From 0d9f3e428f8bce093c374caaaa9d4d07e37ee1f5 Mon Sep 17 00:00:00 2001
From: Gcolon021 <34667267+Gcolon021@users.noreply.github.com>
Date: Fri, 13 Oct 2023 14:22:08 -0400
Subject: [PATCH 1/3] [ALS-5053] pen test medium stacktrace error (#85)

* [ALS-5000] Update maven compiler plugin
Maven compiler plugin has a dependency on log4j.

* [ALS-5053] Add error pages to web.xml
* [ALS-5053] Add value to server.xml
This value will intercept request processed by tomcat. I have disabled reports and show server information. This information should not be returned to the client.
---
 client-api/pom.xml                  |  10 +-
 docker/pic-sure-hpds/server.xml     |   1 +
 pom.xml                             | 654 ++++++++++++++--------------
 war/pom.xml                         |   2 +-
 war/src/main/webapp/WEB-INF/web.xml |   8 +
 5 files changed, 338 insertions(+), 337 deletions(-)

diff --git a/client-api/pom.xml b/client-api/pom.xml
index ef02dcbb..06638ab2 100644
--- a/client-api/pom.xml
+++ b/client-api/pom.xml
@@ -6,21 +6,17 @@
     <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
     <version>1.0-SNAPSHOT</version>
   </parent>
-
   <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
   <artifactId>client-api</artifactId>
   <version>1.0-SNAPSHOT</version>
-
   <name>client-api</name>
   <!-- FIXME change it to the project's website -->
   <url>http://www.example.com</url>
-
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <maven.compiler.source>1.7</maven.compiler.source>
     <maven.compiler.target>1.7</maven.compiler.target>
   </properties>
-
   <dependencies>
     <dependency>
       <groupId>junit</groupId>
@@ -29,9 +25,9 @@
       <scope>test</scope>
     </dependency>
   </dependencies>
-
   <build>
-    <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
+    <pluginManagement>
+      <!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
       <plugins>
         <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
         <plugin>
@@ -45,7 +41,7 @@
         </plugin>
         <plugin>
           <artifactId>maven-compiler-plugin</artifactId>
-          <version>3.8.0</version>
+          <version>3.11.0</version>
         </plugin>
         <plugin>
           <artifactId>maven-surefire-plugin</artifactId>
diff --git a/docker/pic-sure-hpds/server.xml b/docker/pic-sure-hpds/server.xml
index ebf2760b..8b835346 100644
--- a/docker/pic-sure-hpds/server.xml
+++ b/docker/pic-sure-hpds/server.xml
@@ -27,6 +27,7 @@
 			<Host name="localhost" appBase="/.extract/webapps" unpackWARs="true"
 				autoDeploy="true">
 				<Context path="/" reloadable="true" />
+				<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
 			</Host>
 		</Engine>
 	</Service>
diff --git a/pom.xml b/pom.xml
index ab958be4..879eeaf9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,333 +1,329 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
-	<artifactId>pic-sure-hpds</artifactId>
-	<version>1.0-SNAPSHOT</version>
-	<packaging>pom</packaging>
-	<name>pic-sure-hpds</name>
-	<modules>
-		<module>common</module>
-		<module>service</module>
-		<module>etl</module>
-		<module>data</module>
-		<module>docker</module>
-		<module>processing</module>
-		<module>war</module>
-		<module>client-api</module>
-	</modules>
-	<properties>
-		<jackson.version>1.8.6</jackson.version>
-		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<dockerfile-maven-version>1.4.10</dockerfile-maven-version>
-	</properties>
-	<repositories>
-		<repository>
-			<id>github</id>
-			<name>GitHub HMS-DBMI Apache Maven Packages</name>
-			<url>https://maven.pkg.github.com/hms-dbmi/pic-sure</url>
-			<snapshots>
-				<enabled>true</enabled>
-			</snapshots>
-		</repository>
-	</repositories>
-	<build>
-		<pluginManagement>
-			<plugins>
-				<plugin>
-					<groupId>org.apache.maven.plugins</groupId>
-					<artifactId>maven-dependency-plugin</artifactId>
-					<version>2.8</version>
-					<executions>
-						<execution>
-							<id>copy-installed</id>
-							<phase>install</phase>
-							<goals>
-								<goal>copy</goal>
-							</goals>
-							<configuration>
-								<artifactItems>
-									<artifactItem>
-										<groupId>${project.groupId}</groupId>
-										<artifactId>${project.artifactId}</artifactId>
-										<version>${project.version}</version>
-										<type>${project.packaging}</type>
-									</artifactItem>
-								</artifactItems>
-								<outputDirectory>pic-sure-hpds</outputDirectory>
-							</configuration>
-						</execution>
-					</executions>
-				</plugin>
-
-				<plugin>
-					<groupId>org.apache.tomcat.maven</groupId>
-					<artifactId>tomcat7-maven-plugin</artifactId>
-					<version>2.0</version>
-					<executions>
-						<execution>
-							<id>default-cli</id>
-							<goals>
-								<goal>run</goal>
-							</goals>
-							<configuration>
-								<port>13000</port>
-								<path>/jaxrs-service</path>
-								<useSeparateTomcatClassLoader>true</useSeparateTomcatClassLoader>
-								<jpda>true</jpda>
-								<systemProperties>
-									<JAVA_OPTS>-Xms256m -Xmx512m</JAVA_OPTS>
-								</systemProperties>
-							</configuration>
-						</execution>
-					</executions>
-					<configuration>
-					</configuration>
-				</plugin>
-				<plugin>
-					<groupId>org.apache.maven.plugins</groupId>
-					<artifactId>maven-eclipse-plugin</artifactId>
-					<configuration>
-						<projectNameTemplate>[artifactId]-[version]</projectNameTemplate>
-						<wtpmanifest>true</wtpmanifest>
-						<wtpapplicationxml>true</wtpapplicationxml>
-						<wtpversion>2.0</wtpversion>
-					</configuration>
-				</plugin>
-
-				<!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
-				<plugin>
-					<artifactId>maven-clean-plugin</artifactId>
-					<version>3.1.0</version>
-				</plugin>
-				<!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
-				<plugin>
-					<artifactId>maven-resources-plugin</artifactId>
-					<version>3.0.2</version>
-				</plugin>
-				<plugin>
-					<artifactId>maven-compiler-plugin</artifactId>
-					<version>3.8.0</version>
-					<configuration>
-						<release>11</release>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
+  <artifactId>pic-sure-hpds</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <packaging>pom</packaging>
+  <name>pic-sure-hpds</name>
+  <modules>
+    <module>common</module>
+    <module>service</module>
+    <module>etl</module>
+    <module>data</module>
+    <module>docker</module>
+    <module>processing</module>
+    <module>war</module>
+    <module>client-api</module>
+  </modules>
+  <properties>
+    <jackson.version>1.8.6</jackson.version>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <dockerfile-maven-version>1.4.10</dockerfile-maven-version>
+  </properties>
+  <repositories>
+    <repository>
+      <id>github</id>
+      <name>GitHub HMS-DBMI Apache Maven Packages</name>
+      <url>https://maven.pkg.github.com/hms-dbmi/pic-sure</url>
+      <snapshots>
+        <enabled>true</enabled>
+      </snapshots>
+    </repository>
+  </repositories>
+  <build>
+    <pluginManagement>
+      <plugins>
+        <plugin>
+          <groupId>org.apache.maven.plugins</groupId>
+          <artifactId>maven-dependency-plugin</artifactId>
+          <version>2.8</version>
+          <executions>
+            <execution>
+              <id>copy-installed</id>
+              <phase>install</phase>
+              <goals>
+                <goal>copy</goal>
+              </goals>
+              <configuration>
+                <artifactItems>
+                  <artifactItem>
+                    <groupId>${project.groupId}</groupId>
+                    <artifactId>${project.artifactId}</artifactId>
+                    <version>${project.version}</version>
+                    <type>${project.packaging}</type>
+                  </artifactItem>
+                </artifactItems>
+                <outputDirectory>pic-sure-hpds</outputDirectory>
+              </configuration>
+            </execution>
+          </executions>
+        </plugin>
+        <plugin>
+          <groupId>org.apache.tomcat.maven</groupId>
+          <artifactId>tomcat7-maven-plugin</artifactId>
+          <version>2.0</version>
+          <executions>
+            <execution>
+              <id>default-cli</id>
+              <goals>
+                <goal>run</goal>
+              </goals>
+              <configuration>
+                <port>13000</port>
+                <path>/jaxrs-service</path>
+                <useSeparateTomcatClassLoader>true</useSeparateTomcatClassLoader>
+                <jpda>true</jpda>
+                <systemProperties>
+                  <JAVA_OPTS>-Xms256m -Xmx512m</JAVA_OPTS>
+                </systemProperties>
+              </configuration>
+            </execution>
+          </executions>
+          <configuration>
 					</configuration>
-				</plugin>
-				<plugin>
-					<artifactId>maven-surefire-plugin</artifactId>
-					<version>2.22.1</version>
-				</plugin>
-				<plugin>
-					<artifactId>maven-jar-plugin</artifactId>
-					<version>3.0.2</version>
-				</plugin>
-				<plugin>
-					<artifactId>maven-install-plugin</artifactId>
-					<version>2.5.2</version>
-				</plugin>
-				<plugin>
-					<artifactId>maven-deploy-plugin</artifactId>
-					<version>2.8.2</version>
-				</plugin>
-				<!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
-				<plugin>
-					<artifactId>maven-site-plugin</artifactId>
-					<version>3.7.1</version>
-				</plugin>
-				<plugin>
-					<artifactId>maven-project-info-reports-plugin</artifactId>
-					<version>3.0.0</version>
-				</plugin>
-			</plugins>
-		</pluginManagement>
-	</build>
-	<dependencies>
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>ch.qos.logback</groupId>
-			<artifactId>logback-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>ch.qos.logback</groupId>
-			<artifactId>logback-classic</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-api</artifactId>
-		</dependency>
-	</dependencies>
-	<dependencyManagement>
-		<dependencies>
-			<dependency>
-				<groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
-				<artifactId>common</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
-				<artifactId>client-api</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
-				<artifactId>service</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
-				<artifactId>processing</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
-				<artifactId>etl</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
-				<artifactId>data</artifactId>
-				<version>${project.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>edu.harvard.hms.dbmi.avillach</groupId>
-				<artifactId>pic-sure-resource-api</artifactId>
-				<version>2.1.0-SNAPSHOT</version>
-			</dependency>
-			<dependency>
-				<groupId>ch.qos.logback</groupId>
-				<artifactId>logback-core</artifactId>
-				<version>1.2.9</version>
-			</dependency>
-			<dependency>
-				<groupId>ch.qos.logback</groupId>
-				<artifactId>logback-classic</artifactId>
-				<version>1.2.9</version>
-			</dependency>
-			<dependency>
-				<groupId>org.slf4j</groupId>
-				<artifactId>slf4j-api</artifactId>
-				<version>1.7.25</version>
-			</dependency>
-			<dependency>
-				<groupId>com.google.guava</groupId>
-				<artifactId>guava</artifactId>
-				<version>30.0-jre</version>
-			</dependency>
-			<dependency>
-				<groupId>org.apache.commons</groupId>
-				<artifactId>commons-math3</artifactId>
-				<version>3.6.1</version>
-			</dependency>
-			<dependency>
-				<groupId>de.siegmar</groupId>
-				<artifactId>fastcsv</artifactId>
-				<version>1.0.2</version>
-			</dependency>
-			<dependency>
-				<groupId>org.apache.commons</groupId>
-				<artifactId>commons-csv</artifactId>
-				<version>1.5</version>
-			</dependency>
-			<dependency>
-				<groupId>commons-io</groupId>
-				<artifactId>commons-io</artifactId>
-				<version>2.7</version>
-			</dependency>
-			<dependency>
-				<groupId>org.apache.cxf</groupId>
-				<artifactId>cxf-rt-frontend-jaxrs</artifactId>
-				<version>3.2.5</version>
-			</dependency>
-			<dependency>
-				<groupId>org.apache.cxf</groupId>
-				<artifactId>cxf-rt-rs-client</artifactId>
-				<version>3.2.5</version>
-			</dependency>
-			<dependency>
-				<groupId>org.codehaus.jackson</groupId>
-				<artifactId>jackson-core-asl</artifactId>
-				<version>${jackson.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>org.codehaus.jackson</groupId>
-				<artifactId>jackson-mapper-asl</artifactId>
-				<version>${jackson.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>javax.xml.bind</groupId>
-				<artifactId>jaxb-api</artifactId>
-				<version>2.3.0</version>
-			</dependency>
-			<dependency>
-				<groupId>com.sun.xml.bind</groupId>
-				<artifactId>jaxb-core</artifactId>
-				<version>2.3.0</version>
-			</dependency>
-			<dependency>
-				<groupId>com.sun.xml.bind</groupId>
-				<artifactId>jaxb-impl</artifactId>
-				<version>2.3.0</version>
-			</dependency>
-			<dependency>
-				<groupId>javax.activation</groupId>
-				<artifactId>activation</artifactId>
-				<version>1.1.1</version>
-			</dependency>
-			<dependency>
-				<groupId>org.codehaus.jackson</groupId>
-				<artifactId>jackson-jaxrs</artifactId>
-				<version>${jackson.version}</version>
-			</dependency>
-			<dependency>
-				<groupId>org.springframework</groupId>
-				<artifactId>spring-web</artifactId>
-				<version>4.3.20.RELEASE</version>
-			</dependency>
-			<dependency>
-				<groupId>junit</groupId>
-				<artifactId>junit</artifactId>
-				<version>4.13.1</version>
-				<scope>test</scope>
-			</dependency>
-			<dependency>
-				<groupId>org.mockito</groupId>
-				<artifactId>mockito-core</artifactId>
-				<version>3.8.0</version>
-				<scope>test</scope>
-			</dependency>
-			<dependency>
-				<groupId>com.oracle.database.jdbc</groupId>
-				<artifactId>ojdbc10</artifactId>
-				<version>19.17.0.0</version>
-			</dependency>
-			<dependency>
-				<groupId>org.springframework</groupId>
-				<artifactId>spring-jdbc</artifactId>
-				<version>5.1.1.RELEASE</version>
-			</dependency>
-			<dependency>
-				<groupId>com.github.ben-manes.caffeine</groupId>
-				<artifactId>caffeine</artifactId>
-				<version>3.1.1</version>
-			</dependency>
-			<dependency>
-				<groupId>org.springframework</groupId>
-				<artifactId>spring-test</artifactId>
-				<version>4.3.30.RELEASE</version>
-			</dependency>
+        </plugin>
+        <plugin>
+          <groupId>org.apache.maven.plugins</groupId>
+          <artifactId>maven-eclipse-plugin</artifactId>
+          <configuration>
+            <projectNameTemplate>[artifactId]-[version]</projectNameTemplate>
+            <wtpmanifest>true</wtpmanifest>
+            <wtpapplicationxml>true</wtpapplicationxml>
+            <wtpversion>2.0</wtpversion>
+          </configuration>
+        </plugin>
+        <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
+        <plugin>
+          <artifactId>maven-clean-plugin</artifactId>
+          <version>3.1.0</version>
+        </plugin>
+        <!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
+        <plugin>
+          <artifactId>maven-resources-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-compiler-plugin</artifactId>
+          <version>3.11.0</version>
+          <configuration>
+            <release>11</release>
+          </configuration>
+        </plugin>
+        <plugin>
+          <artifactId>maven-surefire-plugin</artifactId>
+          <version>2.22.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-jar-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-install-plugin</artifactId>
+          <version>2.5.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-deploy-plugin</artifactId>
+          <version>2.8.2</version>
+        </plugin>
+        <!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
+        <plugin>
+          <artifactId>maven-site-plugin</artifactId>
+          <version>3.7.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-project-info-reports-plugin</artifactId>
+          <version>3.0.0</version>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+  </build>
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>ch.qos.logback</groupId>
+      <artifactId>logback-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>ch.qos.logback</groupId>
+      <artifactId>logback-classic</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+    </dependency>
+  </dependencies>
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
+        <artifactId>common</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
+        <artifactId>client-api</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
+        <artifactId>service</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
+        <artifactId>processing</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
+        <artifactId>etl</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>edu.harvard.hms.dbmi.avillach.hpds</groupId>
+        <artifactId>data</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>edu.harvard.hms.dbmi.avillach</groupId>
+        <artifactId>pic-sure-resource-api</artifactId>
+        <version>2.1.0-SNAPSHOT</version>
+      </dependency>
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-core</artifactId>
+        <version>1.2.9</version>
+      </dependency>
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-classic</artifactId>
+        <version>1.2.9</version>
+      </dependency>
+      <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-api</artifactId>
+        <version>1.7.25</version>
+      </dependency>
+      <dependency>
+        <groupId>com.google.guava</groupId>
+        <artifactId>guava</artifactId>
+        <version>30.0-jre</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-math3</artifactId>
+        <version>3.6.1</version>
+      </dependency>
+      <dependency>
+        <groupId>de.siegmar</groupId>
+        <artifactId>fastcsv</artifactId>
+        <version>1.0.2</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-csv</artifactId>
+        <version>1.5</version>
+      </dependency>
+      <dependency>
+        <groupId>commons-io</groupId>
+        <artifactId>commons-io</artifactId>
+        <version>2.7</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-rt-frontend-jaxrs</artifactId>
+        <version>3.2.5</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-rt-rs-client</artifactId>
+        <version>3.2.5</version>
+      </dependency>
+      <dependency>
+        <groupId>org.codehaus.jackson</groupId>
+        <artifactId>jackson-core-asl</artifactId>
+        <version>${jackson.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.codehaus.jackson</groupId>
+        <artifactId>jackson-mapper-asl</artifactId>
+        <version>${jackson.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>javax.xml.bind</groupId>
+        <artifactId>jaxb-api</artifactId>
+        <version>2.3.0</version>
+      </dependency>
+      <dependency>
+        <groupId>com.sun.xml.bind</groupId>
+        <artifactId>jaxb-core</artifactId>
+        <version>2.3.0</version>
+      </dependency>
+      <dependency>
+        <groupId>com.sun.xml.bind</groupId>
+        <artifactId>jaxb-impl</artifactId>
+        <version>2.3.0</version>
+      </dependency>
+      <dependency>
+        <groupId>javax.activation</groupId>
+        <artifactId>activation</artifactId>
+        <version>1.1.1</version>
+      </dependency>
+      <dependency>
+        <groupId>org.codehaus.jackson</groupId>
+        <artifactId>jackson-jaxrs</artifactId>
+        <version>${jackson.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-web</artifactId>
+        <version>4.3.20.RELEASE</version>
+      </dependency>
+      <dependency>
+        <groupId>junit</groupId>
+        <artifactId>junit</artifactId>
+        <version>4.13.1</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.mockito</groupId>
+        <artifactId>mockito-core</artifactId>
+        <version>3.8.0</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>com.oracle.database.jdbc</groupId>
+        <artifactId>ojdbc10</artifactId>
+        <version>19.17.0.0</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-jdbc</artifactId>
+        <version>5.1.1.RELEASE</version>
+      </dependency>
+      <dependency>
+        <groupId>com.github.ben-manes.caffeine</groupId>
+        <artifactId>caffeine</artifactId>
+        <version>3.1.1</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-test</artifactId>
+        <version>4.3.30.RELEASE</version>
+      </dependency>
 
-		</dependencies>
-	</dependencyManagement>
-	<distributionManagement>
-		<repository>
-			<id>github</id>
-			<name>GitHub HMS-DBMI Apache Maven Packages</name>
-			<url>https://maven.pkg.github.com/hms-dbmi/pic-sure-hpds</url>
-		</repository>
-	</distributionManagement>
+    </dependencies>
+  </dependencyManagement>
+  <distributionManagement>
+    <repository>
+      <id>github</id>
+      <name>GitHub HMS-DBMI Apache Maven Packages</name>
+      <url>https://maven.pkg.github.com/hms-dbmi/pic-sure-hpds</url>
+    </repository>
+  </distributionManagement>
 </project>
\ No newline at end of file
diff --git a/war/pom.xml b/war/pom.xml
index 93c90038..42999b00 100644
--- a/war/pom.xml
+++ b/war/pom.xml
@@ -26,7 +26,7 @@
 					<configuration>
 						<release>9</release>
 					</configuration>
-					<version>3.8.0</version>
+					<version>3.11.0</version>
 				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
diff --git a/war/src/main/webapp/WEB-INF/web.xml b/war/src/main/webapp/WEB-INF/web.xml
index 04fbef21..dfa1d2ee 100644
--- a/war/src/main/webapp/WEB-INF/web.xml
+++ b/war/src/main/webapp/WEB-INF/web.xml
@@ -31,4 +31,12 @@
             <http-only>true</http-only>
         </cookie-config>
     </session-config>
+    <error-page>
+        <error-code>404</error-code>
+        <location>/error-404.html</location>
+    </error-page>
+    <error-page>
+        <error-code>500</error-code>
+        <location>/error-500.html</location>
+    </error-page>
 </web-app>

From b78567061a50dca47ce99f92984bed86f3e7665c Mon Sep 17 00:00:00 2001
From: Luke Sikina <lucas.skina@gmail.com>
Date: Sun, 15 Oct 2023 10:26:08 -0400
Subject: [PATCH 2/3] [ALS-5056] QueryRequest sumtype

- Update jackson deps to support serialization of polymorphic types
---
 data/pom.xml                                  | 16 ++++++++++++----
 .../hpds/data/phenotype/ColumnMeta.java       |  4 ++--
 pom.xml                                       | 19 ++++++++++++-------
 service/pom.xml                               | 16 ++++++++++------
 service/src/main/resources/jaxrs-context.xml  |  2 +-
 5 files changed, 37 insertions(+), 20 deletions(-)

diff --git a/data/pom.xml b/data/pom.xml
index 298160fc..f4afa848 100644
--- a/data/pom.xml
+++ b/data/pom.xml
@@ -8,6 +8,10 @@
 		<version>1.0-SNAPSHOT</version>
 	</parent>
 
+	<properties>
+		<jackson.version>2.15.2</jackson.version>
+	</properties>
+
 	<artifactId>data</artifactId>
 
 	<name>data</name>
@@ -26,12 +30,16 @@
 			<artifactId>commons-csv</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.codehaus.jackson</groupId>
-			<artifactId>jackson-core-asl</artifactId>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-databind</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.codehaus.jackson</groupId>
-			<artifactId>jackson-mapper-asl</artifactId>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-annotations</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>edu.harvard.hms.dbmi.avillach</groupId>
diff --git a/data/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/data/phenotype/ColumnMeta.java b/data/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/data/phenotype/ColumnMeta.java
index 3831c31c..98d2fa8d 100644
--- a/data/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/data/phenotype/ColumnMeta.java
+++ b/data/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/data/phenotype/ColumnMeta.java
@@ -3,8 +3,8 @@
 import java.io.Serializable;
 import java.util.List;
 
-import org.codehaus.jackson.annotate.JsonIgnore;
-import org.codehaus.jackson.map.annotate.JsonSerialize;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 
 @JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL)
 public class ColumnMeta implements Serializable{
diff --git a/pom.xml b/pom.xml
index 879eeaf9..67701777 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,7 +17,7 @@
     <module>client-api</module>
   </modules>
   <properties>
-    <jackson.version>1.8.6</jackson.version>
+    <jackson.version>2.15.2</jackson.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <dockerfile-maven-version>1.4.10</dockerfile-maven-version>
   </properties>
@@ -245,13 +245,18 @@
         <version>3.2.5</version>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.jackson</groupId>
-        <artifactId>jackson-core-asl</artifactId>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-core</artifactId>
         <version>${jackson.version}</version>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.jackson</groupId>
-        <artifactId>jackson-mapper-asl</artifactId>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-databind</artifactId>
+        <version>${jackson.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-annotations</artifactId>
         <version>${jackson.version}</version>
       </dependency>
       <dependency>
@@ -275,8 +280,8 @@
         <version>1.1.1</version>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.jackson</groupId>
-        <artifactId>jackson-jaxrs</artifactId>
+        <groupId>com.fasterxml.jackson.jaxrs</groupId>
+        <artifactId>jackson-jaxrs-json-provider</artifactId>
         <version>${jackson.version}</version>
       </dependency>
       <dependency>
diff --git a/service/pom.xml b/service/pom.xml
index 734e3a94..267d3092 100644
--- a/service/pom.xml
+++ b/service/pom.xml
@@ -45,12 +45,16 @@
 			<artifactId>guava</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.codehaus.jackson</groupId>
-			<artifactId>jackson-core-asl</artifactId>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-core</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.codehaus.jackson</groupId>
-			<artifactId>jackson-mapper-asl</artifactId>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-databind</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-annotations</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>javax.xml.bind</groupId>
@@ -69,8 +73,8 @@
 			<artifactId>activation</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.codehaus.jackson</groupId>
-			<artifactId>jackson-jaxrs</artifactId>
+			<groupId>com.fasterxml.jackson.jaxrs</groupId>
+			<artifactId>jackson-jaxrs-json-provider</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
diff --git a/service/src/main/resources/jaxrs-context.xml b/service/src/main/resources/jaxrs-context.xml
index 08a237bf..006ed56d 100644
--- a/service/src/main/resources/jaxrs-context.xml
+++ b/service/src/main/resources/jaxrs-context.xml
@@ -14,7 +14,7 @@
             <bean class="org.apache.cxf.transport.common.gzip.GZIPOutInterceptor" />
         </jaxrs:outInterceptors>
         <jaxrs:providers>
-            <bean class="org.codehaus.jackson.jaxrs.JacksonJsonProvider" />
+            <bean class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider" />
         </jaxrs:providers>
     </jaxrs:server>
 </beans>

From 47b827b05d27e47d63baa8a7a68a46a9be995861 Mon Sep 17 00:00:00 2001
From: ramari16 <ramari16@gmail.com>
Date: Mon, 23 Oct 2023 15:43:55 -0400
Subject: [PATCH 3/3] [ALS-5050] Ignore invalid concept paths in anyRecordOf
 queries (#87)

---
 .../hpds/processing/AbstractProcessor.java    |  7 +-
 .../processing/AbstractProcessorTest.java     | 80 ++++++++++++++++++-
 2 files changed, 83 insertions(+), 4 deletions(-)

diff --git a/processing/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/processing/AbstractProcessor.java b/processing/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/processing/AbstractProcessor.java
index e67d24cb..0a196f5b 100644
--- a/processing/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/processing/AbstractProcessor.java
+++ b/processing/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/processing/AbstractProcessor.java
@@ -273,7 +273,12 @@ private void addIdSetsForAnyRecordOf(List<String> anyRecordOfFilters, ArrayList<
 					addIdSetsForVariantSpecCategoryFilters(new String[]{"0/1", "1/1"}, path, patientsInScope, bucketCache);
 					return patientsInScope.stream();
 				} else {
-					return (Stream<Integer>) getCube(path).keyBasedIndex().stream();
+					try {
+						return (Stream<Integer>) getCube(path).keyBasedIndex().stream();
+					} catch (InvalidCacheLoadException e) {
+						// return an empty stream if this concept doesn't exist
+						return Stream.empty();
+					}
 				}
 			}).collect(Collectors.toSet());
 			filteredIdSets.add(anyRecordOfPatientSet);
diff --git a/processing/src/test/java/edu/harvard/hms/dbmi/avillach/hpds/processing/AbstractProcessorTest.java b/processing/src/test/java/edu/harvard/hms/dbmi/avillach/hpds/processing/AbstractProcessorTest.java
index e22bea5e..47153ee3 100644
--- a/processing/src/test/java/edu/harvard/hms/dbmi/avillach/hpds/processing/AbstractProcessorTest.java
+++ b/processing/src/test/java/edu/harvard/hms/dbmi/avillach/hpds/processing/AbstractProcessorTest.java
@@ -1,7 +1,10 @@
 package edu.harvard.hms.dbmi.avillach.hpds.processing;
 
 
+import com.google.common.cache.CacheLoader;
+import com.google.common.cache.LoadingCache;
 import edu.harvard.hms.dbmi.avillach.hpds.data.genotype.FileBackedByteIndexedInfoStore;
+import edu.harvard.hms.dbmi.avillach.hpds.data.phenotype.PhenoCube;
 import edu.harvard.hms.dbmi.avillach.hpds.data.query.Query;
 import edu.harvard.hms.dbmi.avillach.hpds.storage.FileBackedByteIndexedStorage;
 import org.junit.Before;
@@ -12,6 +15,7 @@
 import org.mockito.junit.MockitoJUnitRunner;
 
 import java.util.*;
+import java.util.concurrent.ExecutionException;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.junit.Assert.*;
@@ -33,6 +37,9 @@ public class AbstractProcessorTest {
     @Mock
     private PatientVariantJoinHandler patientVariantJoinHandler;
 
+    @Mock
+    private LoadingCache<String, PhenoCube<?>> mockLoadingCache;
+
     public static final String GENE_WITH_VARIANT_KEY = "Gene_with_variant";
     private static final String VARIANT_SEVERITY_KEY = "Variant_severity";
     public static final List<String> EXAMPLE_GENES_WITH_VARIANT = List.of("CDH8", "CDH9", "CDH10");
@@ -61,7 +68,7 @@ public void setup() {
                         new TreeMap<>(),
                         new TreeSet<>()
                 ),
-                null,
+                mockLoadingCache,
                 infoStores,
                 null,
                 variantService,
@@ -125,20 +132,87 @@ public void getPatientSubsetForQuery_twoVariantCategoryFilters_intersectFilters(
         when(patientVariantJoinHandler.getPatientIdsForIntersectionOfVariantSets(any(), argumentCaptor.capture())).thenReturn(List.of(Set.of(42)));
 
         Map<String, String[]> categoryVariantInfoFilters = Map.of(
-            GENE_WITH_VARIANT_KEY, new String[] {EXAMPLE_GENES_WITH_VARIANT.get(0)},
-            VARIANT_SEVERITY_KEY, new String[] {EXAMPLE_VARIANT_SEVERITIES.get(0)}
+                GENE_WITH_VARIANT_KEY, new String[] {EXAMPLE_GENES_WITH_VARIANT.get(0)},
+                VARIANT_SEVERITY_KEY, new String[] {EXAMPLE_VARIANT_SEVERITIES.get(0)}
+        );
+        Query.VariantInfoFilter variantInfoFilter = new Query.VariantInfoFilter();
+        variantInfoFilter.categoryVariantInfoFilters = categoryVariantInfoFilters;
+
+        List<Query.VariantInfoFilter> variantInfoFilters = List.of(variantInfoFilter);
+
+        Query query = new Query();
+        query.setVariantInfoFilters(variantInfoFilters);
+
+        TreeSet<Integer> patientSubsetForQuery = abstractProcessor.getPatientSubsetForQuery(query);
+        assertFalse(patientSubsetForQuery.isEmpty());
+        // Expected result is the intersection of the two filters
+        assertEquals(argumentCaptor.getValue(), new SparseVariantIndex(Set.of(4, 6)));
+    }
+
+    @Test
+    public void getPatientSubsetForQuery_anyRecordOf_applyOrLogic() throws ExecutionException {
+        when(variantIndexCache.get(GENE_WITH_VARIANT_KEY, EXAMPLE_GENES_WITH_VARIANT.get(0))).thenReturn(new SparseVariantIndex(Set.of(2, 4, 6)));
+        when(variantIndexCache.get(VARIANT_SEVERITY_KEY, EXAMPLE_VARIANT_SEVERITIES.get(0))).thenReturn(new SparseVariantIndex(Set.of(4, 5, 6, 7)));
+
+        ArgumentCaptor<VariantIndex> argumentCaptor = ArgumentCaptor.forClass(VariantIndex.class);
+        ArgumentCaptor<List<Set<Integer>>> listArgumentCaptor = ArgumentCaptor.forClass(List.class);
+        when(patientVariantJoinHandler.getPatientIdsForIntersectionOfVariantSets(listArgumentCaptor.capture(), argumentCaptor.capture())).thenReturn(List.of(Set.of(42)));
+
+        Map<String, String[]> categoryVariantInfoFilters = Map.of(
+                GENE_WITH_VARIANT_KEY, new String[] {EXAMPLE_GENES_WITH_VARIANT.get(0)},
+                VARIANT_SEVERITY_KEY, new String[] {EXAMPLE_VARIANT_SEVERITIES.get(0)}
         );
         Query.VariantInfoFilter variantInfoFilter = new Query.VariantInfoFilter();
         variantInfoFilter.categoryVariantInfoFilters = categoryVariantInfoFilters;
 
         List<Query.VariantInfoFilter> variantInfoFilters = List.of(variantInfoFilter);
 
+        PhenoCube mockPhenoCube = mock(PhenoCube.class);
+        when(mockPhenoCube.keyBasedIndex()).thenReturn(List.of(42, 101));
+        when(mockLoadingCache.get("good concept")).thenReturn(mockPhenoCube);
+        when(mockLoadingCache.get("bad concept")).thenThrow(CacheLoader.InvalidCacheLoadException.class);
+
+        Query query = new Query();
+        query.setVariantInfoFilters(variantInfoFilters);
+        query.setAnyRecordOf(List.of("good concept", "bad concept"));
+
+        TreeSet<Integer> patientSubsetForQuery = abstractProcessor.getPatientSubsetForQuery(query);
+        assertFalse(patientSubsetForQuery.isEmpty());
+        // Expected result is the intersection of the two filters
+        assertEquals(argumentCaptor.getValue(), new SparseVariantIndex(Set.of(4, 6)));
+        assertEquals(listArgumentCaptor.getValue().get(0), Set.of(42, 101));
+    }
+
+
+
+    @Test
+    public void getPatientSubsetForQuery_anyRecordOfInvalidKey_returnEmpty() throws ExecutionException {
+        when(variantIndexCache.get(GENE_WITH_VARIANT_KEY, EXAMPLE_GENES_WITH_VARIANT.get(0))).thenReturn(new SparseVariantIndex(Set.of(2, 4, 6)));
+        when(variantIndexCache.get(VARIANT_SEVERITY_KEY, EXAMPLE_VARIANT_SEVERITIES.get(0))).thenReturn(new SparseVariantIndex(Set.of(4, 5, 6, 7)));
+
+        ArgumentCaptor<VariantIndex> argumentCaptor = ArgumentCaptor.forClass(VariantIndex.class);
+        ArgumentCaptor<List<Set<Integer>>> listArgumentCaptor = ArgumentCaptor.forClass(List.class);
+        when(patientVariantJoinHandler.getPatientIdsForIntersectionOfVariantSets(listArgumentCaptor.capture(), argumentCaptor.capture())).thenReturn(List.of(Set.of(42)));
+
+        Map<String, String[]> categoryVariantInfoFilters = Map.of(
+                GENE_WITH_VARIANT_KEY, new String[] {EXAMPLE_GENES_WITH_VARIANT.get(0)},
+                VARIANT_SEVERITY_KEY, new String[] {EXAMPLE_VARIANT_SEVERITIES.get(0)}
+        );
+        Query.VariantInfoFilter variantInfoFilter = new Query.VariantInfoFilter();
+        variantInfoFilter.categoryVariantInfoFilters = categoryVariantInfoFilters;
+
+        List<Query.VariantInfoFilter> variantInfoFilters = List.of(variantInfoFilter);
+
+        when(mockLoadingCache.get("bad concept")).thenThrow(CacheLoader.InvalidCacheLoadException.class);
+
         Query query = new Query();
         query.setVariantInfoFilters(variantInfoFilters);
+        query.setAnyRecordOf(List.of("bad concept"));
 
         TreeSet<Integer> patientSubsetForQuery = abstractProcessor.getPatientSubsetForQuery(query);
         assertFalse(patientSubsetForQuery.isEmpty());
         // Expected result is the intersection of the two filters
         assertEquals(argumentCaptor.getValue(), new SparseVariantIndex(Set.of(4, 6)));
+        assertEquals(listArgumentCaptor.getValue().get(0), Set.of());
     }
 }