fix: address CodeRabbit security and code quality feedback

Suraj-kumar00 · Suraj-kumar00 · commit e1f23468d8b0 · 2025-12-23T22:46:37.000+05:30
- Simplify /health to return minimal response {status: UP/DOWN} - Make Maven properties path configurable via @value annotation - Remove exception message exposure in JWT filter error response - Remove unused methods and imports
diff --git a/src/main/java/com/iemr/admin/service/health/HealthService.java b/src/main/java/com/iemr/admin/service/health/HealthService.java
@@ -24,7 +24,6 @@
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
-import java.time.Instant;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -33,7 +32,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.redis.core.RedisCallback;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
@@ -47,142 +45,75 @@ public class HealthService {
     @Autowired
     private DataSource dataSource;
 
-    @Value("${app.version:unknown}")
-    private String appVersion;
-
     @Autowired(required = false)
     private RedisTemplate<String, Object> redisTemplate;
 
     public Map<String, Object> checkHealth() {
         Map<String, Object> healthStatus = new HashMap<>();
-        Map<String, Object> services = new HashMap<>();
         boolean overallHealth = true;
 
-        // Check database connectivity
-        Map<String, Object> dbStatus = checkDatabaseHealth();
-        services.put("database", dbStatus);
-        if (!"UP".equals(dbStatus.get("status"))) {
+        // Check database connectivity (details logged internally, not exposed)
+        boolean dbHealthy = checkDatabaseHealthInternal();
+        if (!dbHealthy) {
             overallHealth = false;
         }
 
-        // Check Redis connectivity if configured
+        // Check Redis connectivity if configured (details logged internally)
         if (redisTemplate != null) {
-            Map<String, Object> redisStatus = checkRedisHealth();
-            services.put("redis", redisStatus);
-            if (!"UP".equals(redisStatus.get("status"))) {
+            boolean redisHealthy = checkRedisHealthInternal();
+            if (!redisHealthy) {
                 overallHealth = false;
             }
-        } else {
-            Map<String, Object> redisStatus = new HashMap<>();
-            redisStatus.put("status", "NOT_CONFIGURED");
-            redisStatus.put("message", "Redis not configured for this environment");
-            services.put("redis", redisStatus);
         }
 
         healthStatus.put("status", overallHealth ? "UP" : "DOWN");
-        healthStatus.put("services", services);
-        healthStatus.put("timestamp", Instant.now().toString());
-        healthStatus.put("application", "admin-api");
-        healthStatus.put("version", appVersion);
 
         logger.info("Health check completed - Overall status: {}", overallHealth ? "UP" : "DOWN");
         return healthStatus;
     }
 
-    private Map<String, Object> checkDatabaseHealth() {
-        Map<String, Object> dbStatus = new HashMap<>();
+    private boolean checkDatabaseHealthInternal() {
         long startTime = System.currentTimeMillis();
         
         try (Connection connection = dataSource.getConnection()) {
-            // Test connection validity
-            boolean isConnectionValid = connection.isValid(5); // 5 second timeout
+            boolean isConnectionValid = connection.isValid(2); // 2 second timeout per best practices
             
             if (isConnectionValid) {
-                // Execute a simple query to ensure database is responsive
-                try (PreparedStatement stmt = connection.prepareStatement(DB_HEALTH_CHECK_QUERY);
-                     ResultSet rs = stmt.executeQuery()) {
-                    
-                    if (rs.next() && rs.getInt(1) == 1) {
-                        long responseTime = System.currentTimeMillis() - startTime;
-                        
-                        dbStatus.put("status", "UP");
-                        dbStatus.put("responseTime", responseTime + "ms");
-                        dbStatus.put("message", "Database connection successful");
-                        
-                        logger.debug("Database health check: UP ({}ms)", responseTime);
-                    } else {
-                        dbStatus.put("status", "DOWN");
-                        dbStatus.put("message", "Database query returned unexpected result");
-                        logger.warn("Database health check: Query returned unexpected result");
+                try (PreparedStatement stmt = connection.prepareStatement(DB_HEALTH_CHECK_QUERY)) {
+                    stmt.setQueryTimeout(3); // 3 second query timeout
+                    try (ResultSet rs = stmt.executeQuery()) {
+                        if (rs.next() && rs.getInt(1) == 1) {
+                            long responseTime = System.currentTimeMillis() - startTime;
+                            logger.debug("Database health check: UP ({}ms)", responseTime);
+                            return true;
+                        }
                     }
                 }
-            } else {
-                dbStatus.put("status", "DOWN");
-                dbStatus.put("message", "Database connection is not valid");
-                logger.warn("Database health check: Connection is not valid");
             }
-            
+            logger.warn("Database health check: Connection not valid");
+            return false;
         } catch (Exception e) {
-            long responseTime = System.currentTimeMillis() - startTime;
-            dbStatus.put("status", "DOWN");
-            dbStatus.put("responseTime", responseTime + "ms");
-            dbStatus.put("error", e.getClass().getSimpleName());
-            
-            logger.error("Database health check failed: {}", e.getMessage(), e);
+            logger.error("Database health check failed: {}", e.getMessage());
+            return false;
         }
-        
-        return dbStatus;
     }
 
-    private Map<String, Object> checkRedisHealth() {
-        Map<String, Object> redisStatus = new HashMap<>();
+    private boolean checkRedisHealthInternal() {
         long startTime = System.currentTimeMillis();
         
         try {
-            // Test Redis connection with ping using explicit RedisCallback
-            String pong = redisTemplate.execute((RedisCallback<String>) connection -> {
-                return connection.ping();
-            });
+            String pong = redisTemplate.execute((RedisCallback<String>) connection -> connection.ping());
             
             if ("PONG".equals(pong)) {
                 long responseTime = System.currentTimeMillis() - startTime;
-                
-                // Additional test: set and get a test key
-                String testKey = "health:check:" + System.currentTimeMillis();
-                String testValue = "test-value";
-                
-                redisTemplate.opsForValue().set(testKey, testValue);
-                Object retrievedValue = redisTemplate.opsForValue().get(testKey);
-                redisTemplate.delete(testKey); // Clean up test key
-                
-                if (testValue.equals(retrievedValue)) {
-                    redisStatus.put("status", "UP");
-                    redisStatus.put("responseTime", responseTime + "ms");
-                    redisStatus.put("message", "Redis connection and operations successful");
-                    redisStatus.put("ping", "PONG");
-                    
-                    logger.debug("Redis health check: UP ({}ms)", responseTime);
-                } else {
-                    redisStatus.put("status", "DOWN");
-                    redisStatus.put("message", "Redis set/get operation failed");
-                    logger.warn("Redis health check: Set/Get operation failed");
-                }
-            } else {
-                redisStatus.put("status", "DOWN");
-                redisStatus.put("message", "Redis ping returned: " + pong);
-                logger.warn("Redis health check: Ping returned unexpected response: {}", pong);
+                logger.debug("Redis health check: UP ({}ms)", responseTime);
+                return true;
             }
-            
+            logger.warn("Redis health check: Ping returned unexpected response");
+            return false;
         } catch (Exception e) {
-            long responseTime = System.currentTimeMillis() - startTime;
-            redisStatus.put("status", "DOWN");
-            redisStatus.put("message", "Redis connection failed");
-            redisStatus.put("responseTime", responseTime + "ms");
-            redisStatus.put("error", e.getClass().getSimpleName());
-            
-            logger.error("Redis health check failed", e);
+            logger.error("Redis health check failed: {}", e.getMessage());
+            return false;
         }
-        
-        return redisStatus;
     }
 }
diff --git a/src/main/java/com/iemr/admin/service/version/VersionService.java b/src/main/java/com/iemr/admin/service/version/VersionService.java
@@ -45,6 +45,9 @@ public class VersionService {
     @Value("${app.version:unknown}")
     private String appVersion;
     
+    @Value("${maven.properties.path:META-INF/maven/com.iemr.admin/admin-api/pom.properties}")
+    private String mavenPropertiesPath;
+    
     private final ObjectMapper objectMapper = new ObjectMapper();
 
     /**
@@ -117,7 +120,7 @@ private void addBuildInformation(Map<String, String> versionInfo) {
             versionInfo.put("build.time", time);
         } else {
             logger.info("build-info.properties not found, trying Maven properties");
-            Properties mavenProps = loadPropertiesFile("META-INF/maven/com.iemr.admin/admin-api/pom.properties");
+            Properties mavenProps = loadPropertiesFile(mavenPropertiesPath);
             if (mavenProps != null) {
                 String version = mavenProps.getProperty("version", appVersion);
                 versionInfo.put("build.version", version);
diff --git a/src/main/java/com/iemr/admin/utils/JwtUserIdValidationFilter.java b/src/main/java/com/iemr/admin/utils/JwtUserIdValidationFilter.java
@@ -131,7 +131,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 
 		} catch (Exception e) {
 			logger.error("Authorization error: ", e);
-			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage());
+			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token");
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo`
`131`	`131`
`132`	`132`	`} catch (Exception e) {`
`133`	`133`	`logger.error("Authorization error: ", e);`
`134`		`- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage());`
	`134`	`+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token");`
`135`	`135`	`}`
`136`	`136`	`}`
`137`	`137`