Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ET-903: include description items in questionnaire response #578

Merged
merged 3 commits into from
Feb 6, 2025
Merged

ET-903: include description items in questionnaire response #578

merged 3 commits into from
Feb 6, 2025

Conversation

nckhell
Copy link
Contributor

@nckhell nckhell commented Feb 5, 2025
edited
Loading

Will only work once awell-health/awell-sdk#6 is merged and Awell SDK is bumped in extensions repo

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 5, 2025
edited
Loading

PR Reviewer Guide 🔍

(Review updated until commit e6f0ede)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 PR contains tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Data Structure Consistency

Ensure that the added description question object aligns with the expected data structure and does not introduce inconsistencies in downstream processing.

{
  id: 'description-question-id',
  definition_id: 'description-question-definition-id',
  title: '<p class="slate-p">Description content</p>',
  key: 'description',
  dataPointValueType: null,
  questionType: 'NO_INPUT',
  userQuestionType: 'DESCRIPTION',
  metadata: null,
  options: [],
  rule: null,
  questionConfig: null,
  __typename: 'Question',
Test Coverage

Verify that the new test case for the description question adequately covers all edge cases and scenarios for this type of question.

{
  linkId: 'description-question-id',
  text: 'Description content',
},

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 5, 2025
edited
Loading

PR Code Suggestions ✨

Latest suggestions up to e6f0ede
Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Security
Sanitize HTML content in title field

Ensure that the title field in the new question object is sanitized or validated to
prevent potential XSS vulnerabilities, as it contains HTML content.

extensions/medplum/actions/submitQuestionnaireResponse/testdata/submitQuestionnaireResponse.mocks.ts [20]

-title: '<p class="slate-p">Description content</p>',
+title: sanitize('<p class="slate-p">Description content</p>'),
Suggestion importance[1-10]: 9

__

Why: The suggestion addresses a critical security concern by proposing to sanitize the HTML content in the title field, which could otherwise lead to XSS vulnerabilities. This is highly relevant and impactful given the nature of the data being handled.

High
General
Add test for text sanitization

Add a test case to verify that the text field in the mockCreateResource call is
correctly populated and matches the expected sanitized content.

extensions/medplum/actions/submitQuestionnaireResponse/submitQuestionnaireResponse.test.ts [107]

-text: 'Description content',
+text: sanitize('Description content'),
Suggestion importance[1-10]: 7

__

Why: Adding a test case to verify sanitization ensures that the text field in mockCreateResource is correctly handled and matches the expected sanitized content. This improves the robustness and reliability of the code, though it is less critical than the actual sanitization implementation.

Medium

Previous suggestions

Suggestions up to commit 216e469
CategorySuggestion                                                                                                                                    Impact
Possible issue
Initialize metadata field to default value

Ensure that the metadata field for the new description question is properly
initialized or explicitly set to a default value to avoid potential null reference
issues during runtime.

extensions/medplum/actions/submitQuestionnaireResponse/testdata/submitQuestionnaireResponse.mocks.ts [25]

-metadata: null,
+metadata: '{}',
Suggestion importance[1-10]: 8

__

Why: Initializing the metadata field to a default value avoids potential null reference issues during runtime, which is a critical improvement for robustness. The suggestion is directly applicable and improves the reliability of the code.

Medium
General
Add test for NO_INPUT question type

Add a test case to verify that the NO_INPUT question type is correctly handled and
does not cause unexpected behavior in the response creation process.

extensions/medplum/actions/submitQuestionnaireResponse/submitQuestionnaireResponse.test.ts [105-108]

 {
   linkId: 'description-question-id',
   text: 'Description content',
+  questionType: 'NO_INPUT',
 },
Suggestion importance[1-10]: 7

__

Why: Adding a test for the NO_INPUT question type ensures that this new functionality is correctly handled and does not introduce unexpected behavior. While the suggestion is valid and enhances test coverage, it is not addressing a critical issue, hence a slightly lower score.

Medium

@nckhell nckhell marked this pull request as draft February 5, 2025 17:24
@nckhell nckhell marked this pull request as ready for review February 6, 2025 15:14
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 6, 2025

Persistent review updated to latest commit e6f0ede

@nckhell nckhell merged commit a074f88 into main Feb 6, 2025
3 checks passed
@nckhell nckhell deleted the et-903-can-we-push-description-questions-in-questionnaireresponses branch February 6, 2025 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Review effort [1-5]: 3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nckhell