Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reject FHIR resources with control chars #2605 #2820

Merged
merged 5 commits into from
Oct 12, 2021
Merged

Reject FHIR resources with control chars #2605 #2820

merged 5 commits into from
Oct 12, 2021

Conversation

prb112
Copy link
Contributor

@prb112 prb112 commented Oct 1, 2021
edited
Loading

Originally I started off at the fhir-server module, and wrote a ReadInterceptor with a ReadableByteChannel which scanned for 1,2,3,4 byte sequences with forbidden bytes. It's a bit more complicated as they can be encoded as entity values or escaped unicode and not in the natural bytes.

I ended up taking those tests and pushing the tests down into fhir-model along with a test case from @lmsurpre and hardened ValidationSupport to check for Unicode characters which are forbidden.

The key changes are in ValidationSupport.

Signed-off-by: Paul Bastide pbastide@us.ibm.com

@prb112
Reject FHIR resources with the control chars #2605
459d60a 
Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
@prb112 prb112 added the bug Something isn't working label Oct 1, 2021
@prb112 prb112 self-assigned this Oct 1, 2021
punktilious
punktilious requested changes Oct 4, 2021
View reviewed changes
Copy link
Collaborator

@punktilious punktilious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to compare performance.

@prb112 prb112 changed the title Reject FHIR resources with the control chars #2605 Reject FHIR resources with control chars #2605 Oct 4, 2021
@prb112
Copy link
Contributor Author

prb112 commented Oct 7, 2021
edited
Loading

I've updated the issue with my feedback. #2605 (comment)
Net, after testing my original SET contains is the most efficient by about 30% and slower than the Original implementation by about 30%.

I have some optimizations that I've made to StringFormat usage for the error message assembly, that speeds processing up. The changes are captured in the comparision of the Original,Set,Byte/Integer check.

All my tests were are the latest adoptopenjdk 11

@prb112
Update per performance analysis
8ceb4a8 
Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
@prb112
Copy link
Contributor Author

prb112 commented Oct 7, 2021

I think we need to compare performance.

included as a reply in the original issue and as noted above.

@lmsurpre lmsurpre self-requested a review October 8, 2021 17:09
lmsurpre
lmsurpre approved these changes Oct 8, 2021
View reviewed changes
Copy link
Member

@lmsurpre lmsurpre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

even at 30% and slower, I don't think this method will even register against the total time to parse a resource

@lmsurpre
Copy link
Member

lmsurpre commented Oct 8, 2021
edited
Loading

I approved, but I don't think it addresses the "add a ModelConfig option to make this a warning instead of an error" part of the issue yet: #2605 (comment)

Let me know if I just missed it, or if you're thinking to do a followup PR for that part.

@prb112
Copy link
Contributor Author

prb112 commented Oct 11, 2021

I approved, but I don't think it addresses the "add a ModelConfig option to make this a warning instead of an error" part of the issue yet: #2605 (comment)

Let me know if I just missed it, or if you're thinking to do a followup PR for that part.

I was layering this as two separate changes to discuss; I plan to add the ModelConfig change with this PR.

@prb112
Update with Model Config
b6591db 
Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
@prb112
Copy link
Contributor Author

prb112 commented Oct 11, 2021

Implemented, waiting on ci/cd

punktilious
punktilious approved these changes Oct 11, 2021
View reviewed changes
Copy link
Collaborator

@punktilious punktilious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@prb112 prb112 added the ci-skip Skips the CI Build label Oct 12, 2021
@prb112
Update Docs with new value
fd39c49 
Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
@prb112 prb112 merged commit 37a0eb2 into main Oct 12, 2021
@prb112 prb112 deleted the issue-2605 branch October 12, 2021 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lmsurpre lmsurpre lmsurpre approved these changes

@punktilious punktilious punktilious approved these changes

Assignees

@prb112 prb112

Labels
bug Something isn't working ci-skip Skips the CI Build
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@prb112 @lmsurpre @punktilious