[CORE-402] Fix Veracode identified Security flaws in i2b2 Server-Side Code Created: 02/Feb/21 Updated: 04/May/22 Resolved: 04/May/22 |
|
| Status: | Resolved |
| Project: | i2b2 Core Software |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.7.13 |
| Type: | Task | Priority: | Major |
| Reporter: | Reeta Metta | Assignee: | Mike Mendis |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participant/s: |
| Description |
|
Veracode security report 8/2020- , recommendation to fix i2b2-code to fix High Security flaws to be policy compliant
Module Name Compiler Operating Environment i2b2.war JAVAC_8 Java J2SE 8 i2b2.war_htmljscode.veracodegen.htmla.js JAVASCRIPT_5_1 JavaScript Module Location i2b2.war /axis2-web/HappyAxis.jsp 453 i2b2.war/Ontology.a ar edu/.../dao/ConceptDao.java 1028 i2b2.war/Ontology.a ar .../CreateConceptXmlDao.java 151 i2b2.war/Workplace. aar edu/.../dao/FolderDao.java 851 i2b2.war/Workplace. aar edu/.../dao/FolderDao.java 854 i2b2.war/Workplace. aar edu/.../dao/FolderDao.java 1621 i2b2.war/CRC.aar .../QueryResultEncounterSetGenerator.ja va 113 i2b2.war/CRC.aar .../QueryResultGenerator.java 196 i2b2.war/CRC.aar .../QueryResultPatientAgeCountGenerat or.java 103 i2b2.war/CRC.aar .../QueryResultPatientGenderCountGene rator.java 68 i2b2.war/CRC.aar .../QueryResultPatientRaceCdCountGen erator.java 68 i2b2.war/CRC.aar .../QueryResultPatientSetGenerator.java 96 i2b2.war/CRC.aar .../QueryResultPatientSQLCountGenerat or.java 153 i2b2.war/CRC.aar .../QueryResultPatientSQLCountGenerat or.java 169 i2b2.war/CRC.aar .../QueryResultPatientVitalCdCountGene rator.java 69 i2b2.war/CRC.aar .../QueryResultTypeSpringDao.java 114 |
| Comments |
| Comment by Jeffrey Klann [ 04/May/22 ] |
| Todo: add a bit more documentation on what we fixed. |