUrl());
continue;
}
if (id != null && !id.getValue().equals(cm.getId())) {
logger.info(" SKIP id mismatch = " + cm.getName());
logger.debug(" SKIP id mismatch = " + cm.getName());
continue;
}
if (system != null && !system.getValue().equals(cm.getName())) {
logger.info(" SKIP system mismatch = " + cm.getName());
logger.debug(" SKIP system mismatch = " + cm.getName());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cm.getDate())) {
logger.info(" SKIP date mismatch = " + cm.getDate());
logger.debug(" SKIP date mismatch = " + cm.getDate());
continue;
}
if (version != null && !FhirUtility.compareString(version, cm.getVersion())) {
logger.info(" SKIP version mismatch = " + cm.getVersion());
logger.debug(" SKIP version mismatch = " + cm.getVersion());
continue;
}

Expand Down Expand Up @@ -424,38 +424,38 @@ private List<ConceptMap> findPossibleConceptMaps(
final ConceptMap cm = FhirUtilityR4.toR4(mapset);
// Skip non-matching
if (url != null && !url.getValue().equals(cm.getUrl())) {
logger.info(" SKIP url mismatch = " + cm.getUrl());
logger.debug(" SKIP url mismatch = " + cm.getUrl());
continue;
}
if (id != null && !id.getIdPart().equals(cm.getId())) {
logger.info(" SKIP id mismatch = " + cm.getName());
logger.debug(" SKIP id mismatch = " + cm.getName());
continue;
}
if (system != null && !system.getValue().equals(cm.getSourceUriType().getValue())) {
logger.info(" SKIP system mismatch = " + cm.getName());
logger.debug(" SKIP system mismatch = " + cm.getName());
continue;
}
if (targetSystem != null
&& !targetSystem.getValue().equals(cm.getTargetUriType().getValue())) {
logger.info(" SKIP targetSystem mismatch = " + cm.getName());
logger.debug(" SKIP targetSystem mismatch = " + cm.getName());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cm.getDate())) {
logger.info(" SKIP date mismatch = " + cm.getDate());
logger.debug(" SKIP date mismatch = " + cm.getDate());
continue;
}
if (version != null && !version.getValue().equals(cm.getVersion())) {
logger.info(" SKIP version mismatch = " + cm.getVersion());
logger.debug(" SKIP version mismatch = " + cm.getVersion());
continue;
}
if (source != null
&& !source.getValue().equals(cm.getSourceUriType().getValue() + "?fhir_vs")) {
logger.info(" SKIP source mismatch = " + cm.getVersion());
logger.debug(" SKIP source mismatch = " + cm.getVersion());
continue;
}
if (target != null
&& !target.getValue().equals(cm.getTargetUriType().getValue() + "?fhir_vs")) {
logger.info(" SKIP target mismatch = " + cm.getVersion());
logger.debug(" SKIP target mismatch = " + cm.getVersion());
continue;
}

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/gov/nih/nci/evs/api/fhir/R4/HapiR4RestfulServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,6 @@ public void unknownReference(
// Register interceptors
registerInterceptor(new OpenApiInterceptorR4());

logger.info("FHIR Resource providers and interceptors registered");
logger.debug("FHIR Resource providers and interceptors registered");
}
}
34 changes: 17 additions & 17 deletions src/main/java/gov/nih/nci/evs/api/fhir/R4/ValueSetProviderR4.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -683,23 +683,23 @@ public Bundle findValueSets(
final ValueSet vs = FhirUtilityR4.toR4VS(terminology);
// Skip non-matching
if (id != null && !id.getValue().equals(vs.getId())) {
logger.info(" SKIP id mismatch = " + vs.getId());
logger.debug(" SKIP id mismatch = " + vs.getId());
continue;
}
if (url != null && !url.getValue().equals(vs.getUrl())) {
logger.info(" SKIP url mismatch = " + vs.getUrl());
logger.debug(" SKIP url mismatch = " + vs.getUrl());
continue;
}
if (system != null && !system.getValue().equals(vs.getTitle())) {
logger.info(" SKIP system mismatch = " + vs.getTitle());
logger.debug(" SKIP system mismatch = " + vs.getTitle());
continue;
}
if (name != null && !name.getValue().equals(vs.getName())) {
logger.info(" SKIP name mismatch = " + vs.getName());
logger.debug(" SKIP name mismatch = " + vs.getName());
continue;
}
if (version != null && !FhirUtility.compareString(version, vs.getVersion())) {
logger.info(" SKIP version mismatch = " + vs.getVersion());
logger.debug(" SKIP version mismatch = " + vs.getVersion());
continue;
}

Expand All @@ -722,27 +722,27 @@ public Bundle findValueSets(
final ValueSet vs = FhirUtilityR4.toR4VS(subset);
// Skip non-matching
if (id != null && !id.getValue().equals(vs.getId())) {
logger.info(" SKIP id mismatch = " + vs.getUrl());
logger.debug(" SKIP id mismatch = " + vs.getUrl());
continue;
}
if (url != null && !url.getValue().equals(vs.getUrl())) {
logger.info(" SKIP url mismatch = " + vs.getUrl());
logger.debug(" SKIP url mismatch = " + vs.getUrl());
continue;
}
if (system != null && !system.getValue().equals(vs.getTitle())) {
logger.info(" SKIP system mismatch = " + vs.getTitle());
logger.debug(" SKIP system mismatch = " + vs.getTitle());
continue;
}
if (name != null && !name.getValue().equals(vs.getName())) {
logger.info(" SKIP name mismatch = " + vs.getName());
logger.debug(" SKIP name mismatch = " + vs.getName());
continue;
}
if (code != null
&& !vs.getIdentifier().stream()
.filter(i -> i.getValue().equals(code.getValue()))
.findAny()
.isPresent()) {
logger.info(" SKIP code mismatch = " + vs.getTitle());
logger.debug(" SKIP code mismatch = " + vs.getTitle());
continue;
}
list.add(vs);
Expand Down Expand Up @@ -812,19 +812,19 @@ private List<ValueSet> findPossibleValueSets(
final ValueSet vs = FhirUtilityR4.toR4VS(terminology);
// Skip non-matching
if (id != null && !id.getIdPart().equals(vs.getId())) {
logger.info(" SKIP id mismatch = " + vs.getId());
logger.debug(" SKIP id mismatch = " + vs.getId());
continue;
}
if (url != null && !url.getValue().equals(vs.getUrl())) {
logger.info(" SKIP url mismatch = " + vs.getUrl());
logger.debug(" SKIP url mismatch = " + vs.getUrl());
continue;
}
if (system != null && !system.getValue().equals(vs.getTitle())) {
logger.info(" SKIP system mismatch = " + vs.getTitle());
logger.debug(" SKIP system mismatch = " + vs.getTitle());
continue;
}
if (version != null && !version.getValue().equals(vs.getVersion())) {
logger.info(" SKIP version mismatch = " + vs.getVersion());
logger.debug(" SKIP version mismatch = " + vs.getVersion());
continue;
}

Expand All @@ -848,15 +848,15 @@ private List<ValueSet> findPossibleValueSets(

// Skip non-matching
if (id != null && !id.getIdPart().equals(vs.getId())) {
logger.info(" SKIP id mismatch = " + vs.getId());
logger.debug(" SKIP id mismatch = " + vs.getId());
continue;
}
if (url != null && !url.getValue().equals(vs.getUrl())) {
logger.info(" SKIP url mismatch = " + vs.getUrl());
logger.debug(" SKIP url mismatch = " + vs.getUrl());
continue;
}
if (system != null && !system.getValue().equals(vs.getTitle())) {
logger.info(" SKIP system mismatch = " + vs.getTitle());
logger.debug(" SKIP system mismatch = " + vs.getTitle());
continue;
}
list.add(vs);
Expand Down
20 changes: 10 additions & 10 deletions src/main/java/gov/nih/nci/evs/api/fhir/R5/CodeSystemProviderR5.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,31 +118,31 @@ public Bundle findCodeSystems(
// Skip non-matching
if ((id != null && !id.getValue().equals(cs.getIdPart()))
|| (url != null && !url.getValue().equals(cs.getUrl()))) {
logger.info(" SKIP url mismatch = " + cs.getUrl());
logger.debug(" SKIP url mismatch = " + cs.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cs.getDate())) {
logger.info(" SKIP date mismatch = " + cs.getDate());
logger.debug(" SKIP date mismatch = " + cs.getDate());
continue;
}
if (description != null && !FhirUtility.compareString(description, cs.getDescription())) {
logger.info(" SKIP description mismatch = " + cs.getDescription());
logger.debug(" SKIP description mismatch = " + cs.getDescription());
continue;
}
if (name != null && !FhirUtility.compareString(name, cs.getName())) {
logger.info(" SKIP name mismatch = " + cs.getName());
logger.debug(" SKIP name mismatch = " + cs.getName());
continue;
}
if (publisher != null && !FhirUtility.compareString(publisher, cs.getPublisher())) {
logger.info(" SKIP publisher mismatch = " + cs.getPublisher());
logger.debug(" SKIP publisher mismatch = " + cs.getPublisher());
continue;
}
if (title != null && !FhirUtility.compareString(title, cs.getTitle())) {
logger.info(" SKIP title mismatch = " + cs.getTitle());
logger.debug(" SKIP title mismatch = " + cs.getTitle());
continue;
}
if (version != null && !FhirUtility.compareString(version, cs.getVersion())) {
logger.info(" SKIP version mismatch = " + cs.getVersion());
logger.debug(" SKIP version mismatch = " + cs.getVersion());
continue;
}

Expand Down Expand Up @@ -785,15 +785,15 @@ private List<CodeSystem> findPossibleCodeSystems(
// Skip non-matching
if ((id != null && !id.getIdPart().equals(cs.getIdPart()))
|| (url != null && !url.getValue().equals(cs.getUrl()))) {
logger.info(" SKIP url mismatch = " + cs.getUrl());
logger.debug(" SKIP url mismatch = " + cs.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cs.getDate())) {
logger.info(" SKIP date mismatch = " + cs.getDate());
logger.debug(" SKIP date mismatch = " + cs.getDate());
continue;
}
if (version != null && !version.getValue().equals(cs.getVersion())) {
logger.info(" SKIP version mismatch = " + cs.getVersion());
logger.debug(" SKIP version mismatch = " + cs.getVersion());
continue;
}
list.add(cs);
Expand Down
22 changes: 11 additions & 11 deletions src/main/java/gov/nih/nci/evs/api/fhir/R5/ConceptMapProviderR5.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,23 +111,23 @@ public Bundle findConceptMaps(
final ConceptMap cm = FhirUtilityR5.toR5(mapset);
// Skip non-matching
if (url != null && !url.getValue().equals(cm.getUrl())) {
logger.info(" SKIP url mismatch = " + cm.getUrl());
logger.debug(" SKIP url mismatch = " + cm.getUrl());
continue;
}
if (id != null && !id.getValue().equals(cm.getId())) {
logger.info(" SKIP id mismatch = " + cm.getName());
logger.debug(" SKIP id mismatch = " + cm.getName());
continue;
}
if (system != null && !system.getValue().equals(cm.getName())) {
logger.info(" SKIP system mismatch = " + cm.getName());
logger.debug(" SKIP system mismatch = " + cm.getName());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cm.getDate())) {
logger.info(" SKIP date mismatch = " + cm.getDate());
logger.debug(" SKIP date mismatch = " + cm.getDate());
continue;
}
if (version != null && !FhirUtility.compareString(version, cm.getVersion())) {
logger.info(" SKIP version mismatch = " + cm.getVersion());
logger.debug(" SKIP version mismatch = " + cm.getVersion());
continue;
}

Expand Down Expand Up @@ -463,30 +463,30 @@ private List<ConceptMap> findPossibleConceptMaps(
final ConceptMap cm = FhirUtilityR5.toR5(mapset);
// Skip non-matching
if (url != null && !url.getValue().equals(cm.getUrl())) {
logger.info(" SKIP url mismatch = " + cm.getUrl());
logger.debug(" SKIP url mismatch = " + cm.getUrl());
continue;
}
if (id != null && !id.getIdPart().equals(cm.getId())) {
logger.info(" SKIP id mismatch = " + cm.getName());
logger.debug(" SKIP id mismatch = " + cm.getName());
continue;
}
if (system != null && !system.getValue().equals(cm.getUrl())) {
logger.info(" SKIP system mismatch = " + cm.getUrl());
logger.debug(" SKIP system mismatch = " + cm.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cm.getDate())) {
logger.info(" SKIP date mismatch = " + cm.getDate());
logger.debug(" SKIP date mismatch = " + cm.getDate());
continue;
}
if (version != null && !version.getValue().equals(cm.getVersion())) {
logger.info(" SKIP version mismatch = " + cm.getVersion());
logger.debug(" SKIP version mismatch = " + cm.getVersion());
continue;
}
if (targetSystem != null
&& !targetSystem
.getValue()
.equals(cm.getTargetScopeUriType().getValue().replaceFirst("\\?fhir_vs$", ""))) {
logger.info(" SKIP target mismatch = " + cm.getTargetScopeUriType().getValue());
logger.debug(" SKIP target mismatch = " + cm.getTargetScopeUriType().getValue());
continue;
}

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/gov/nih/nci/evs/api/fhir/R5/HapiR5RestfulServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,6 @@ public void unknownReference(
// Register interceptors
registerInterceptor(new OpenApiInterceptorR5());

logger.info("FHIR Resource providers and interceptors registered");
logger.debug("FHIR Resource providers and interceptors registered");
}
}
Loading

0 comments on commit c875bb9

Please sign in to comment.