Fb orscf #295
Fb orscf #295
Conversation
updated orscf packages created filter service applied to uid-filters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
CodeQL found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
| return resp.status(200).json({ | ||
| fault: null, | ||
| createdVisitUids: createdVisitUids, | ||
| updatedVisitUids: updatedVisitUids |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression (experimental)
| WHERE subject_uid = $5 RETURNING subject_uid', | ||
| [ | ||
| subjectMutation.periodStart, | ||
| subjectMutation.status, |
Check failure
Code scanning / CodeQL
SQL database query built from user-controlled sources (experimental)
| [ | ||
| subjectMutation.periodStart, | ||
| subjectMutation.status, | ||
| subjectMutation.periodEnd, |
Check failure
Code scanning / CodeQL
SQL database query built from user-controlled sources (experimental)
| public async applyVisitBatchMutation(req: Request, resp: Response) { | ||
| try { | ||
| const visitUids: string[] = req.body.visitUids; | ||
| if (visitUids == undefined || visitUids == null) { |
Check notice
Code scanning / CodeQL
Unneeded defensive code
| return resp.status(200).json({ fault: 'no visits on request', return: null }); | ||
| } | ||
| const mutation: VdrModels.BatchableVisitMutation = req.body.mutation; | ||
| if (mutation == undefined || mutation == null) { |
Check notice
Code scanning / CodeQL
Unneeded defensive code
| logger.info(cmd); | ||
| const getVisitsQuery = await pool.query(cmd); | ||
| return getVisitsQuery.rows.map((x) => { | ||
| return VdrMappingHelper.toCamelCase(x); |
There was a problem hiding this comment.
this is redundant as the query already returns all attributes in camel case?
| // const searchQuery2 = await pool.query(`SELECT \ | ||
| // subject_uid AS "subjectUid", \ | ||
| // subject_id AS "subjectIdentifier", \ | ||
| // study_uid AS "studyUid", \ | ||
| // actual_site_uid AS "actualSiteUid", \ | ||
| // 0 AS "isArchived", \ | ||
| // 0 AS modiciationTimestampUtc \ | ||
| // FROM studyparticipant`); | ||
|
|
||
| // return searchQuery2.rows; |
| // result = SearchFilterService.appendAndFilter( | ||
| // result, | ||
| // SearchFilterService.buildStringClause(filter.assignedArm, varName, 'assigned_arm') | ||
| // ); | ||
| // result = SearchFilterService.appendAndFilter( | ||
| // result, | ||
| // SearchFilterService.buildStringClause(filter.actualArm, varName, 'actual_arm') | ||
| // ); |
|
|
||
| // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types | ||
| static secretCallback(req, payload, done) { | ||
| const result = env | ||
| .get('JWT_SECRET') | ||
| .default(randomBytes(256).toString('base64')) | ||
| .asString(); | ||
| done(null, result); | ||
| } |
| static getJwtSecret(): string { | ||
| return env.get('JWT_SECRET').default(randomBytes(256).toString('base64')).asString(); | ||
| } |
There was a problem hiding this comment.
Same method as in AuthConfig: duplicate code; also unused
| '${dr.recordedData}' | ||
| )`; | ||
| logger.info(cmd); | ||
| await pool.query(cmd); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources
| where id = '${dr.dataRecordingUid}' | ||
| `; | ||
| logger.info(cmd); | ||
| await pool.query(cmd); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources
add orscf features to enable the study to be managed via orscf dashboard.
these features are optional