From 2f5ffe75541c48ac69bfe2a7cfb659fd4758f4c7 Mon Sep 17 00:00:00 2001 From: michaelabuckley Date: Tue, 17 Jan 2023 17:36:34 -0500 Subject: [PATCH] Demote fake file server contents logging to debug. (#4440) Don't log PHI at INFO, even if it is fake test data. --- .../hapi/fhir/changelog/6_4_0/4440-phi-safety.yaml | 5 +++++ .../batch2/jobs/imprt/BulkImportFileServlet.java | 12 +++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_4_0/4440-phi-safety.yaml diff --git a/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_4_0/4440-phi-safety.yaml b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_4_0/4440-phi-safety.yaml new file mode 100644 index 00000000000..7bf6f559e37 --- /dev/null +++ b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/6_4_0/4440-phi-safety.yaml @@ -0,0 +1,5 @@ +--- +type: change +issue: 4440 +title: "During testing, the bulk-import command line tool logs file contents. + This logging has been demoted to DEBUG level as bulk-import files may contain PHI." diff --git a/hapi-fhir-storage-batch2-jobs/src/main/java/ca/uhn/fhir/batch2/jobs/imprt/BulkImportFileServlet.java b/hapi-fhir-storage-batch2-jobs/src/main/java/ca/uhn/fhir/batch2/jobs/imprt/BulkImportFileServlet.java index f90a1b9a595..88b10dafbd9 100644 --- a/hapi-fhir-storage-batch2-jobs/src/main/java/ca/uhn/fhir/batch2/jobs/imprt/BulkImportFileServlet.java +++ b/hapi-fhir-storage-batch2-jobs/src/main/java/ca/uhn/fhir/batch2/jobs/imprt/BulkImportFileServlet.java @@ -59,7 +59,7 @@ public class BulkImportFileServlet extends HttpServlet { public static final String DEFAULT_HEADER_CONTENT_TYPE = CT_FHIR_NDJSON + CHARSET_UTF8_CTSUFFIX; @Override - protected void doGet(HttpServletRequest theRequest, HttpServletResponse theResponse) throws ServletException, IOException { + protected void doGet(HttpServletRequest theRequest, HttpServletResponse theResponse) throws IOException { try { String servletPath = theRequest.getServletPath(); String requestUri = theRequest.getRequestURI(); @@ -86,7 +86,7 @@ public class BulkImportFileServlet extends HttpServlet { } } - private void handleDownload(HttpServletRequest theRequest, HttpServletResponse theResponse) throws ServletException, IOException { + private void handleDownload(HttpServletRequest theRequest, HttpServletResponse theResponse) throws IOException { String indexParam = defaultString(theRequest.getParameter(INDEX_PARAM)); if (isBlank(indexParam)) { throw new ResourceNotFoundException(Msg.code(2050) + "Missing or invalid index parameter"); @@ -104,9 +104,11 @@ public class BulkImportFileServlet extends HttpServlet { theResponse.addHeader(Constants.HEADER_CONTENT_ENCODING, Constants.ENCODING_GZIP); } - try (Reader reader = new InputStreamReader(supplier.get())) { - String string = IOUtils.toString(reader); - ourLog.info(string); + if (ourLog.isDebugEnabled()) { + try (Reader reader = new InputStreamReader(supplier.get())) { + String string = IOUtils.toString(reader); + ourLog.debug("file content: {}", string); + } } try (InputStream reader = supplier.get()) {