GithubHelp home page GithubHelp logo

udsm-dhis2-lab / dim-mediator-engine Goto Github PK

View Code? Open in Web Editor NEW
0.0 5.0 0.0 808 KB

DHIS2 Integration Mediator for Data Exchange(Interoperability) between Systems

Home Page: https://github.com/hisptz/dim-mediator

License: GNU Lesser General Public License v3.0

JavaScript 100.00%

dim-mediator-engine's Introduction

DHIS2 Interoperability Mediator(DIM Mediator)

DHIS2 Mediator for Data Exchange(Interoperability) between MOH Systems and Other Systems

Greetings Maintainability Test Coverage Commitizen friendly Node.js CI Labeler GitHub Mark stale issues and pull requests

Introduction

System integration is an engineering process of bringing together the components(i.e subsystems) into one system(an aggregation of subsystems cooperating so that the system is able to deliver the overarching functionality) and ensuring that the subsystems function together as a system. In Computer Science we term it as linking together different computing systems and software applications physically and functionally to act as a coordinated whole. System integration it involves integrating existing systems in a such a way it increase value to the customers, improve product quality and performance while at the same time providing value to the company. In a modern world connected by Internet, more and more systems are designed to connect, both within the system under construction and to the system that are already deployed.

DHIS2 Integration Mediator

DHIS2 Interoperability Mediator(DIM Mediator) is intended to be used as the engine to initiate integration of the DHIS2 systems as well as other systems that are built with capacity to offer API services.

DHIS2 Interoperability Mediator

About The Project

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

License

Distributed under the LGPL-3.0 License. See LICENSE for more information.

GitHub

Contributors

Contact

Acknowledgements

dim-mediator-engine's People

Contributors

waltervfaustine avatar dependabot-preview[bot] avatar dependabot[bot] avatar mend-bolt-for-github[bot] avatar

Watchers

Ismail Koleleni avatar Joseph Chingalo avatar Tuzo Chubwa avatar Vincent P. Minde avatar Rajab Mkomwa avatar

dim-mediator-engine's Issues

CVE-2019-10795 (Medium) detected in undefsafe-2.0.2.tgz

CVE-2019-10795 - Medium Severity Vulnerability

Vulnerable Library - undefsafe-2.0.2.tgz

Undefined safe way of extracting object properties

Library home page: https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.2.tgz

Path to dependency file: /tmp/ws-scm/dim-mediator/package.json

Path to vulnerable library: /tmp/ws-scm/dim-mediator/node_modules/undefsafe/package.json

Dependency Hierarchy:

  • nodemon-2.0.2.tgz (Root Library)
    • undefsafe-2.0.2.tgz (Vulnerable Library)

Found in HEAD commit: b8bc705afee03d1d10b7671015b27e5f5a3c5f6e

Vulnerability Details

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload.

Publish Date: 2020-02-18

URL: CVE-2019-10795

CVSS 3 Score Details (6.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10795

Release Date: 2020-02-18

Fix Resolution: 2.0.3

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7598 (High) detected in minimist-1.2.0.tgz

CVE-2020-7598 - High Severity Vulnerability

Vulnerable Library - minimist-1.2.0.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz

Path to dependency file: /tmp/ws-scm/dim-mediator/package.json

Path to vulnerable library: /tmp/ws-scm/dim-mediator/node_modules/minimist/package.json

Dependency Hierarchy:

  • nodemon-2.0.2.tgz (Root Library)
    • update-notifier-2.5.0.tgz
      • latest-version-3.1.0.tgz
        • package-json-4.0.1.tgz
          • registry-auth-token-3.4.0.tgz
            • rc-1.2.8.tgz
              • minimist-1.2.0.tgz (Vulnerable Library)

Found in HEAD commit: b8bc705afee03d1d10b7671015b27e5f5a3c5f6e

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94

Release Date: 2020-03-11

Fix Resolution: minimist - 0.2.1,1.2.2

Step up your Open Source Security Game with WhiteSource here

CVE-2020-8116 (High) detected in dot-prop-4.2.0.tgz

CVE-2020-8116 - High Severity Vulnerability

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/dim-mediator/package.json

Path to vulnerable library: /tmp/ws-scm/dim-mediator/node_modules/dot-prop/package.json

Dependency Hierarchy:

  • nodemon-2.0.2.tgz (Root Library)
    • update-notifier-2.5.0.tgz
      • configstore-3.1.2.tgz
        • dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: b8bc705afee03d1d10b7671015b27e5f5a3c5f6e

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution: dot-prop - 5.1.1

Step up your Open Source Security Game with WhiteSource here

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/dim-mediator/package.json

Path to vulnerable library: /dim-mediator/node_modules/lodash/package.json

Dependency Hierarchy:

  • lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: 8803cb8a8289c6a940e55ebd7b7c82106ed220b6

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.