Skip to content

feat: record adapter caller in audit log and forward correlation headers#250

Open
Gcolon021 wants to merge 4 commits into
mainfrom
feat/action-logging
Open

feat: record adapter caller in audit log and forward correlation headers#250
Gcolon021 wants to merge 4 commits into
mainfrom
feat/action-logging

Conversation

@Gcolon021

@Gcolon021 Gcolon021 commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

AuditLoggingFilter records the X-Client-Type header as metadata.caller. ProxyWebClient forwards x-session-id and x-client-type to proxied services.

Summary by CodeRabbit

  • New Features

    • Added support for capturing client type information in audit logs when provided by requests.
    • Expanded header forwarding so client type and session ID are passed through by default.
  • Bug Fixes

    • Improved request metadata and proxy behavior to include additional context consistently.
  • Tests

    • Added coverage for logging client type metadata.
    • Added coverage for forwarding client type and session ID headers.

AuditLoggingFilter records the X-Client-Type header as metadata.caller;
ProxyWebClient forwards x-session-id and x-client-type to proxied services.
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@Gcolon021, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 55 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: d6327494-3947-4642-81ff-2990ac62bb02

📥 Commits

Reviewing files that changed from the base of the PR and between 06130bb and f26db1d.

📒 Files selected for processing (3)
  • .gitignore
  • pic-sure-api-war/src/main/java/edu/harvard/dbmi/avillach/security/AuditLoggingFilter.java
  • pic-sure-api-war/src/test/java/edu/harvard/dbmi/avillach/security/AuditLoggingFilterTest.java
📝 Walkthrough

Walkthrough

ProxyWebClient.DEFAULT_FORWARDED_HEADERS is extended to include x-session-id and x-client-type. AuditLoggingFilter now reads the X-Client-Type request header and, when present, stores its value in the metadata map under the caller key before emitting the LoggingEvent. Tests cover both changes.

Changes

X-Client-Type header forwarding and audit logging

Layer / File(s) Summary
Extend default forwarded headers in ProxyWebClient
pic-sure-resources/pic-sure-resource-api/src/main/java/.../ProxyWebClient.java, pic-sure-resources/pic-sure-resource-api/src/test/java/.../ProxyWebClientTest.java
DEFAULT_FORWARDED_HEADERS adds x-session-id and x-client-type; two new tests assert both headers are included in the outgoing HttpPost.
Record X-Client-Type as caller in AuditLoggingFilter
pic-sure-api-war/src/main/java/.../AuditLoggingFilter.java, pic-sure-api-war/src/test/java/.../AuditLoggingFilterTest.java
Filter reads X-Client-Type and conditionally inserts it into metadata under caller; tests verify presence and absence behavior.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐇 A header hops along the wire,
x-client-type climbs ever higher.
The logger peeks and jots it down,
caller earns a metadata crown.
No header? No fuss — the rabbit's wise!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 11.11% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately captures both the new audit logging of caller metadata and the added header forwarding behavior.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/action-logging

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@Gcolon021 Gcolon021 requested a review from JamesPeck June 29, 2026 19:24

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@pic-sure-api-war/src/main/java/edu/harvard/dbmi/avillach/security/AuditLoggingFilter.java`:
- Around line 212-214: Trim the X-Client-Type header before using it in
AuditLoggingFilter so whitespace-only values are treated as empty. Update the
caller handling around the httpServletRequest.getHeader("X-Client-Type") lookup
to normalize the value first, then only populate metadata.put("caller", caller)
when the trimmed result is non-empty.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 87ebc521-efc0-4b30-be4c-9b5a5f41e2c6

📥 Commits

Reviewing files that changed from the base of the PR and between 88a767c and 06130bb.

📒 Files selected for processing (4)
  • pic-sure-api-war/src/main/java/edu/harvard/dbmi/avillach/security/AuditLoggingFilter.java
  • pic-sure-api-war/src/test/java/edu/harvard/dbmi/avillach/security/AuditLoggingFilterTest.java
  • pic-sure-resources/pic-sure-resource-api/src/main/java/edu/harvard/dbmi/avillach/service/ProxyWebClient.java
  • pic-sure-resources/pic-sure-resource-api/src/test/java/edu/harvard/dbmi/avillach/service/ProxyWebClientTest.java

Comment on lines +212 to +214
String caller = httpServletRequest.getHeader("X-Client-Type");
if (caller != null && !caller.isEmpty()) {
metadata.put("caller", caller);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win

Trim X-Client-Type before storing caller.

Whitespace-only header values still pass this check and get recorded as a real caller, which pollutes audit metadata. Normalize first so the field is omitted unless it has an actual value.

Suggested fix
 String caller = httpServletRequest.getHeader("X-Client-Type");
-if (caller != null && !caller.isEmpty()) {
-    metadata.put("caller", caller);
+if (caller != null) {
+    caller = caller.trim();
+    if (!caller.isEmpty()) {
+        metadata.put("caller", caller);
+    }
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
String caller = httpServletRequest.getHeader("X-Client-Type");
if (caller != null && !caller.isEmpty()) {
metadata.put("caller", caller);
String caller = httpServletRequest.getHeader("X-Client-Type");
if (caller != null) {
caller = caller.trim();
if (!caller.isEmpty()) {
metadata.put("caller", caller);
}
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@pic-sure-api-war/src/main/java/edu/harvard/dbmi/avillach/security/AuditLoggingFilter.java`
around lines 212 - 214, Trim the X-Client-Type header before using it in
AuditLoggingFilter so whitespace-only values are treated as empty. Update the
caller handling around the httpServletRequest.getHeader("X-Client-Type") lookup
to normalize the value first, then only populate metadata.put("caller", caller)
when the trimmed result is non-empty.

@Gcolon021 Gcolon021 added the enhancement New feature or request label Jun 29, 2026
@Gcolon021 Gcolon021 self-assigned this Jun 29, 2026
@dmpillion

dmpillion commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Logo
Checkmarx One – Scan Summary & Details0e0ec881-97b3-4859-aca6-e9a15b50a13b


New Issues (45) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 CRITICAL CVE-2016-1000027 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 5.3.32-wso2v1
Description: Pivotal Spring Framework (spring, spring-remoting, spring-web, spring-webmvc) versions prior to 6.0.0-M1, suffers from a potential remote code exec...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
2 HIGH CVE-2024-22243 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 5.3.32
Description: Applications that use "UriComponentsBuilder" to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
3 HIGH CVE-2024-22259 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 5.3.32-wso2v1
Description: Applications that use "UriComponentsBuilder" in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform v...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
4 HIGH CVE-2024-22262 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 5.3.32-wso2v1
Description: Applications that use "UriComponentsBuilder" to parse an externally provided URL (e.g. through a query parameter) and perform validation checks on ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
5 HIGH CVE-2025-41249 Maven-org.springframework:spring-core-5.3.31
detailsRecommended version: 6.2.11
Description: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized s...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
6 HIGH CVE-2026-41848 Maven-org.springframework:spring-core-5.3.31
detailsRecommended version: 6.2.19
Description: Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then d...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
7 HIGH CVE-2026-41851 Maven-org.springframework:spring-core-5.3.31
detailsRecommended version: 6.0.14
Description: Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
8 MEDIUM CVE-2024-38809 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 5.3.32-wso2v1
Description: The package "org.springframework:spring-web" versions through 5.3.37, 6.0.0-M1 through 6.0.22, and 6.1.0-M1 through 6.1.11 are vulnerable to Denial...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
9 MEDIUM CVE-2026-41840 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 6.0.14
Description: Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framewo...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
10 MEDIUM CVE-2026-41841 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 6.0.14
Description: Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Fr...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
11 MEDIUM CVE-2026-41843 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 6.0.14
Description: Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework ...
Attack Vector: NETWORK
Attack Complexity: HIGH
Vulnerable Package
12 MEDIUM CVE-2026-41844 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 6.0.14
Description: A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
13 MEDIUM CVE-2026-41845 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 6.0.14
Description: Due to incorrect escaping, the use of "JavaScriptUtils.javaScriptEscape()" may lead to JavaScript code injection in the browser, potentially result...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
14 MEDIUM CVE-2026-41853 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 6.0.14
Description: Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
15 LOW CVE-2024-38820 Maven-org.springframework:spring-beans-5.3.31
detailsRecommended version: 5.3.32-wso2v1
Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
16 LOW CVE-2024-38820 Maven-org.springframework:spring-core-5.3.31
detailsRecommended version: 5.3.32-wso2v1
Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
17 LOW CVE-2024-38820 Maven-org.springframework:spring-web-5.3.31
detailsRecommended version: 5.3.32-wso2v1
Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
18 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 260
detailsMethod at line 260 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
19 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 250
detailsMethod at line 250 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
20 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 260
detailsMethod at line 260 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
21 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 250
detailsMethod at line 250 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
22 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 123
detailsMethod at line 123 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
23 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 113
detailsMethod at line 113 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
24 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 170
detailsMethod at line 170 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
25 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 224
detailsMethod at line 224 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
26 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 209
detailsMethod at line 209 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
27 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 209
detailsMethod at line 209 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
28 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 224
detailsMethod at line 224 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
29 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 185
detailsMethod at line 185 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
30 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 214
detailsMethod at line 214 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
31 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 160
detailsMethod at line 160 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
32 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 175
detailsMethod at line 175 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
33 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 199
detailsMethod at line 199 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
34 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 199
detailsMethod at line 199 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
35 LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 214
detailsMethod at line 214 of /pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDat...
Attack Vector
36 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 146
detailsMethod at line 146 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
37 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 146
detailsMethod at line 146 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
38 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 146
detailsMethod at line 146 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
39 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 226
detailsMethod at line 226 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
40 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 146
detailsMethod at line 146 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
41 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 305
detailsMethod at line 305 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
42 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 349
detailsMethod at line 349 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
43 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 349
detailsMethod at line 349 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
44 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 349
detailsMethod at line 349 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector
45 LOW Log_Forging pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java: 305
detailsMethod at line 305 of /pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java gets user inpu...
Attack Vector

Fixed Issues (14) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
MEDIUM Privacy_Violation pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/Utilities.java: 27
LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 209
LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 214
LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRSV3.java: 199
LOW Log_Forging pic-sure-resources/pic-sure-aggregate-data-sharing-resource/src/main/java/edu/harvard/hms/dbmi/avillach/AggregateDataSharingResourceRS.java: 224

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

@gitguardian

gitguardian Bot commented Jun 30, 2026

Copy link
Copy Markdown

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.


🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@Gcolon021 Gcolon021 force-pushed the feat/action-logging branch from 3510a20 to 06130bb Compare June 30, 2026 22:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants