From 48fd41c537cda3566e85c8c53f10951492b3f811 Mon Sep 17 00:00:00 2001 From: dotasek Date: Thu, 23 Jan 2025 16:00:51 -0500 Subject: [PATCH 1/2] Bump parent to 7.7.18-SNAPSHOT fix CR breakage --- pom.xml | 2 +- .../starter/cdshooks/ModuleConfigurationPrefetchSvc.java | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 0cd2dab..f22ce9b 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ ca.uhn.hapi.fhir hapi-fhir - 7.7.16-SNAPSHOT + 7.7.18-SNAPSHOT hapi-fhir-jpaserver-starter diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/cdshooks/ModuleConfigurationPrefetchSvc.java b/src/main/java/ca/uhn/fhir/jpa/starter/cdshooks/ModuleConfigurationPrefetchSvc.java index 0ffaaa7..bd927dd 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/cdshooks/ModuleConfigurationPrefetchSvc.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/cdshooks/ModuleConfigurationPrefetchSvc.java @@ -2,6 +2,7 @@ package ca.uhn.fhir.jpa.starter.cdshooks; import ca.uhn.fhir.context.FhirContext; import ca.uhn.fhir.i18n.Msg; +import ca.uhn.fhir.interceptor.api.IInterceptorBroadcaster; import ca.uhn.fhir.rest.client.api.IClientInterceptor; import ca.uhn.fhir.rest.client.api.IGenericClient; import ca.uhn.fhir.rest.client.interceptor.BearerTokenAuthInterceptor; @@ -53,8 +54,9 @@ public class ModuleConfigurationPrefetchSvc extends CdsPrefetchSvc { public ModuleConfigurationPrefetchSvc(CdsResolutionStrategySvc theCdsResolutionStrategySvc, CdsPrefetchDaoSvc theResourcePrefetchDao, CdsPrefetchFhirClientSvc theResourcePrefetchFhirClient, - ICdsHooksDaoAuthorizationSvc theCdsHooksDaoAuthorizationSvc) { - super(theCdsResolutionStrategySvc, theResourcePrefetchDao, theResourcePrefetchFhirClient, theCdsHooksDaoAuthorizationSvc); + ICdsHooksDaoAuthorizationSvc theCdsHooksDaoAuthorizationSvc, + IInterceptorBroadcaster theInterceptorBroadcaster) { + super(theCdsResolutionStrategySvc, theResourcePrefetchDao, theResourcePrefetchFhirClient, theCdsHooksDaoAuthorizationSvc, theInterceptorBroadcaster); myResourcePrefetchFhirClient = theResourcePrefetchFhirClient; fhirContext = theResourcePrefetchDao.getFhirContext(); } From e7cc34d78914bac1348a1e18a5692c3fe92c8b7c Mon Sep 17 00:00:00 2001 From: Joel Schneider Date: Mon, 27 Jan 2025 10:06:21 -0600 Subject: [PATCH 2/2] use URI constructor instead of string concatenation, to avoid having static code analysis tool complain about "Concatenating user-controlled input into a URL" security issue --- src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java b/src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java index 041a4fc..7c48fdf 100644 --- a/src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java +++ b/src/test/java/ca/uhn/fhir/jpa/starter/ExampleServerR4IT.java @@ -41,6 +41,7 @@ import org.springframework.boot.test.web.server.LocalServerPort; import java.io.IOException; import java.net.URI; +import java.net.URISyntaxException; import java.util.ArrayList; import java.util.List; import java.util.concurrent.TimeUnit; @@ -315,10 +316,10 @@ class ExampleServerR4IT implements IServerSupport { @ParameterizedTest @ValueSource(strings = {"prometheus", "health", "metrics", "info"}) - void testActuatorEndpointExists(String endpoint) throws IOException { + void testActuatorEndpointExists(String endpoint) throws IOException, URISyntaxException { CloseableHttpClient httpclient = HttpClients.createDefault(); - CloseableHttpResponse response = httpclient.execute(new HttpGet("http://localhost:" + port + "/actuator/" + endpoint)); + CloseableHttpResponse response = httpclient.execute(new HttpGet(new URI("http", null, "localhost", port, "/actuator/" + endpoint, null, null))); int statusCode = response.getStatusLine().getStatusCode(); assertEquals(200, statusCode);