Skip to content

#2803 fix: remove debug log statement from RxDsMessageTo1 constructor#3073

Open
bellaayang wants to merge 1 commit into
carlos-emr:developfrom
bellaayang:fix-issue-2803
Open

#2803 fix: remove debug log statement from RxDsMessageTo1 constructor#3073
bellaayang wants to merge 1 commit into
carlos-emr:developfrom
bellaayang:fix-issue-2803

Conversation

@bellaayang

@bellaayang bellaayang commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Description

Removes a leftover debug log statement from the RxDsMessageTo1 constructor that fired unconditionally on every object instantiation, dumping the full drug interaction map at ERROR level. This saturates error monitoring and leaks medication identifiers to the application log.

Related Issues

Fixes #2803

How Was This Tested?

Verified the log statement is removed. No functional logic was changed.

Checklist

  • My commits are signed off for the DCO (git commit -s)
  • My commits follow Conventional Commits format, or I've written clear commit messages and will use the format next time
  • I have not included any patient data (PHI) in this PR
  • I have added tests for new functionality, or this change doesn't need new tests
  • I have read the contributing guide

Summary by Sourcery

Bug Fixes:

  • Stop unconditional ERROR-level logging of the full drug interaction map during RxDsMessageTo1 construction, preventing log noise and potential data leakage.

Summary by cubic

Removed an unconditional ERROR-level log from the RxDsMessageTo1 constructor to stop noisy error reporting and prevent medication identifiers from being logged. Fixes #2803.

Written for commit c1e0e95. Summary will update on new commits.

Review in cubic

Signed-off-by: bellaayang <jingjingyjh@126.com>
@bellaayang bellaayang requested a review from yingbull as a code owner June 28, 2026 07:04
@sourcery-ai

sourcery-ai Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR comments out an unconditional debug/error log statement in the RxDsMessageTo1 constructor that was dumping the full drug interaction map to the logs, without changing any functional logic.

Sequence diagram for RxDsMessageTo1 constructor logging change

sequenceDiagram
  participant Caller
  participant RxDsMessageTo1
  participant MiscUtils
  participant Logger

  Caller->>RxDsMessageTo1: new RxDsMessageTo1(ht)
  activate RxDsMessageTo1
  Note over RxDsMessageTo1: Previous behavior
  RxDsMessageTo1->>MiscUtils: getLogger()
  MiscUtils-->>RxDsMessageTo1: Logger
  RxDsMessageTo1->>Logger: error("WHATS inn ht" + ht)
  Note over RxDsMessageTo1: Current behavior
  RxDsMessageTo1->>RxDsMessageTo1: read type, author, updated_by from ht
  deactivate RxDsMessageTo1
Loading

File-Level Changes

Change Details Files
Disable an unconditional error-level debug log that dumps the full drug interaction map during RxDsMessageTo1 instantiation.
  • Comment out the MiscUtils.getLogger().error call that logs the entire drug interaction hashtable on every construction.
  • Preserve subsequent assignments of type, author, and updated_by from the hashtable without modification.
src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java

Assessment against linked issues

Issue Objective Addressed Explanation
#2803 Remove the unconditional debug ERROR log statement from the RxDsMessageTo1 constructor that logs "WHATS inn ht" along with the full drug interaction Hashtable on every instantiation.

Possibly linked issues


Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request comments out a debug log statement in RxDsMessageTo1.java. The reviewer suggests completely removing the unused debug log statement instead of leaving it commented out to maintain code cleanliness and readability.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

}

MiscUtils.getLogger().error("WHATS inn ht" + ht);
// MiscUtils.getLogger().error("WHATS inn ht" + ht);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Instead of leaving commented-out code, the unused debug log statement should be completely removed to maintain code cleanliness and readability.

@coderabbitai

coderabbitai Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Summary by CodeRabbit

  • Bug Fixes
    • Removed an unnecessary runtime error log from message handling, reducing noisy log output while keeping behavior unchanged.

Walkthrough

A single debug logger.error() call in the RxDsMessageTo1 constructor that unconditionally dumps the drug interaction map at ERROR level is commented out. No logic, signatures, or other behavior is changed.

Changes

Debug Log Removal

Layer / File(s) Summary
Comment out constructor debug log
src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
MiscUtils.getLogger().error("WHATS inn ht" + ht) at line 134 is commented out, stopping the unconditional ERROR-level dump of the drug interaction map on every constructor call.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐇 A logger once shouted at ERROR each day,
Dumping drug maps in the noisiest way.
"WHATS inn ht?" it cried without cause—
Now silenced with //, to well-deserved pause.
The logs are now quiet, the rabbits hooray! 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly states the main change: removing a debug log from the RxDsMessageTo1 constructor.
Description check ✅ Passed The description matches the change and explains the removed constructor log and its impact.
Linked Issues check ✅ Passed The PR removes the exact unconditional logger call requested by #2803.
Out of Scope Changes check ✅ Passed The change is narrowly scoped to removing the log statement and introduces no unrelated edits.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • Instead of commenting out the debug log, consider removing it entirely or replacing it with a properly leveled and structured log statement guarded by a configuration flag so the constructor doesn’t carry unused commented code.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- Instead of commenting out the debug log, consider removing it entirely or replacing it with a properly leveled and structured log statement guarded by a configuration flag so the constructor doesn’t carry unused commented code.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java (1)

97-97: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Remove adjacent commented-out debug log on Line 97.

Line 97 contains another commented-out debug log (//logger.error("---$string instance");) in the same constructor. While not part of the PR's targeted line, this is similarly a leftover debug artifact. Consider removing it as part of this cleanup, or it can be addressed separately.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java`
at line 97, Remove the leftover commented-out debug log in RxDsMessageTo1’s
constructor. Clean up the adjacent commented logger statement (`logger.error`
debug artifact) so the constructor contains only active code, matching the rest
of the comment cleanup in this class.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java`:
- Line 134: Remove the constructor debug logging from RxDsMessageTo1 entirely
instead of leaving it commented out. Delete the MiscUtils.getLogger().error(...)
line from the constructor so no dead debug artifact remains, and keep any
handling of ht free of logging to avoid exposing sensitive clinical data.

---

Outside diff comments:
In
`@src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java`:
- Line 97: Remove the leftover commented-out debug log in RxDsMessageTo1’s
constructor. Clean up the adjacent commented logger statement (`logger.error`
debug artifact) so the constructor contains only active code, matching the rest
of the comment cleanup in this class.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a3de475a-4284-4597-ae4e-94b0772f6c91

📥 Commits

Reviewing files that changed from the base of the PR and between b72f9f2 and c1e0e95.

📒 Files selected for processing (1)
  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
📜 Review details
⏰ Context from checks skipped due to timeout. (1)
  • GitHub Check: Sourcery review
⚠️ CI failures not shown inline (2)

GitHub Actions: DCO / DCO Sign-Off: #2803 fix: remove debug log statement from RxDsMessageTo1 constructor

Conclusion: failure

View job details

##[group]Run set -euo pipefail
 �[36;1mset -euo pipefail�[0m
 �[36;1m�[0m
 �[36;1mpr_json=$(curl -fsSL \�[0m
 �[36;1m  -H "Authorization: ***" \�[0m
 �[36;1m  -H "Accept: application/vnd.github+json" \�[0m
 �[36;1m  "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER")�[0m
 �[36;1mpr_commit_count=$(jq -r '.commits' <<< "$pr_json")�[0m
 �[36;1mbase_ref=$(jq -r '.base.ref' <<< "$pr_json")�[0m
 �[36;1m�[0m
 �[36;1mif [ "$pr_commit_count" -gt 250 ]; then�[0m
 �[36;1m  echo "::error::CARLOS EMR DCO check cannot automatically verify $pr_commit_count commits because GitHub's pull request commits API is capped at 250 commits."�[0m

GitHub Actions: DCO / 0_DCO Sign-Off.txt: #2803 fix: remove debug log statement from RxDsMessageTo1 constructor

Conclusion: failure

View job details

##[group]Run set -euo pipefail
 �[36;1mset -euo pipefail�[0m
 �[36;1m�[0m
 �[36;1mpr_json=$(curl -fsSL \�[0m
 �[36;1m  -H "Authorization: ***" \�[0m
 �[36;1m  -H "Accept: application/vnd.github+json" \�[0m
 �[36;1m  "https://api.github.com/repos/$REPO/pulls/$PR_NUMBER")�[0m
 �[36;1mpr_commit_count=$(jq -r '.commits' <<< "$pr_json")�[0m
 �[36;1mbase_ref=$(jq -r '.base.ref' <<< "$pr_json")�[0m
 �[36;1m�[0m
 �[36;1mif [ "$pr_commit_count" -gt 250 ]; then�[0m
 �[36;1m  echo "::error::CARLOS EMR DCO check cannot automatically verify $pr_commit_count commits because GitHub's pull request commits API is capped at 250 commits."�[0m
🧰 Additional context used
📓 Path-based instructions (8)
**/*.java

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.java: Use io.github.carlos_emr.carlos.* namespace for ALL new code; specific packages: DAOs in io.github.carlos_emr.carlos.commn.dao.*, Models in io.github.carlos_emr.carlos.commn.model.*, exception: ProviderDao in io.github.carlos_emr.carlos.dao.ProviderDao
Use PathValidationUtils for ALL file path operations that include user input
NEVER log or expose PHI (Protected Health Information) in logs or error messages
Use SpringUtils.getBean(ClassName.class) for Spring bean injection in Struts2 actions and non-Spring-managed classes
JavaDoc is required on all public classes and methods; do NOT include @author tags, use @since tags with git log timestamps, use CARLOS copyright header for new files

**/*.java: Keep Java package names as io.github.carlos_emr.carlos.* for backward compatibility - DO NOT change internal package names
Use PathValidationUtils for ALL file path operations to prevent path traversal attacks
PHI (Patient Health Information) must NEVER be logged or exposed in error messages
Use NEW namespace io.github.carlos_emr.carlos.* for ALL new code - avoid old org.oscarehr.* and oscar.* packages
Use sanctioned suffixes for layer naming: *Action, *ViewModelAssembler, *ViewModel, *Loader, *Resolver, *Composer, *Validator, *Persister, *Calculator, *Parser, *ImportService, *Service, *Dao, *Dto, *Command. Never combine two role-suffixes or use forbidden suffixes like *Manager, *Helper, *Utils, *Prep
Public JavaDoc is required for public entrypoint classes and non-obvious public/protected methods; carrier DTOs, getters/setters, and private helpers do not need method-by-method JavaDoc
DO NOT add @author tags in JavaDoc (misleading after Bitbucket→GitHub migration); use git history for accurate dates with @since tags
Inline comments should explain the why: legacy compatibility, security/compliance constraints, file-format offsets, transaction boundaries, and non-obvious control flow. Do not narrate o...

Files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
**/*.{jsp,java}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use OWASP Encoder for ALL user input output: in JSP use ${e:forHtml(value)} with taglib <%@ taglib uri="owasp.encoder.jakarta" prefix="e" %>, in Java use Encode.forHtml(value), with context-specific variants (forHtmlAttribute, forJavaScript, forCssString, forUri, forUriComponent)

Use OWASP Encoder null-safe CARLOS wrappers for all user input encoding: <carlos:encode> tag, ${carlos:forXxx()} EL functions, or SafeEncode.forXxx() Java methods. DO NOT use <e:forXxx>, ${e:forXxx()}, or Encode.forXxx() directly in new code.

Files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
**/*.{java,sql}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use parameterized queries ONLY in SQL/HQL operations; never use string concatenation for SQL queries

Files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
src/**/*.java

📄 CodeRabbit inference engine (GEMINI.md)

src/**/*.java: Keep Java packages as io.github.carlos_emr.carlos.* for backward compatibility - do NOT change these internal namespace paths
Preserve existing copyright headers in modified files and preserve GPL version exactly as-is; never remove existing copyright notices

Files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
{src/main/java/io/github/carlos_emr/carlos/**/*.java,src/main/webapp/**/*.jsp}

📄 CodeRabbit inference engine (GEMINI.md)

PHI (Patient Health Information) must NEVER be logged or exposed in error messages

Files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
src/main/java/io/github/carlos_emr/carlos/**/*.java

📄 CodeRabbit inference engine (GEMINI.md)

src/main/java/io/github/carlos_emr/carlos/**/*.java: All public classes and methods MUST have comprehensive JavaDoc; do NOT add @author tags; use @since with accurate git history dates; document @param, @return, and @throws tags with specific types
Add inline comments on separate lines (not same-line) for complex logic; include comprehensive comments for non-obvious algorithms or healthcare-specific calculations

Files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
**/*

📄 CodeRabbit inference engine (CLAUDE.md)

Preserve all existing copyright headers in modified files; do not remove or change GPL version statements

Files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
**/*.{java,jsp,xml,js,css}

📄 CodeRabbit inference engine (CLAUDE.md)

New files must use CARLOS project header as defined in docs/copyright-header-carlos.md

Files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
🧠 Learnings (8)
📚 Learning: 2026-03-06T23:54:01.319Z
Learnt from: yingbull
Repo: carlos-emr/carlos PR: 563
File: src/main/java/io/github/carlos_emr/carlos/lab/ca/all/parsers/AlphaHandler.java:59-63
Timestamp: 2026-03-06T23:54:01.319Z
Learning: In the carlos-emr/carlos repository, for Java sources under src/main/java, empty no-arg constructors should have only a minimal one-line JavaDoc. Do not add since or other metadata tags to empty constructors, as they provide no meaningful value. Place documentation efforts in the class-level JavaDoc instead.

Applied to files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
📚 Learning: 2026-03-13T21:29:23.775Z
Learnt from: yingbull
Repo: carlos-emr/carlos PR: 590
File: src/main/java/io/github/carlos_emr/carlos/eform/actions/DisplayImage2Action.java:69-69
Timestamp: 2026-03-13T21:29:23.775Z
Learning: When reviewing Java source files, allow since Javadoc tags to reflect substantial rewrites or major API changes (e.g., security overhaul, new API surface). Do not flag the tag as incorrect solely because the file predates the tagged date. If flagging is considered, verify against commit history or release notes to confirm the tag corresponds to a meaningful change, not the original introduction. Apply this guidance across Java sources in the repository (src/main/java/**/*.java).

Applied to files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
📚 Learning: 2026-04-11T22:46:51.202Z
Learnt from: yingbull
Repo: carlos-emr/carlos PR: 1556
File: src/main/java/io/github/carlos_emr/carlos/demographic/dto/DemographicListItemDTO.java:74-179
Timestamp: 2026-04-11T22:46:51.202Z
Learning: In this repository, do not require method-level JavaDoc for plain public JavaBean-style getters and setters in Java files under src/main/java/**/*.java. Their meaning should be covered by field-level documentation and/or the class-level JavaDoc. Only require JavaDoc for non-trivial public methods (e.g., constructors with logic, factory methods, and computed/derived accessors where behavior is not just returning/setting a field). In code reviews, missing JavaDoc on simple getters/setters should not be flagged as a documentation violation.

Applied to files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
📚 Learning: 2026-04-11T22:47:04.719Z
Learnt from: yingbull
Repo: carlos-emr/carlos PR: 1556
File: src/main/java/io/github/carlos_emr/carlos/provider/dto/ProviderSummaryDTO.java:57-104
Timestamp: 2026-04-11T22:47:04.719Z
Learning: In this repository, do not require JavaDoc for trivial getter and setter methods. Only JavaDoc for types/classes and for more meaningful public API points is expected—e.g., class-level JavaDoc, constructors, static factory methods, and non-trivial public methods (such as formatting helpers). In code reviews, ignore missing JavaDoc on getters/setters.

Applied to files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
📚 Learning: 2026-05-24T01:01:46.756Z
Learnt from: yingbull
Repo: carlos-emr/carlos PR: 1832
File: src/main/java/io/github/carlos_emr/carlos/utility/CachedDateFormats.java:165-216
Timestamp: 2026-05-24T01:01:46.756Z
Learning: For Java sources under src/main/java/**/*.java, follow the repository’s Documentation Standards (CLAUDE.md) regarding Javadoc requirements: do not require mechanical param/return/throws tags for trivial wrapper/delegator public methods that are essentially one-line pass-throughs to a cached or underlying instance (e.g., methods like parseDefault/formatDefault/parse/format in CachedDateFormats.java). Instead, rely on class-level Javadoc to document the overall contracts, including thread-safety, null handling, return value semantics, and any mutation/restoration behavior (such as timezone restoration). Require full per-method Javadoc tag coverage only for non-trivial public methods whose behavior is not obvious from the context/signature.

Applied to files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
📚 Learning: 2026-06-25T16:10:08.376Z
Learnt from: Ben-Heerema
Repo: carlos-emr/carlos PR: 3023
File: src/main/java/io/github/carlos_emr/carlos/encounter/oscarConsultationRequest/pageUtil/EConsult2Action.java:287-328
Timestamp: 2026-06-25T16:10:08.376Z
Learning: When reviewing Java code that reconstructs an origin/authority from a `java.net.URI` (e.g., `scheme://host:port`), assume `URI#getHost()` may already return bracketed IPv6 literals such as `[::1]` (not just `::1`). Do not “re-bracket” IPv6 manually when rebuilding the origin from the host returned by `getHost()`. If `getHost()` is `null`, only then apply the malformed-colon/authority fallback rejection logic on that authority-fallback path (the path that runs when `getHost()` is `null`), not on the normal host-based reconstruction path.

Applied to files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
📚 Learning: 2026-03-24T17:34:18.508Z
Learnt from: yingbull
Repo: carlos-emr/carlos PR: 716
File: src/main/java/io/github/carlos_emr/carlos/eform/actions/RtlPreventions2Action.java:155-156
Timestamp: 2026-03-24T17:34:18.508Z
Learning: In this repository (carlos-emr/carlos), treat `demographic_no` as an internal database surrogate integer key (the PK of the demographic table), not as PHI. When reviewing code, do not flag logging or output of `demographic_no` as PHI exposure. PHI to flag includes clinical/demographic data elements like patient name, date of birth, HIN, and address.

Applied to files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java
📚 Learning: 2026-04-07T02:57:10.703Z
Learnt from: yingbull
Repo: carlos-emr/carlos PR: 1111
File: src/main/java/io/github/carlos_emr/carlos/util/JDBCUtil.java:140-142
Timestamp: 2026-04-07T02:57:10.703Z
Learning: When reviewing this repository’s Java code, flag any unprotected use of `SchemaFactory.newInstance(...)` (e.g., instances that do not restrict `XMLConstants.ACCESS_EXTERNAL_DTD` and `XMLConstants.ACCESS_EXTERNAL_SCHEMA` to empty strings). Recommend migrating those call sites to `io.github.carlos_emr.carlos.utility.XmlUtils.createSecureSchemaFactory()` so XML Schema validation is hardened against external entity/schema access. Known migrated call sites include `IndicatorTemplateHandler.java` and `DemographicExportAction42Action.java` (post-PR `#1111`).

Applied to files:

  • src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java

}

MiscUtils.getLogger().error("WHATS inn ht" + ht);
// MiscUtils.getLogger().error("WHATS inn ht" + ht);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Remove the debug log line entirely rather than commenting it out.

The linked issue explicitly requests deleting this constructor log line entirely (MiscUtils.getLogger().error("WHATS inn ht" + ht);). The current change only comments it out, leaving dead code in the source. Please fully delete the line to satisfy the acceptance criterion and eliminate the debug artifact.

Additionally, the ht variable contains drug interaction data (medication identifiers, interaction context). Based on coding guidelines, PHI and sensitive clinical data must never be logged or exposed in error messages. While commented out, the code still represents a pattern that should not remain in source.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@src/main/java/io/github/carlos_emr/carlos/webserv/rest/to/model/RxDsMessageTo1.java`
at line 134, Remove the constructor debug logging from RxDsMessageTo1 entirely
instead of leaving it commented out. Delete the MiscUtils.getLogger().error(...)
line from the constructor so no dead debug artifact remains, and keep any
handling of ht free of logging to avoid exposing sensitive clinical data.

Source: Coding guidelines

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

1 participant