From d9a208a09e426ef0488ed70b14d0205393391f93 Mon Sep 17 00:00:00 2001 From: Adam Brown Date: Tue, 17 Mar 2026 12:01:38 +0000 Subject: [PATCH 1/3] [AEA-6305] fix validator to properly validate cpt api style fhir messages --- .../controller/ValidateController.java | 12 ++---- src/test/resources/results/searchSet.json | 39 ++++++++++++++++++- 2 files changed, 41 insertions(+), 10 deletions(-) diff --git a/src/main/java/software/nhs/fhirvalidator/controller/ValidateController.java b/src/main/java/software/nhs/fhirvalidator/controller/ValidateController.java index d53bc995..ed608ce4 100644 --- a/src/main/java/software/nhs/fhirvalidator/controller/ValidateController.java +++ b/src/main/java/software/nhs/fhirvalidator/controller/ValidateController.java @@ -11,7 +11,6 @@ import org.hl7.fhir.instance.model.api.IBaseResource; import org.hl7.fhir.r4.model.Bundle; import org.hl7.fhir.r4.model.OperationOutcome; -import org.hl7.fhir.r4.model.ResourceType; import org.hl7.fhir.r4.model.OperationOutcome.OperationOutcomeIssueComponent; import ca.uhn.fhir.context.FhirContext; @@ -80,7 +79,7 @@ public OperationOutcome parseAndValidateResource(String input) { | DataFormatException e) { log.error(e.toString()); return OperationOutcomeUtils - .createOperationOutcome(e.getMessage() != null ? e.getMessage() : "Invalid JSON", null); + .createOperationOutcome((e.getMessage() != null && !e.getMessage().contains("null")) ? e.getMessage() : "Invalid JSON", null); } } @@ -101,15 +100,10 @@ private List getResourcesToValidate(IBaseResource inputResource) if (inputResource instanceof Bundle _inputResource && (_inputResource.getType() == Bundle.BundleType.SEARCHSET)) { List bundleResources = new ArrayList<>(); for (Bundle.BundleEntryComponent entry : ((Bundle) inputResource).getEntry()) { - if (entry.getResource().fhirType().equals("Bundle")) { - bundleResources.add(entry.getResource()); - } + bundleResources.add(entry.getResource()); } - if (bundleResources.stream() - .allMatch(resource -> ((Bundle) resource).getResourceType() == ResourceType.Bundle)) { - return bundleResources; - } + return bundleResources; } return Arrays.asList(inputResource); diff --git a/src/test/resources/results/searchSet.json b/src/test/resources/results/searchSet.json index 2e53ede9..c62e737b 100644 --- a/src/test/resources/results/searchSet.json +++ b/src/test/resources/results/searchSet.json @@ -2391,6 +2391,43 @@ "Bundle.entry[4].resource/*Organization/154dcc4a-0006-4272-9758-9dcb8d95ce8b*/", "Line[1] Col[3089]" ] + }, + { + "extension": [ + { + "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-line", + "valueInteger": 1 + }, + { + "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-col", + "valueInteger": 496 } - ] + ], + "severity": "warning", + "code": "processing", + "diagnostics": "Constraint failed: dom-6: 'A resource should have narrative for robust management' (defined in http://hl7.org/fhir/StructureDefinition/DomainResource) (Best Practice Recommendation)", + "location": [ + "OperationOutcome", + "Line[1] Col[496]" + ] + }, + { + "extension": [ + { + "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-line", + "valueInteger": 1 + }, + { + "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-col", + "valueInteger": 496 + } + ], + "severity": "warning", + "code": "processing", + "diagnostics": "Constraint failed: dom-6: 'A resource should have narrative for robust management' (defined in http://hl7.org/fhir/StructureDefinition/DomainResource) (Best Practice Recommendation)", + "location": [ + "OperationOutcome", + "Line[1] Col[496]" + ] + }] } From dcf27feda4a7188b007a3f57bfb236ca66a7574b Mon Sep 17 00:00:00 2001 From: Adam Brown Date: Wed, 18 Mar 2026 17:21:10 +0000 Subject: [PATCH 2/3] [AEA-6305] review comments --- .../controller/ValidateController.java | 3 +- src/test/resources/results/searchSet.json | 67 ++++++++++--------- 2 files changed, 36 insertions(+), 34 deletions(-) diff --git a/src/main/java/software/nhs/fhirvalidator/controller/ValidateController.java b/src/main/java/software/nhs/fhirvalidator/controller/ValidateController.java index ed608ce4..9fdfa4b6 100644 --- a/src/main/java/software/nhs/fhirvalidator/controller/ValidateController.java +++ b/src/main/java/software/nhs/fhirvalidator/controller/ValidateController.java @@ -79,7 +79,8 @@ public OperationOutcome parseAndValidateResource(String input) { | DataFormatException e) { log.error(e.toString()); return OperationOutcomeUtils - .createOperationOutcome((e.getMessage() != null && !e.getMessage().contains("null")) ? e.getMessage() : "Invalid JSON", null); + .createOperationOutcome((e.getMessage() != null && !(e instanceof NullPointerException)) + ? e.getMessage() : "Invalid JSON", null); } } diff --git a/src/test/resources/results/searchSet.json b/src/test/resources/results/searchSet.json index c62e737b..4b285f30 100644 --- a/src/test/resources/results/searchSet.json +++ b/src/test/resources/results/searchSet.json @@ -2393,41 +2393,42 @@ ] }, { - "extension": [ - { - "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-line", - "valueInteger": 1 - }, - { - "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-col", - "valueInteger": 496 - } - ], - "severity": "warning", - "code": "processing", - "diagnostics": "Constraint failed: dom-6: 'A resource should have narrative for robust management' (defined in http://hl7.org/fhir/StructureDefinition/DomainResource) (Best Practice Recommendation)", - "location": [ - "OperationOutcome", - "Line[1] Col[496]" - ] - }, - { - "extension": [ - { + "extension": [ + { "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-line", "valueInteger": 1 - }, - { + }, + { "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-col", "valueInteger": 496 - } - ], - "severity": "warning", - "code": "processing", - "diagnostics": "Constraint failed: dom-6: 'A resource should have narrative for robust management' (defined in http://hl7.org/fhir/StructureDefinition/DomainResource) (Best Practice Recommendation)", - "location": [ - "OperationOutcome", - "Line[1] Col[496]" - ] - }] + } + ], + "severity": "warning", + "code": "processing", + "diagnostics": "Constraint failed: dom-6: 'A resource should have narrative for robust management' (defined in http://hl7.org/fhir/StructureDefinition/DomainResource) (Best Practice Recommendation)", + "location": [ + "OperationOutcome", + "Line[1] Col[496]" + ] + }, + { + "extension": [ + { + "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-line", + "valueInteger": 1 + }, + { + "url": "http://hl7.org/fhir/StructureDefinition/operationoutcome-issue-col", + "valueInteger": 496 + } + ], + "severity": "warning", + "code": "processing", + "diagnostics": "Constraint failed: dom-6: 'A resource should have narrative for robust management' (defined in http://hl7.org/fhir/StructureDefinition/DomainResource) (Best Practice Recommendation)", + "location": [ + "OperationOutcome", + "Line[1] Col[496]" + ] + } + ] } From 50ce60e62efc2eec8c0c05c035c1d29dd1cc0aa2 Mon Sep 17 00:00:00 2001 From: Adam Brown Date: Thu, 19 Mar 2026 11:54:35 +0000 Subject: [PATCH 3/3] [AEA-6305] add new trivy ignore --- .trivyignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.trivyignore b/.trivyignore index 69194e68..dddbad2d 100644 --- a/.trivyignore +++ b/.trivyignore @@ -18,6 +18,7 @@ CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 +CVE-2026-33180 # upgrading fasterxml-core to fixed version 2.21.1 appears to not # be compatible with 2.19.2 of fasterxml-annotations GHSA-72hv-8253-57qq