Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
2a03390
update: updated and removed some dependencies for security purpose
kateyang1998 Jun 26, 2025
b6f8d3d
update: updated axis2 to 1.8.0
kateyang1998 Jul 2, 2025
b3f93f2
update: updated commons-client to httpclient 4.5.14
kateyang1998 Jul 2, 2025
15b5fb4
update: added comments in pom.xml for future development
kateyang1998 Jul 3, 2025
529f34f
Merge branch 'develop/coyote' into issue-322
kateyang1998 Jul 17, 2025
9b22058
update: updated the pom dependencies to solve compilation errors.
kateyang1998 Jul 17, 2025
39ff1d4
update: updated and excluded some dependencies by Dependabot suggestion
kateyang1998 Jul 17, 2025
b779114
update: removed commons-lang, and refactored relative classes
kateyang1998 Jul 18, 2025
dc75ba8
Merge branch 'develop/coyote' into issue-322
LiamStanziani Jul 23, 2025
665ac18
Merge branch 'develop/coyote' into issue-322
kateyang1998 Aug 8, 2025
69eae9e
Revert "update: removed commons-lang, and refactored relative classes"
kateyang1998 Aug 12, 2025
04c74c1
fix: added missing import org.apache.commons.lang.StringUtils
kateyang1998 Aug 12, 2025
8ac1559
Merge branch 'develop/coyote' into issue-322
kateyang1998 Aug 12, 2025
16db828
fix: fixed the SESSION CASEMANAGEMENT NOTE LOCK NULL issue when click…
kateyang1998 Aug 25, 2025
0e1b8c8
update: removed redundant comments and blank spaces in CaseManagement…
kateyang1998 Aug 25, 2025
8957a46
update: added checking process of array value by soucery's suggestion
kateyang1998 Aug 25, 2025
5f59887
Merge branch 'develop/coyote' into issue-322
kateyang1998 Aug 28, 2025
5806745
update: updated some dependencies to higher version
kateyang1998 Aug 28, 2025
dbfd090
Merge pull request #470 from openo-beta/issue-436
yingbull Aug 29, 2025
ce2f444
fix: fixed some jsp compilation errors
kateyang1998 Aug 31, 2025
d78175e
fix: fixed 500 error caused in some patients' EChart -> encounter note
kateyang1998 Aug 31, 2025
ca300ca
Fixed jsp compilation errors, removed some unused libraraies from Ont…
LiamStanziani Sep 1, 2025
29598c4
Merge branch 'develop/coyote' into issue-322
LiamStanziani Sep 1, 2025
2ace7be
Potential fixes for the new CodeQL security failures
LiamStanziani Sep 1, 2025
9716b31
Added path conversion of path and allowed paths instead of strings
LiamStanziani Sep 1, 2025
8822ca0
Added into failing test class to include table that isnt being create…
LiamStanziani Sep 1, 2025
e33426d
Merge branch 'issue-322' into issue-322-dogfish
LiamStanziani Sep 1, 2025
438c94f
Updated some broken areas of the merge from the other branch
LiamStanziani Sep 1, 2025
92e79f3
Fixed warnings on make clean due to duplicate dependencies in pom.xml
LiamStanziani Sep 1, 2025
8cc5ad9
Fixed 404 issue with new inboxhub form and unmatched version
LiamStanziani Sep 1, 2025
2849352
Fixed sourcery comments
LiamStanziani Sep 2, 2025
3b1d79e
Fixed jsp compilation errors on dogfish branches
LiamStanziani Sep 2, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,056 changes: 625 additions & 431 deletions dependencies-lock.json

Large diffs are not rendered by default.

341 changes: 291 additions & 50 deletions pom.xml

Large diffs are not rendered by default.

231 changes: 121 additions & 110 deletions src/main/java/ca/openosp/openo/billings/ca/bc/Teleplan/TeleplanAPI.java

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,15 @@
import java.io.File;
import java.io.FileReader;
import java.math.BigDecimal;
import java.nio.file.Path;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;

import ca.openosp.openo.utility.MiscUtils;

import ca.openosp.OscarProperties;


/**
* @author jay
Expand All @@ -60,7 +63,18 @@ public TeleplanCodesManager() {
REM075 ** Description This is a Title description **
REM076 ** **
*/
public List parse(File f) throws Exception {
public List parse(File f) throws Exception {
// Define allowed directory (configure this based on your needs)
File allowedDir = new File(OscarProperties.getInstance().getProperty("DOCUMENT_DIR"));

// Convert to Path and normalize
Path filePath = f.toPath().normalize().toAbsolutePath();
Path allowedPath = allowedDir.toPath().normalize().toAbsolutePath();

if (!filePath.startsWith(allowedPath)) {
throw new SecurityException("File access not allowed outside designated directory");
}

BufferedReader buff = new BufferedReader(new FileReader(f));

String line = null;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.file.Path;

import org.apache.logging.log4j.Logger;
import ca.openosp.openo.utility.MiscUtils;
Expand Down Expand Up @@ -85,10 +86,21 @@ void processResponseStream(InputStream in) {
File file = new File(tempFile);
realFilename = "teleplan" + this.getFilename() + randNum;
File file2 = new File(directory + realFilename);

// Define allowed directory (configure this based on your needs)
File allowedDir = new File(OscarProperties.getInstance().getProperty("DOCUMENT_DIR"));

// Convert to Path and normalize
Path filePath = file2.toPath().normalize().toAbsolutePath();
Path allowedPath = allowedDir.toPath().normalize().toAbsolutePath();

if (!filePath.startsWith(allowedPath)) {
throw new SecurityException("File access not allowed outside designated directory");
}

boolean success = file.renameTo(file2);
if (!success) {
log.error("File was not successfully renamed");
//
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.nio.file.Path;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
Expand Down Expand Up @@ -159,6 +160,18 @@ public String updateteleplanICDCodesList()
log.debug("real filename " + tr.getRealFilename());

File file = tr.getFile();

// Define allowed directory (configure this based on your needs)
File allowedDir = new File(OscarProperties.getInstance().getProperty("DOCUMENT_DIR"));

// Convert to Path and normalize
Path filePath = file.toPath().normalize().toAbsolutePath();
Path allowedPath = allowedDir.toPath().normalize().toAbsolutePath();

if (!filePath.startsWith(allowedPath)) {
throw new SecurityException("File access not allowed outside designated directory");
}

BufferedReader buff = new BufferedReader(new FileReader(file));

String line = null;
Expand Down Expand Up @@ -220,6 +233,18 @@ public String updateExplanatoryCodesList()
log.debug("real filename " + tr.getRealFilename());

File file = tr.getFile();

// Define allowed directory (configure this based on your needs)
File allowedDir = new File(OscarProperties.getInstance().getProperty("DOCUMENT_DIR"));

// Convert to Path and normalize
Path filePath = file.toPath().normalize().toAbsolutePath();
Path allowedPath = allowedDir.toPath().normalize().toAbsolutePath();

if (!filePath.startsWith(allowedPath)) {
throw new SecurityException("File access not allowed outside designated directory");
}

BufferedReader buff = new BufferedReader(new FileReader(file));

String line = null;
Expand Down Expand Up @@ -510,6 +535,19 @@ public String checkElig()
String realFile = tr.getRealFilename();
if (realFile != null && !realFile.trim().equals("")) {
File file = tr.getFile();

// Define allowed directory (configure this based on your needs)
File allowedDir = new File(OscarProperties.getInstance().getProperty("DOCUMENT_DIR"));

// Convert to Path and normalize
Path filePath = file.toPath().normalize().toAbsolutePath();
Path allowedPath = allowedDir.toPath().normalize().toAbsolutePath();


if (!filePath.startsWith(allowedPath)) {
throw new SecurityException("File access not allowed outside designated directory");
}

BufferedReader buff = new BufferedReader(new FileReader(file));
StringBuilder sb = new StringBuilder();
String line = null;
Expand Down
Loading
Loading