Location and unclear parameters - rascal

The optional parameters for a Location seem to be duplicate information:
Offset/Length define the starting character and end character of the selection
Begin/end line/column seem to be used for the same thing
However, begin/end line/column don't seem to be working: the location at
|project://file.java|(0,100,<1,1>,<1,1>)
and the location at
|project://file.java|(0,100,<9,2>,<17,23>)
return both the same content (when shown using e.g. readFile() ).
This leads to two questions:
What is the use of the begin/end line/column if they aren't used for any practical reasons?
Is there a way to construct a location when only begin/end line/column are known, but not the offset/length? (without accessing the file)
I found a related question to this question (How to construct a location?), but the answer given there does not explain this.

The offset/length and begin/end information are indeed the same information, however to reconstruct line/column information from offset/length information you always have to read the entire file. Because some editors only support line/column indexing, we chose to include the information where possible and avoid having to walk the entire file and count lines for jumping to a selection. Also that code would be OS/text file encoding dependent.
The loc representation does not allow line/column to be set without the offset/length information by design, because we need offset/length at the very least for the API of the Eclipse editor and Emacs for example. The line/column stuff is additional optimization/caching and not the other way around.
If you do need to represent line/column information temporarily inside a loc I would recommend using a query parameter like ?startLine=12&endLine=24. The system will store the information but not interpret it or use it.

Related

Value in code when actually code is unknow, ccd document

I am currently working on building CCD for my project.
I have a problem in code. For example let me take an example of payers section.
CONF-60:A covered party in a policy activity SHOULD contain exactly one participant / participantRole / code, to represent the reason for coverage (e.g. Self, Family dependent, student).
CONF-61:The value for “participant / participantRole / code” in a policy activity’s covered party MAY be selected from ValueSet 2.16.840.1.113883.1.11.19809 PolicyOrProgramCoverageRoleType DYNAMIC.
Above is the line i have copied from hl7 official document.
<code code="SELF" codeSystem="2.16.840.1.113883.5.111" displayName="Self"/>
Its copied from sample ccd document. Going to http://wiki.hl7.de/index.php/2.16.840.1.113883.5.111 we can see there are codes. But my system has values for which i cant find the codes there.
So my question is if cant get the codes there can i just use following and still produce a valid ccd document
<code displayName="Organ Donor"/>
In other words is it necessary to set code and code system in ccd document??
No, that particular line will not be valid and yes - It is necessary. These codes and coding systems are how other systems or programs will recognize the component. They are based in standard language meant to be recognized across EHR platforms and applications - such as LOINC (2.16.840.1.113883.6.1).
The whole purpose of the C-CDA, as the name "continuity of care" would suggest, is the seamless transition of patient information in a recognizable format to other organizations who may not utilize the same EHR.
Take a look at SMART CCDA Scorecard http://ccda-scorecard.smartplatforms.org/static/ccdaScorecard/#/
Also, what system are you using? Your system, especially for those values, should have the correct coding system because the values "SELF, MTH, FTH" are very common for documenting any demographic, insurance or patient related information. Otherwise, it might not meet the requirements of a certified EHR.
When the coding system doesn't contain an appropriate value you can use a NULL value and show the text, although usage of such is disallowed for certain elements. So your example should actually look something like this.
<code nullFlavor="OTH">
<originalText>Organ Donor</originalText>
</code>
But in general you should always try to use a valid concept code where one exists. That's the only way you'll achieve meaningful interoperability with third-party systems.

How to suppress false positives in Fortify

I have two questions regarding Fortify.
1 - Lets say I have a windows forms app, which asks for a username
and password, and the name of the textbox for password is
texboxPassword. So in the designer file, you have the following,
generated by the designer.
//
// texboxPassword
//
this.texboxPassword.Location = new System.Drawing.Point(16, 163);
this.texboxPassword.Name = "texboxPassword";
this.texboxPassword.Size = new System.Drawing.Size(200, 73);
this.texboxPassword.TabIndex = 3;
Fortify marks this as a password in comment issue. How can I suppress this by creating a custom rule? I don't want to suppress the whole issue because I still would like to catch certain patterns (such as password followed by = or : in comments) but the blanket search where any line that contains password is flagged is creating so many false positives. I looked into creating a structural rule but could not figure out how to remove the associated tag (where can I find the tag for password in comment anyways?)
2 - Let's say I have a custom UI control. This control html encodes everything and in my context, it is good enough to avoid XSS. Needless to say, it is being flagged by Fortify. How can I suppress XSS when I have a certain control type in my UI and all of its methods are safe for XSS (they sanitize) in my context? I have tried a DataflowCleanseRule (with a label just to test the concept) and wanted to mark get_Text() and set_Text() as sanitizer functions, but it did not make a difference and Fortify still flagged it for XSS.
<DataflowCleanseRule formatVersion="3.16" language="dotnet">
<RuleID>0D495522-BA81-440E-B191-48A67D9092BE</RuleID>
<TaintFlags>+VALIDATED_CROSS_SITE_SCRIPTING_REFLECTED,+VALIDATED_CROSS_SITE_SCRIPTING_PERSISTENT,+VALIDATED_CROSS_SITE_SCRIPTING_DOM,+VALIDATED_CROSS_SITE_SCRIPTING_POOR_VALIDATION</TaintFlags>
<FunctionIdentifier>
<NamespaceName>
<Pattern>System.Web.UI.WebControls</Pattern>
</NamespaceName>
<ClassName>
<Pattern>Label</Pattern>
</ClassName>
<FunctionName>
<Pattern>_Text</Pattern>
</FunctionName>
<ApplyTo implements="true" overrides="true" extends="true"/>
</FunctionIdentifier>
<OutArguments>return</OutArguments>
</DataflowCleanseRule>
Thank you in advance for your help
This is parsed using regular expressions. Unless you think you are able to create a regular expression that can parse human language properly, I would leave it alone and just audit it as not an issue.
The Pattern tag uses a java regular expression in the body, so should be used as user2867433 suggested. However, you stated
This control html encodes everything and in my context, it is good enough to avoid XSS
If you are going to use a custom rule, this has to assume that it will work in EVERY context, as say in the future somebody writes a piece of code that uses get_Text and then places this directly into a piece of JavaScript, html encoding will do NOTHING to stop the XSS problem here. I would advise again to audit this as not an issue or a false positive due to the validation used and explain why it's good enough in that context
Within "Pattern" you can use Java-Regex. So it should work if you use [gs]et_Text

Some questions about building a network-accessible, multi-user, programmable, interactive environment

Introduction
I've been attempting to build this project for many weeks now, and trying multiple solutions that I can't get my head around. Let me describe the project a little. It's a text-based server, that players can login to (via telnet or a client), essentially like a MUD. They can then create and interact with 'objects', giving them 'verbs' and 'properties'.
The server is basically just a database of 'objects', each object has an ID, a name, a location (which is another object), a list of its contents (objects) and some other flags. Objects can have 'verbs' and 'properties'. Properties are just stored data (string, int, float, w/e). Verbs are methods/functions. Objects are interacted with using commands such as "put something in container". An old version of the server already exists, it's called LambdaMOO. I'm attempting to re-create it since it hasn't been updated in a very, very long time.
You can read more in-depth about how objects, verbs and properties should work at: http://bit.ly/17XIqjY
An Example
Let me describe what I'd like. Imagine we have an object. Object #256, it's called "Button". It has the property "count" along with all the default properties that are inherited from it's parent (i.e. 'description'). It has one "verb" on it, called "push". This verb contains this code:
this.count += 1;
this.description = "This button has been pushed " + this.count + " times.";
player.tell("You press the button and feel a chill run down your spine.");
When the player types 'push button' on the server, the 'push' verb will run and output
You press the button and feel a chill run down your spine.
If you then look at the button, you'll see it's updated description.
Note that player in the above script refers the object of the player executing the verb. tell is another verb, on the player object. However the tell verb has a flag saying it is executable from other verbs.
What language?
My main question is what languages can I use for the 'verbs'? I've tried using node.js and the 'vm' library. I've tried using C# to parse C#. I've tried using C# to parse JavaScript. The issue I keep getting is that I have no way of controlling the permissions of the verbs and properties. If I translate them to literal functions in JavaScript, I can't determine which object they are running on and what permissions it should have. If a user calls a function on another users object, I have no way of intercepting that call and stopping it if the permissions aren't correct. I'm not entirely fussed as to which language is used for the verb code it just needs to be "sandboxed". Properties need to be only readable/writeable when they are set to be so by the user, same with verbs. I imagine I could use a language with overloading (like PHP's __get, __set, __call).
I need to also be able to inject these variables into the verb: (mostly determined from the command typed, unless the verb is being called from another verb)
player (object) the player who typed the command
this (object) the object on which this verb was found
caller (object) this will be the same as ‘player’, unless another
verb calls the command in which case it is the object
containing that verb.
verb (string) the first word of the command
argstr (string) everything after the first word of the command
args (list of strings) a list of the words in ‘argstr’
dobjstr (string) the direct object string found during parsing
dobj (object) the direct object value found during matching
prepstr (string) the prepositional phrase found during parsing
iobjstr (string) the indirect object string
iobj (object) the indirect object value
I also need to be able to access any object from any other object (so long as the permissions work out).
// Object #128. Verb: multiply Prep: this none this Perms: +r +x
return (args[0] * args[1]);
// Object #256. Verb: square Prep: this none this Perms: +r +x
return #128:multiply(args[0], args[0]);
// Object #512. Verb: touch Prep: any any this Perms: +r
// Has a property (int) 'size' on it.
this.size = #256:square(this.size);
this.description = "It's a large button, it spans " + this.size + " metres.";
player:tell("You touch the button, it gets bigger.");
The user could then push button and the button object's size property would be squared.
Recommended Reading
I highly recommend you to read the document at http://bit.ly/17XIqjY for a more in-depth idea of how the system should work.
It is also recommended you read the following documents, as μMOO is based upon LambdaMOO and it’s methodology:
https://en.wikipedia.org/wiki/LambdaMOO
https://en.wikipedia.org/wiki/MOO
http://www.hayseed.net/MOO/manuals/ProgrammersManual_toc.html
http://www.moo.mud.org/
I take this question as asking for a language that could do what you need. That's what I'll try to answer.
First, this task is hopelessly unsuited to any mainstream or imperative language such as C# or Java. I wouldn't even think about it. Javascript is possible, but not what it's good at and nothing specific to recommend it.
Second, if you had the right skills, it would be an excellent opportunity to design an entirely new language and spend the next year or two getting it working. People really do that, but I don't recommend it unless you like that kind of masochistic experience. [I do.]
So my recommendation is that you widen your language experience until you find a match. Of the languages I know moderately well, Ruby is the best to try first. As soon as you said inject these variables into the verb you made me think of Ruby, because lots of Ruby software (including Rails) is built exactly like that. Forget Python, Perl and Javascript: I really don't think they will hack it.
Beyond Ruby you might contemplate Lua. I haven't used it much recently, and it may not suit, but it is widely used as a games scripting language.
Beyond that are the true functional languages. There is the most ancient of them all: Lisp. You can do absolutely anything in Lisp, including implementing the language you were looking for in the first place. Then there are Scala and Haskell, to name just two. They are mind-bending to learn, but well suited to the kind of problem you have.
Not much of an answer because it basically says: learn each of these languages in turn until you find one that works for you. [Happy to help further if I can. I have fond memories of Moo.]

How do I construct the cake when using Scalaxb to connect to a SOAP service?

I've read the documentation, but what I need to know is:
I'm not using a fictitious stock quote service (with an imaginary wsdl file). I'm using a different service with a different name.
Where, among the thousands and thousands of lines of code that have been generated, will I find the Scala trait(s) that I need to put together that correspond to this line in the documentation's example:
val service = (new stockquote.StockQuoteSoap12Bindings with scalaxb.SoapClients with scalaxb.DispatchHttpClients {}).service
Now, you might be thinking "Why not just search for Soap12Bindings in the generated code"? Good idea - but that turns up 0 results.
The example in the documentation is outdated, or too specific. (The documentation is also internally inconsistent and inconsistent with the actual filenames output with scalaxb.)
First, search for SoapBindings instead of Soap12Bindings to find the service-specific trait (the first trait).
Then, instead of scalaxb.SoapClients, use scalaxb.Soap11Clients.

Capturing Field Name Metadata from a CSV File in Altova MapForce

I've been asked to prototype a replacement "file transformation process" (that currently is a mess of SQL) using Altova's MapForce. My input is a CSV file with headers. My problem is that I need to capture both the data AND the column name to use in downstream processing.
I need to have MapForce feed a C# method (imported as that takes two parameters: fieldName and value. I can access the value trivially, but after hours pouring over the manual (1000 pages!) I haven't found any examples of how to access the field name as an output.
The reason each output needs the field name and the value has to do with how all our mappings/transformations are currently managed - on a database. The .NET code jumps in at this point and does any necessary database lookups.
For example, if I had the following file:
"Symbol", "Account", "Price", ...
"FOO", "10101", "1.23", ...
"BAR", "10201, "13.56", ...
And a static method string TransformField( string fieldName, string value ),
I'd like to map the CSV file's Symbol data output to the method's value parameter and the Field Name "Symbol" to the method's fieldName parameter.
Some limitations:
I need to keep the "wiring" visible in the MapForce GUI. I'll have non-programmers maintaining the mappings in the future. So doing all this in code is not an option.
MapForce is the tool of choice by the company. Part of the reason our original process is such a mess is because the original programmer rolled his own mapping/transformation tool (out of TSQL no less - ouch).
We can treat all inputs/outputs to the method call as strings. Conversions will happen later.
I would like to avoid using scalar literals as inputs. I already have the column names from the file - I do not want to re-type each one and feed it to my method.
I'm not sure how many users out there have experience with this tool, but after 3 days of tinkering with it, I see much potential. If only I can get past this current sticking point, I think the company will have a solid alternative to their current mess.
Thanks for any/all suggestions.
I solved my issue and, for future reference, want to post a solution. I handled my problem by using MapForce's FlexText. This allowed me to extract the header from the CSV file and "invert" the column names as data inputs to the transformation process. Once I knew the approach to take, I was able to find more information directly from Altova.
I found a couple helpful tutorials while digging through their website:
Altova Online Videos
Web Tutorial
Hope this can help someone else in the future!

Resources