inseefr / pogues-back-office Goto Github PK
View Code? Open in Web Editor NEWBack-office services for Pogues
License: MIT License
pogues-back-office's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
Stargazers
Watchers
Forkers
thomastos laurentc35 badr-akka loichenninger orogel michaelc67 bwerquin ericthuaud fbibonne aitkarra jeandelestpogues-back-office's Issues
Error when composing with some suggester lists
When added as a response for a simple question in a standalone questionnaire, the list "Professions féminin" is ok.
When we add this ok questionnaire as a reference in a host questionnaire, we have this error message:
fr.insee.pogues.transforms.visualize.PoguesJSONToPoguesXMLImpl:class org.glassfish.json.JsonArrayBuilderImpl$JsonArrayImpl cannot be cast to class javax.json.JsonObject (org.glassfish.json.JsonArrayBuilderImpl$JsonArrayImpl and javax.json.JsonObject are in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @5d099f62)
Can be checked with lvmdbjdr and lvmdefsk respectively in the internal prod environment.
Fusion des endpoint de récupération de variables
Actuellement, il y a deux endpoints :
- un endpoint pour la composition de questionnaire
- un endpoint pour public ennemy
---> à fusionner
Change to jar for build
- warning for production (need to change server)
Expose variables from questionnaires model
Add endpoint which display all external/collected variables (with types) for a questionnaire model. This endpoint need the questionnaire model identifier as input.
Fix Vizualitation URL
Change the parameter value on properties file
The CATI visualisation does not include any sub-questionnaires.
The back office method does not dereference the questionnaire before Lunatic generation : https://github.com/InseeFr/Pogues-Back-Office/blob/main/src/main/java/fr/insee/pogues/webservice/rest/PoguesTransforms.java#L123. Missing params.put("needDeref", ref) and the call of specific transform method : https://github.com/InseeFr/Pogues-Back-Office/blob/main/src/main/java/fr/insee/pogues/transforms/visualize/PoguesJSONToPoguesJSONDerefImpl.java#L76.
API response with http code 500 when questionnaire not found
When giving inexistant id to following endpoint /api/persistence/questionnaire/{id}, api responds with status code 500.
The API should respond with 404
MàJ impossible pour questionnaire timbre restreint (DRTI) via swagger ou WS
Lors de l'appel au web-service PUT /api/persistence/questionnaire/{id} (updateQuestionnaire) via swagger ou Postman, après récupération d'un token, dans un contexte avec authentification et "blocage" d'écriture pour les questionnaires sous le timbre D75-L120 (DRTI, cas métier : pas de modification possible du TCM), retour de l'erreur suivante java pour un utilisateur autorisé (AHS, pour le questionnaire https://conception-questionnaires.insee.fr/questionnaire/lgf69bqb) :
Actions :
- Récupération d'un token en production par utilisateur DG75-L120 (Anne)
- Connexion au swagger https://api.conception-questionnaires.insee.fr/swagger-ui/index.html#/Pogues%20Persistence/updateQuestionnaire
- Authentification dans swagger
- PUT du questionnaire lgf69bqb (en PJ)
- Erreur affichée dans la log :
2023-01-30 17:01:40.102 [http-nio-8080-exec-8] ERROR org.springframework.boot.web.servlet.support.ErrorPageFilter - Forwarding to error page from request [/api/persistence/questionnaire/lgf69bqb] due to exception [null]
java.lang.NullPointerException: null
at fr.insee.pogues.config.auth.security.restrictions.StampsRestrictionsServiceImpl.isQuestionnaireOwner(StampsRestrictionsServiceImpl.java:33) ~[classes/:4.0.6]
at fr.insee.pogues.persistence.query.QuestionnairesServiceQueryPostgresqlImpl.isUserAuthorized(QuestionnairesServiceQueryPostgresqlImpl.java:266) ~[classes/:4.0.6]
at fr.insee.pogues.persistence.query.QuestionnairesServiceQueryPostgresqlImpl.updateQuestionnaire(QuestionnairesServiceQueryPostgresqlImpl.java:201) ~[classes/:4.0.6]
at fr.insee.pogues.persistence.service.QuestionnairesServiceImpl.updateQuestionnaire(QuestionnairesServiceImpl.java:99) ~[classes/:4.0.6]
at fr.insee.pogues.webservice.rest.PoguesPersistence.updateQuestionnaire(PoguesPersistence.java:286) ~[classes/:4.0.6]
at jdk.internal.reflect.GeneratedMethodAccessor161.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) ~[spring-webmvc-5.3.18.jar:5.3.18]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) ~[spring-webmvc-5.3.18.jar:5.3.18]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) ~[spring-webmvc-5.3.18.jar:5.3.18]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.3.18.jar:5.3.18]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067) ~[spring-webmvc-5.3.18.jar:5.3.18]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.18.jar:5.3.18]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.18.jar:5.3.18]
at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:920) ~[spring-webmvc-5.3.18.jar:5.3.18]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:699) ~[servlet-api.jar:4.0.FR]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.18.jar:5.3.18]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:779) ~[servlet-api.jar:4.0.FR]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.71]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-websocket.jar:9.0.71]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.71]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:137) ~[spring-security-oauth2-resource-server-5.6.2.jar:5.6.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:133) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.18.jar:5.3.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.71]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.71]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.71]
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126) ~[spring-boot-2.6.6.jar:2.6.6]
at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64) ~[spring-boot-2.6.6.jar:2.6.6]
at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101) ~[spring-boot-2.6.6.jar:2.6.6]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119) ~[spring-boot-2.6.6.jar:2.6.6]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.71]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.18.jar:5.3.18]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[catalina.jar:9.0.71]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[catalina.jar:9.0.71]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[catalina.jar:9.0.71]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) ~[catalina.jar:9.0.71]
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:769) ~[catalina.jar:9.0.71]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[catalina.jar:9.0.71]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[catalina.jar:9.0.71]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-coyote.jar:9.0.71]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote.jar:9.0.71]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:891) ~[tomcat-coyote.jar:9.0.71]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1784) ~[tomcat-coyote.jar:9.0.71]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.71]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-util.jar:9.0.71]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-util.jar:9.0.71]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.71]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Pas d'erreur lors d'une modification en passant par le front... (appel du même WS) :
2023-59-30 16:59:54.068 [http-nio-8080-exec-9] INFO fr.insee.pogues.webservice.rest.PoguesPersistence - Questionnaire lgf69bqb updated
Passer en paramètres modifiables le timbre restreint
Dynamic table - Control levels
Make HttpClient injectable
Currently Apache HttpClient is not povided through DI, which makes barelly impossible to test any service depending on it (For instance StromaeServiceImpl)
[Eno V3] Do not allow loop to be based on a main loop and have a min/max iteration values
Forbid a loop to be main and linked at the same time ...
Suggester - Features needed in BO
In order to implement the suggester design in Pogues, several features are needed on the back end side.
To be completed by @BulotF
401 in WEB v1 visu mode
Iteration objects: member reference property
"Iteration" objects have a "MemberReference" property. This property is a list of references (string identifiers) that can contain either one or two elements:
- two elements : initial member and end member
- one element means initial member and end members are the same.
The "one element" case will be removed from Pogues-Model later on, and Pogues front app will also be updated with this specification.
Yet, to ensure compatibility with existing questionnaires, the backend app must accept iterations with a member reference property containing one reference.
`transform/json/dereferenced` endpoint is not working
Endpoint to post a questionnaire which has "child questionnaire references" and get the de-referenced questionnaire in return.
The endpoint exist but does not work.
WireMock : use to test interface (DDIAS & Magma)
- we can use with open-api
- free & open-source
- integration with CI / CD (step
testwith maven)
Missing `options` key in composed questionnaire
A question in a composed questionnaire is missing the options key (in the generated Lunatic JSON file).
When generating the referenced questionnaire containing this question, the Lunatic JSON file is correct (the options key is here and valid).
Hypothesis: the handling of duplicate list code is incorrect, thus producing this bug.
See previous analysis.
Migrate the application to Spring Boot
The migration should not change the endpoints of the API.
The objectives are to migrate on a recent version of Spring Boot, clean the dependencies and to migrate to SpringDoc for the API documentation.
Revoir la gestion des properties
CVE related to org.springframework:spring-web
Recent work has been done to update the app build: #193
To this date, the code base in the "develop" branch still has security issue that should be adressed:
┌────────────────────────────────────────────────┬──────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────────────────────────────────────────┼──────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤
│ org.springframework:spring-web (pogues-bo.jar) │ CVE-2016-1000027 │ CRITICAL │ │ 5.3.30 │ 6.0.0 │ spring: HttpInvokerServiceExporter readRemoteInvocation │
│ │ │ │ │ │ │ method untrusted java deserialization │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-1000027 │
└────────────────────────────────────────────────┴──────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘
Montée de version vulnérabilité PostgreSQL
Ceux qui sont en spring boot devraient mettre à jour leur version de Spring boot (en 3.0.2 pour les apps sur la branche 3.x et en 2.7.8 pour les apps de la branche 2.x) : la bonne version de postgre suivra
- Pour celles et ceux qui montent directement la version de postgre, je vous donne les dernières à jour :
- 42.5.3 pour les apps en 42.5.X
- 42.4.3 pour les apps en 42.4.X
- 42.3.8 pour les apps en 42.3.X
Les versions en 42.1 et 42.2 sont à déconseiller (il reste d’autres vulnérabilités non résolues)
Composition - absence du scope
Evolution à apporter à Pogues-back-office lorsqu’on fait de la composition de questionnaire :
Constat : au niveau du DDI de l’enquête, il y a un conflit entre la déclaration des variables telles qu’elles sont saisies dans le module initial et le référencement de cette variable au niveau du questionnaire de l’enquête.
Correction à appliquer :
Si une boucle s’applique au questionnaire, alors :
- Pour toute Variable (collectée, externe et calculée) qui n’a pas déjà un Scope (dans le cas où elle en a déjà un, elle le conserve : on est sur une boucle de boucles), on lui affecte un Scope.
- La valeur de Scope attribuée est :
• l’identifiant de la boucle pour une boucle principale
• l’identifiant du basedOn sinon
Errors when running Pogues-BO on tomcat v8.5.24 or Higher v8.5.xx
Pogues-BO works good on Tomcat v8.5.23 or older version, but it's not the case when i choose a newer version of Tomcat v8.5.xx
Bug: When running the projects i have this error
GRAVE: StandardWrapper.Throwable java.lang.TypeNotPresentException: Type javax.persistence.PersistenceUnit not present at sun.reflect.generics.factory.CoreReflectionFactory.makeNamedType(CoreReflectionFactory.java:117) at sun.reflect.generics.visitor.Reifier.visitClassTypeSignature(Reifier.java:125) at sun.reflect.generics.tree.ClassTypeSignature.accept(ClassTypeSignature.java:49) ... Caused by: java.lang.ClassNotFoundException: javax.persistence.PersistenceUnit at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1364) ...
Dependency Dashboard
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Pending Approval
These branches will be created by Renovate only once you click their checkbox below.
- chore(deps): update dependency org.sonarsource.scanner.maven:sonar-maven-plugin to v4
Awaiting Schedule
These updates are awaiting their schedule. Click on a checkbox to get an update now.
- fix(deps): update dependency fr.insee.pogues:pogues-model to v1.3.12
Detected dependencies
dockerfile
Dockerfile
eclipse-temurin 21.0.3_9-jre
github-actions
.github/workflows/create-release.yaml
actions/setup-java v4actions/checkout v4mukunku/tag-exists-action v1.6.0actions/setup-java v4actions/checkout v4actions/upload-artifact v4actions/checkout v4rickstaa/action-create-tag v1requarks/changelog-action v1actions/download-artifact v4softprops/action-gh-release v2actions/checkout v4actions/download-artifact v4elgohr/Publish-Docker-Github-Action v5.github/workflows/create-snapshot.yaml
actions/checkout v4actions-ecosystem/action-remove-labels v1actions/setup-java v4actions/checkout v4mukunku/tag-exists-action v1.6.0actions/setup-java v4actions/checkout v4actions/upload-artifact v4actions/github-script v7actions/checkout v4actions/download-artifact v4elgohr/Publish-Docker-Github-Action v5actions/github-script v7.github/workflows/docs.yaml
actions/checkout v4.github/workflows/test.yaml
actions/checkout v4actions/setup-java v4
maven
pom.xml
org.springframework.boot:spring-boot-starter-parent 3.3.0com.github.ben-manes.caffeine:caffeine 3.1.8org.liquibase:liquibase-core 4.28.0fr.insee.pogues:pogues-model 1.3.7org.apache.xmlgraphics:fop 2.9net.sf.saxon:Saxon-HE 12.4org.springdoc:springdoc-openapi-starter-webmvc-ui 2.5.0org.jacoco:jacoco-maven-plugin 0.8.12org.sonarsource.scanner.maven:sonar-maven-plugin 3.11.0.3922org.liquibase:liquibase-maven-plugin 4.28.0
- Check this box to trigger a request for Renovate to run again on this repository
Harmonisation des nommages de WS
il faudrait sans doute harmoniser le nommage dans l'api : "questionnaire" avec ou sans "s", mais avec les deux c'est confuant ^^
CVE related to net.minidev:json-smart
Recent work has been done to update the app build: #193
To this date, the code base in the "develop" branch still has security issue that should be adressed:
┌────────────────────────────────────────────────┬──────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────────────────────────────────────────┼──────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤
│ net.minidev:json-smart (pogues-bo.jar) │ CVE-2023-1370 │ HIGH │ fixed │ 2.4.8 │ 2.4.9 │ Uncontrolled Resource Consumption vulnerability in │
│ │ │ │ │ │ │ json-smart (Resource Exhaustion) │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1370 │
└────────────────────────────────────────────────┴──────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘
Fix Survey vizualisation
Change the data collection name to call the service
Datacollection instead of survey
[pogues2lunatic] - Simplify transformation
For landing EnoV3, it's easier to simplify the pogues2lunatic transformation.
Instead of pogues2ddi (done by EnoV2) then ddi2lunatic (done by EnoV3).
The transformation becomes pogues2lunatic directly (transformation supported by EnoV3 without passing through the ddi).
Missing for Series / Operations inside sql backup (for first deployement)
Default sql backup seems to contain series & operations but deployed instance thanks to Bowie do not contain fields in dropdowns.
Do we have to provide an other property to value them ? (it's actually impossible to create a new questionnaire without these informations)
Grab and pass the Eno error messages
See InseeFr/Pogues#509 (comment)
We can dev in two part:
- Passing the raw Eno message
- Map the raw Eno message to a user oriented message
About stamps
# Protected stamp: only members associated with this stamp can edit questionnaires that belong to it
fr.insee.pogues.stamp.restricted=DG75-L120
(in properties)
We might review this stamp feature, and have a non-Insee-related default value here
Originally posted by @nsenave in #220 (comment)
Se débrancher de DDI AS et se brancher à RMéS (problématique de sécurité)
- Spring-boot-3 / refactor : #274
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.