FHIR server $validate accepts resource json with duplicate keys #1155
Comments
|
I was able to reproduce this with the following unit test: This indicates that the underlying |
|
According to this stack overflow, the JSON spec doesn't explicitly forbid duplicate keys: Even the org.json parser allows duplicate keys by default and requires a source code modification to mitigate: https://cyantificmusings.wordpress.com/2016/05/16/duplicate-keys-in-json-objects/ |
|
In order to mitigate this issue, we would need to either: a) implore the |
|
from https://www.hl7.org/fhir/json.html
So it would be nice to have a longer-term plan for this one. Maybe start by just opening an issue at https://github.com/eclipse-ee4j/jsonp/issues to see if they would consider adding it as an option? |
|
I tried swapping out the |
|
Jackson exhibits the same behavior using this code: |
|
Found an option to prohibit duplicate keys: |
|
#After further research, I found that Jackson supports a configuration that will reject duplicate keys: Jackson also has compatibility with This module implements the They said that they would welcome a PR to fix the issue directly in their codebase. |
|
Created this PR: |
|
John mentioned his PR is now accepted. We are awaiting the next release |
Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>
Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>
Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>
Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>
* Issue #1155 - upgrade to jakarta.json 2.0.1 Signed-off-by: John T.E. Timm <johntimm@us.ibm.com> * Issue #1155 - removed workaround, added unit test Signed-off-by: John T.E. Timm <johntimm@us.ibm.com> * Issue #1155 - updated bulkdata operation unit test Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>
|
Reviewing results for QA with John. Sent him a postman collection to confirm the behavior |
|
Discussed with John. Nested Objects and Arrays result in an unintended result where duplicate keys are ignored. The postman collection is at https://gist.github.com/prb112/9b1d73bcd606507df393aa497b64ae8c |
|
I created this issue in the the eclipse-ee4j/jsonp GitHub issue tracker: then I created this PR: which was immediately reviewed and merged into |
* Issue #1155 - upgrade to jakarta.json 2.0.1 Signed-off-by: John T.E. Timm <johntimm@us.ibm.com> * Issue #1155 - removed workaround, added unit test Signed-off-by: John T.E. Timm <johntimm@us.ibm.com> * Issue #1155 - updated bulkdata operation unit test Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>
Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
|
PR #2794 moves to parrson groupId and project. It's still part of Eclipse and has John's fix in it. |
|
PR is raised, and just needs QA |
Update for #1155 and move to parsson
Test passes now as expected and rejects nested duplication in the Bundle, contained and nested JSON objects |
During initial PDM R6.0 testing, it was discovered that a FHIR $validate operation would return a NoError response for a resource with duplicate keys. This can be reproduced as follows:
url: https://us-south.wh-fhir.dev.cloud.ibm.com/wh-fhir-dev/api/v4//Condition/$validate
POST payload:
{ "resourceType": "Condition", "subject": { "reference": "Patient/b589c393-4146-4fef-921d-3facbfbd3bd0" }, "subject": { "reference": "Patient/e8f4d046-4eb5-4c9e-972a-fb02c5e4d5f4" } }Strictly speaking, the json spec allows duplicate keys. But many json editors and other tooling flag dup keys as an error. I then sent the above resource to the create API. The Condition was successfully created, with the second subject only.
I think it would be prudent for FHIR to detect duplicate keys on resources and return the appropriate failure responses on validate, create, update. Persisting data in the FHIR database that passed validation and yet is not a reflection of the data sent in by the user is misleading, IMHO.
The text was updated successfully, but these errors were encountered: