dicoogle icon indicating copy to clipboard operation
dicoogle copied to clipboard

Published 20 hours ago verified publisher icon bioinformatics-ua

DIMGeneric can output arbitrary JSON values in string properties

Open Enet4 opened this issue 4 years ago • 0 comments

In the event that one of the DICOM properties in the DIM output is the string of a valid JSON object, the DIMGeneric construct interprets that string as a JSON object when printing the aggregation result to JSON.

For instance, if the patient's name happens to be {"PatientName":"Anonymous"} by mistake, the output of a searchDIM request could be the following:

{
  "numResults": 1,
  "results": [
   {
      "id": "PID123",
      "name": {"PatientName": "Anonymous"},
      "gender": "O",
      "nStudies": 1,
      "birthdate": ""
    }
  ]
}

This is not likely to happen, but if it does, it affects the entire output schema of the /searchDIM service, thus breaking the search user interface.

This happens because json-lib reinterprets values in JSONObject too freely as JSON values if they fulfill certain criteria, and there doesn't appear to be an easy way to avoid this.

Enet4 avatar Nov 25 '21 15:11 Enet4