prime-reportstream icon indicating copy to clipboard operation
prime-reportstream copied to clipboard
verified publisher icon CDCgov

[H] Add safe type checking when processing inputs

Open cleong14 opened this issue 3 months ago • 1 comments

DoD: Sanitize prime-router/src/main/kotlin/transport/EmailTransport.kt input(s) and others impacted by ognl/thymeleaf.

This is especially important when processing HTML text.

https://github.com/CDCgov/prime-reportstream/blob/f56ca7467198df84d225d7e58d00deb3a86097fc/prime-router/src/main/kotlin/transport/EmailTransport.kt#L67-L72

Relates to #18533

cleong14 avatar Sep 26 '25 07:09 cleong14

Hey team! Please add your planning poker estimate with Zenhub @JFisk42 @wcutshall @cleong14 @jack-h-wang

megreed1 avatar Sep 29 '25 19:09 megreed1

As stated in #18533 this change is not necessary from a security standpoint as the input for this function is system generated at run time without using external input.

jack-h-wang avatar Dec 09 '25 16:12 jack-h-wang