Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EVSRESTAPI-540: fix vulnerability scan issue #314

Merged
merged 4 commits into from
Dec 19, 2024
Merged

EVSRESTAPI-540: fix vulnerability scan issue #314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8caf056
fix
bcarlsenca Dec 18, 2024
0b34d69
escape html
bcarlsenca Dec 18, 2024
c6ce07d
spotless
bcarlsenca Dec 18, 2024
72d6898
Fixes
bcarlsenca Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,9 +129,9 @@ dependencies {
exclude group: 'org.apache.logging.log4j', module: 'log4j-to-slf4j'
}
implementation 'ca.uhn.hapi.fhir:hapi-fhir-server-openapi:7.4.5'
implementation 'org.fhir:ucum:1.0.9'

// For the moment, these require explicit 6.4.0 to resolve vulnerabilities (as 7.4.5 above is current)
implementation 'org.fhir:ucum:1.0.9'
implementation 'ca.uhn.hapi.fhir:org.hl7.fhir.convertors:6.4.0'
implementation 'ca.uhn.hapi.fhir:org.hl7.fhir.dstu2:6.4.0'
implementation 'ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may:6.4.0'
Expand Down
14 changes: 7 additions & 7 deletions src/main/java/gov/nih/nci/evs/api/fhir/R4/CodeSystemProviderR4.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -678,19 +678,19 @@ public Bundle findCodeSystems(
// Skip non-matching
if ((id != null && !id.getValue().equals(cs.getId()))
|| (system != null && !system.getValue().equals(cs.getUrl()))) {
logger.info(" SKIP url mismatch = " + cs.getUrl());
logger.debug(" SKIP url mismatch = " + cs.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cs.getDate())) {
logger.info(" SKIP date mismatch = " + cs.getDate());
logger.debug(" SKIP date mismatch = " + cs.getDate());
continue;
}
if (title != null && !FhirUtility.compareString(title, cs.getTitle())) {
logger.info(" SKIP title mismatch = " + cs.getTitle());
logger.debug(" SKIP title mismatch = " + cs.getTitle());
continue;
}
if (version != null && !FhirUtility.compareString(version, cs.getVersion())) {
logger.info(" SKIP version mismatch = " + cs.getVersion());
logger.debug(" SKIP version mismatch = " + cs.getVersion());
continue;
}

Expand Down Expand Up @@ -737,15 +737,15 @@ private List<CodeSystem> findPossibleCodeSystems(
// Skip non-matching
if ((id != null && !id.getIdPart().equals(cs.getId()))
|| (url != null && !url.getValue().equals(cs.getUrl()))) {
logger.info(" SKIP url mismatch = " + cs.getUrl());
logger.debug(" SKIP url mismatch = " + cs.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cs.getDate())) {
logger.info(" SKIP date mismatch = " + cs.getDate());
logger.debug(" SKIP date mismatch = " + cs.getDate());
continue;
}
if (version != null && !version.getValue().equals(cs.getVersion())) {
logger.info(" SKIP version mismatch = " + cs.getVersion());
logger.debug(" SKIP version mismatch = " + cs.getVersion());
continue;
}

Expand Down
26 changes: 13 additions & 13 deletions src/main/java/gov/nih/nci/evs/api/fhir/R4/ConceptMapProviderR4.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,23 +347,23 @@ public Bundle findConceptMaps(
final ConceptMap cm = FhirUtilityR4.toR4(mapset);
// Skip non-matching
if (url != null && !url.getValue().equals(cm.getUrl())) {
logger.info(" SKIP url mismatch = " + cm.getUrl());
logger.debug(" SKIP url mismatch = " + cm.getUrl());
continue;
}
if (id != null && !id.getValue().equals(cm.getId())) {
logger.info(" SKIP id mismatch = " + cm.getName());
logger.debug(" SKIP id mismatch = " + cm.getName());
continue;
}
if (system != null && !system.getValue().equals(cm.getName())) {
logger.info(" SKIP system mismatch = " + cm.getName());
logger.debug(" SKIP system mismatch = " + cm.getName());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cm.getDate())) {
logger.info(" SKIP date mismatch = " + cm.getDate());
logger.debug(" SKIP date mismatch = " + cm.getDate());
continue;
}
if (version != null && !FhirUtility.compareString(version, cm.getVersion())) {
logger.info(" SKIP version mismatch = " + cm.getVersion());
logger.debug(" SKIP version mismatch = " + cm.getVersion());
continue;
}

Expand Down Expand Up @@ -424,38 +424,38 @@ private List<ConceptMap> findPossibleConceptMaps(
final ConceptMap cm = FhirUtilityR4.toR4(mapset);
// Skip non-matching
if (url != null && !url.getValue().equals(cm.getUrl())) {
logger.info(" SKIP url mismatch = " + cm.getUrl());
logger.debug(" SKIP url mismatch = " + cm.getUrl());
continue;
}
if (id != null && !id.getIdPart().equals(cm.getId())) {
logger.info(" SKIP id mismatch = " + cm.getName());
logger.debug(" SKIP id mismatch = " + cm.getName());
continue;
}
if (system != null && !system.getValue().equals(cm.getSourceUriType().getValue())) {
logger.info(" SKIP system mismatch = " + cm.getName());
logger.debug(" SKIP system mismatch = " + cm.getName());
continue;
}
if (targetSystem != null
&& !targetSystem.getValue().equals(cm.getTargetUriType().getValue())) {
logger.info(" SKIP targetSystem mismatch = " + cm.getName());
logger.debug(" SKIP targetSystem mismatch = " + cm.getName());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cm.getDate())) {
logger.info(" SKIP date mismatch = " + cm.getDate());
logger.debug(" SKIP date mismatch = " + cm.getDate());
continue;
}
if (version != null && !version.getValue().equals(cm.getVersion())) {
logger.info(" SKIP version mismatch = " + cm.getVersion());
logger.debug(" SKIP version mismatch = " + cm.getVersion());
continue;
}
if (source != null
&& !source.getValue().equals(cm.getSourceUriType().getValue() + "?fhir_vs")) {
logger.info(" SKIP source mismatch = " + cm.getVersion());
logger.debug(" SKIP source mismatch = " + cm.getVersion());
continue;
}
if (target != null
&& !target.getValue().equals(cm.getTargetUriType().getValue() + "?fhir_vs")) {
logger.info(" SKIP target mismatch = " + cm.getVersion());
logger.debug(" SKIP target mismatch = " + cm.getVersion());
continue;
}

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/gov/nih/nci/evs/api/fhir/R4/HapiR4RestfulServlet.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,6 @@ public void unknownReference(
// Register interceptors
registerInterceptor(new OpenApiInterceptorR4());

logger.info("FHIR Resource providers and interceptors registered");
logger.debug("FHIR Resource providers and interceptors registered");
}
}
34 changes: 17 additions & 17 deletions src/main/java/gov/nih/nci/evs/api/fhir/R4/ValueSetProviderR4.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -683,23 +683,23 @@ public Bundle findValueSets(
final ValueSet vs = FhirUtilityR4.toR4VS(terminology);
// Skip non-matching
if (id != null && !id.getValue().equals(vs.getId())) {
logger.info(" SKIP id mismatch = " + vs.getId());
logger.debug(" SKIP id mismatch = " + vs.getId());
continue;
}
if (url != null && !url.getValue().equals(vs.getUrl())) {
logger.info(" SKIP url mismatch = " + vs.getUrl());
logger.debug(" SKIP url mismatch = " + vs.getUrl());
continue;
}
if (system != null && !system.getValue().equals(vs.getTitle())) {
logger.info(" SKIP system mismatch = " + vs.getTitle());
logger.debug(" SKIP system mismatch = " + vs.getTitle());
continue;
}
if (name != null && !name.getValue().equals(vs.getName())) {
logger.info(" SKIP name mismatch = " + vs.getName());
logger.debug(" SKIP name mismatch = " + vs.getName());
continue;
}
if (version != null && !FhirUtility.compareString(version, vs.getVersion())) {
logger.info(" SKIP version mismatch = " + vs.getVersion());
logger.debug(" SKIP version mismatch = " + vs.getVersion());
continue;
}

Expand All @@ -722,27 +722,27 @@ public Bundle findValueSets(
final ValueSet vs = FhirUtilityR4.toR4VS(subset);
// Skip non-matching
if (id != null && !id.getValue().equals(vs.getId())) {
logger.info(" SKIP id mismatch = " + vs.getUrl());
logger.debug(" SKIP id mismatch = " + vs.getUrl());
continue;
}
if (url != null && !url.getValue().equals(vs.getUrl())) {
logger.info(" SKIP url mismatch = " + vs.getUrl());
logger.debug(" SKIP url mismatch = " + vs.getUrl());
continue;
}
if (system != null && !system.getValue().equals(vs.getTitle())) {
logger.info(" SKIP system mismatch = " + vs.getTitle());
logger.debug(" SKIP system mismatch = " + vs.getTitle());
continue;
}
if (name != null && !name.getValue().equals(vs.getName())) {
logger.info(" SKIP name mismatch = " + vs.getName());
logger.debug(" SKIP name mismatch = " + vs.getName());
continue;
}
if (code != null
&& !vs.getIdentifier().stream()
.filter(i -> i.getValue().equals(code.getValue()))
.findAny()
.isPresent()) {
logger.info(" SKIP code mismatch = " + vs.getTitle());
logger.debug(" SKIP code mismatch = " + vs.getTitle());
continue;
}
list.add(vs);
Expand Down Expand Up @@ -812,19 +812,19 @@ private List<ValueSet> findPossibleValueSets(
final ValueSet vs = FhirUtilityR4.toR4VS(terminology);
// Skip non-matching
if (id != null && !id.getIdPart().equals(vs.getId())) {
logger.info(" SKIP id mismatch = " + vs.getId());
logger.debug(" SKIP id mismatch = " + vs.getId());
continue;
}
if (url != null && !url.getValue().equals(vs.getUrl())) {
logger.info(" SKIP url mismatch = " + vs.getUrl());
logger.debug(" SKIP url mismatch = " + vs.getUrl());
continue;
}
if (system != null && !system.getValue().equals(vs.getTitle())) {
logger.info(" SKIP system mismatch = " + vs.getTitle());
logger.debug(" SKIP system mismatch = " + vs.getTitle());
continue;
}
if (version != null && !version.getValue().equals(vs.getVersion())) {
logger.info(" SKIP version mismatch = " + vs.getVersion());
logger.debug(" SKIP version mismatch = " + vs.getVersion());
continue;
}

Expand All @@ -848,15 +848,15 @@ private List<ValueSet> findPossibleValueSets(

// Skip non-matching
if (id != null && !id.getIdPart().equals(vs.getId())) {
logger.info(" SKIP id mismatch = " + vs.getId());
logger.debug(" SKIP id mismatch = " + vs.getId());
continue;
}
if (url != null && !url.getValue().equals(vs.getUrl())) {
logger.info(" SKIP url mismatch = " + vs.getUrl());
logger.debug(" SKIP url mismatch = " + vs.getUrl());
continue;
}
if (system != null && !system.getValue().equals(vs.getTitle())) {
logger.info(" SKIP system mismatch = " + vs.getTitle());
logger.debug(" SKIP system mismatch = " + vs.getTitle());
continue;
}
list.add(vs);
Expand Down
20 changes: 10 additions & 10 deletions src/main/java/gov/nih/nci/evs/api/fhir/R5/CodeSystemProviderR5.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,31 +118,31 @@ public Bundle findCodeSystems(
// Skip non-matching
if ((id != null && !id.getValue().equals(cs.getIdPart()))
|| (url != null && !url.getValue().equals(cs.getUrl()))) {
logger.info(" SKIP url mismatch = " + cs.getUrl());
logger.debug(" SKIP url mismatch = " + cs.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cs.getDate())) {
logger.info(" SKIP date mismatch = " + cs.getDate());
logger.debug(" SKIP date mismatch = " + cs.getDate());
continue;
}
if (description != null && !FhirUtility.compareString(description, cs.getDescription())) {
logger.info(" SKIP description mismatch = " + cs.getDescription());
logger.debug(" SKIP description mismatch = " + cs.getDescription());
continue;
}
if (name != null && !FhirUtility.compareString(name, cs.getName())) {
logger.info(" SKIP name mismatch = " + cs.getName());
logger.debug(" SKIP name mismatch = " + cs.getName());
continue;
}
if (publisher != null && !FhirUtility.compareString(publisher, cs.getPublisher())) {
logger.info(" SKIP publisher mismatch = " + cs.getPublisher());
logger.debug(" SKIP publisher mismatch = " + cs.getPublisher());
continue;
}
if (title != null && !FhirUtility.compareString(title, cs.getTitle())) {
logger.info(" SKIP title mismatch = " + cs.getTitle());
logger.debug(" SKIP title mismatch = " + cs.getTitle());
continue;
}
if (version != null && !FhirUtility.compareString(version, cs.getVersion())) {
logger.info(" SKIP version mismatch = " + cs.getVersion());
logger.debug(" SKIP version mismatch = " + cs.getVersion());
continue;
}

Expand Down Expand Up @@ -785,15 +785,15 @@ private List<CodeSystem> findPossibleCodeSystems(
// Skip non-matching
if ((id != null && !id.getIdPart().equals(cs.getIdPart()))
|| (url != null && !url.getValue().equals(cs.getUrl()))) {
logger.info(" SKIP url mismatch = " + cs.getUrl());
logger.debug(" SKIP url mismatch = " + cs.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cs.getDate())) {
logger.info(" SKIP date mismatch = " + cs.getDate());
logger.debug(" SKIP date mismatch = " + cs.getDate());
continue;
}
if (version != null && !version.getValue().equals(cs.getVersion())) {
logger.info(" SKIP version mismatch = " + cs.getVersion());
logger.debug(" SKIP version mismatch = " + cs.getVersion());
continue;
}
list.add(cs);
Expand Down
22 changes: 11 additions & 11 deletions src/main/java/gov/nih/nci/evs/api/fhir/R5/ConceptMapProviderR5.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,23 +111,23 @@ public Bundle findConceptMaps(
final ConceptMap cm = FhirUtilityR5.toR5(mapset);
// Skip non-matching
if (url != null && !url.getValue().equals(cm.getUrl())) {
logger.info(" SKIP url mismatch = " + cm.getUrl());
logger.debug(" SKIP url mismatch = " + cm.getUrl());
continue;
}
if (id != null && !id.getValue().equals(cm.getId())) {
logger.info(" SKIP id mismatch = " + cm.getName());
logger.debug(" SKIP id mismatch = " + cm.getName());
continue;
}
if (system != null && !system.getValue().equals(cm.getName())) {
logger.info(" SKIP system mismatch = " + cm.getName());
logger.debug(" SKIP system mismatch = " + cm.getName());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cm.getDate())) {
logger.info(" SKIP date mismatch = " + cm.getDate());
logger.debug(" SKIP date mismatch = " + cm.getDate());
continue;
}
if (version != null && !FhirUtility.compareString(version, cm.getVersion())) {
logger.info(" SKIP version mismatch = " + cm.getVersion());
logger.debug(" SKIP version mismatch = " + cm.getVersion());
continue;
}

Expand Down Expand Up @@ -463,30 +463,30 @@ private List<ConceptMap> findPossibleConceptMaps(
final ConceptMap cm = FhirUtilityR5.toR5(mapset);
// Skip non-matching
if (url != null && !url.getValue().equals(cm.getUrl())) {
logger.info(" SKIP url mismatch = " + cm.getUrl());
logger.debug(" SKIP url mismatch = " + cm.getUrl());
continue;
}
if (id != null && !id.getIdPart().equals(cm.getId())) {
logger.info(" SKIP id mismatch = " + cm.getName());
logger.debug(" SKIP id mismatch = " + cm.getName());
continue;
}
if (system != null && !system.getValue().equals(cm.getUrl())) {
logger.info(" SKIP system mismatch = " + cm.getUrl());
logger.debug(" SKIP system mismatch = " + cm.getUrl());
continue;
}
if (date != null && !FhirUtility.compareDateRange(date, cm.getDate())) {
logger.info(" SKIP date mismatch = " + cm.getDate());
logger.debug(" SKIP date mismatch = " + cm.getDate());
continue;
}
if (version != null && !version.getValue().equals(cm.getVersion())) {
logger.info(" SKIP version mismatch = " + cm.getVersion());
logger.debug(" SKIP version mismatch = " + cm.getVersion());
continue;
}
if (targetSystem != null
&& !targetSystem
.getValue()
.equals(cm.getTargetScopeUriType().getValue().replaceFirst("\\?fhir_vs$", ""))) {
logger.info(" SKIP target mismatch = " + cm.getTargetScopeUriType().getValue());
logger.debug(" SKIP target mismatch = " + cm.getTargetScopeUriType().getValue());
continue;
}

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/gov/nih/nci/evs/api/fhir/R5/HapiR5RestfulServlet.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,6 @@ public void unknownReference(
// Register interceptors
registerInterceptor(new OpenApiInterceptorR5());

logger.info("FHIR Resource providers and interceptors registered");
logger.debug("FHIR Resource providers and interceptors registered");
}
}
Loading
Loading