DataStorageLayer is split into ms and pg. All web services have either /ms or /pg in the URL to signify which database is being used. This needs to be refactored into a common super class for both databases and dispense of the two separate lumps of code for each database type. The actual differences between ms and pg are not very big. The RIF works the way things are now, but there is a lot of duplication of code and it will cause a huge maintenance problem in the future.
Done MM.
The R script uses ODBC. Now that JRI is used this can be changed to JDBC to allow Linux version of RIF. The JRI code has now been isolated into RIF_odbc.R prior to conversion.
Done MM. Uses JDBC on Postgres, ODBC on SQL Server
Improved logging. [PH done partially September 2017]; including correct error recovery tracing. Note there are issues with log4j log rotation.
Some improvements to log rotation by using one log file per service. Added front end logger at the same time. Logging no longer “hangs” at the end of the day (the log was only written if you shut down Tomcat nicely); but log rotation and the delay to write are still problems. Any solution
Still A LOT of redundant, dead-end, stubbed, duplicate or unused code resulting from the lack of initial scoping as to what the RIF was going to do.
Risk Analysis: Done, but more work needed on maps (do not include selection shapes)
Data Extract ZIP file. PH completed initial middleware support.
Rengine not being shutdown correctly on reload of service:
Cannot find JRI native library!
Please make sure that the JRI native library is in a directory listed in java.library.path.
java.lang.UnsatisfiedLinkError: Native Library C:\Program Files\R\R-3.4.0\library\rJava\jri\x64\jri.dll already loaded in another classloader
at java.lang.ClassLoader.loadLibrary0(Unknown Source)
at java.lang.ClassLoader.loadLibrary(Unknown Source)
at java.lang.Runtime.loadLibrary0(Unknown Source)
at java.lang.System.loadLibrary(Unknown Source)
at org.rosuda.JRI.Rengine.<clinit>(Rengine.java:19)
at rifServices.dataStorageLayer.pg.PGSQLSmoothResultsSubmissionStep.performStep(PGSQLSmoothResultsSubmissionStep.java:183)
at rifServices.dataStorageLayer.pg.PGSQLRunStudyThread.smoothResults(PGSQLRunStudyThread.java:257)
at rifServices.dataStorageLayer.pg.PGSQLRunStudyThread.run(PGSQLRunStudyThread.java:176)
at java.lang.Thread.run(Unknown Source)
at rifServices.dataStorageLayer.pg.PGSQLAbstractRIFStudySubmissionService.submitStudy(PGSQLAbstractRIFStudySubmissionService
The solution is to restart tomcat. Server reload needs to stop R. This requires a @WebListener
[Context Listener (javax.servlet.ServletContextListener)].
Code mostly works - may need some tidying in places. Possible refactor the submission mapping tools (rifd-dsub-maptable) to fit in with the Leaflet stuff used in disease mapping and data viewer as there is a lot of duplication. It works fine as it is though, just a maintenance issue. Especially: rifp-dsub-maptable.html, rifs-util-mapping.js
Export map to png functionality. [Done PH using Java]
Save rifSubmission to text file (.JSON). This is currently done with a directive in JS and as such is a bit temperamental because of various browser/security issues. We need a new middleware method to save the rifSubmission.txt as a .json file [see above]. [Done PH - implemented using middleware]. Files are now in JSON5 format to make fore readable
Some of the references to parent and child scopes are messy and non-angular and may need looking at. But it does work. Generally best replaced by services (e.g. the AlertService to access the AlertController)
Main CSS needs removal of redundant code
At some point, Leaflet version used will need to be updated to v1.2.x. Breaking changes to the RIF expected.
New D3 output graphs as-and-when requested by users. It is likely that when risk analysis is done, new graphs and/or tables will be needed.
A download link is required to download the actual ZIP file [this requires a Middleware method too!] [Done PH. Is intelligent]. May need a [redo] download button
When you change the geography the numerator and denominator do not change and need to be changed manually; [Done; bug fix]
ERROR: API method "isLoggedIn" has a null "userID" parameter.
ERROR: Record "User" field "User ID" cannot be empty.
Normally reloading the RIF allows the user to logon again; although if the user is already logged on the Middleware will not let the user log on a second time; [Done: 29/3/2018 PH]
The newest study completed when the RIF initialised is displayed, this does not change with even when the user goes to the tab for the first time;
Add save study/comparison bands to file. Upload from file must have fields named ID,Band and can have other fields (e.g. NAME). Names are restricted and a save to file option would be good. File: rifd-dsub-maptable.js; [Done PH 3/9/2018]
Second set:
The map hover displays the area_id property and should also display the name property if it is available [Done: 7/11/2017]. See also issue #65;
11:58:59.708 XML Parsing Error: no element found
Location: https://localhost:8080/rifServices/studyResultRetrieval/ms/getTileMakerTiles?userID=peter&geographyName=USA_2014&geoLevelSelectName=CB_2014_US_COUNTY_500K&zoomlevel=null&x=1&y=0
Line Number 1, Column 1: 1 getTileMakerTiles:1:1
Appears to stop the “zoom” to map and then to study extent;
Memory leaks [Done: PH 18/12/2017]
if (mapID === undefined) { // Occurs only on SQL Server!
// Do nothing!
$scope.consoleError("Null mapID; layer options: " + JSON.stringify(layer.options, null, 2));
if (layer !== undefined) {
layer.remove(); // Remove
}
}
This appears to only occur in SQL Server; this is probably because the SQL Server code is faster. This has dealt with the symptoms, not the cause. The direct cause is the layer add function is being called before the map has initialised properly. Taken with the Null zoomlevel error there is a synchronisation bug in the leaflet code. This issue was experienced with the TileMaker code and the fix - stronger asynchronous control is the same (i.e do not rely on Leaflet to do it all). This will have the effect of some counties not being displayed (say 40/3233).
resetTable = function () {
$scope.thisICDselection.length = 0; // This causes a leak!
// $scope.thisICDselection.splice(0, $scope.thisICDselection.length);
// A fix
};
This may be a Chrome specific bug; as the original code should work. It is
a widespread problem in the code; e.g. clearTheMapOnError(mapID) in
rifc-util-mapping.js; and more testing is needed to determine if this really causes
a leak! 60 javascript files were found to contain the string .length=.
BEWARE: THIS ISSUE COULD RETURN: ALWAYS TEST CHANGES TO ANY MAP CODE FOR LEAKS
Retrieve information on a completed study. Used in the info button in disease mapping and data viewer. The database cannot return all the required information. This requires changes to both the backend and middleware. [Done PH]
I’m not sure the statistical method is being stored in the database correctly, that is it is always NONE. [Done PH]
A large scale test dataset of real data is required for testing. The US County level SEER data was selected. [Done: both ports]
The SEER cancer data has 9,176,963 rows and requires 800MB for the data and 1.3GB for the indexes.
The test study 1004 SEER 2000-13 lung cancer HH income mainland states.json:
States were chosen so they mapped compactly:
Lung cancer:
Data is extracted SQL server in 35s and R INLA in 40s.
205 unique URLs were tested using OWASP ZAP (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) Ajax Spider
The report is at: (/rapidInquiryFacility/development/owasp_zap_test1.md) and the URL list tested is at: (/rapidInquiryFacility/development/url_list2.txt).
One medium and three low medium isses were highlighted for fixing.
X-Frame-Options Header Not Set
X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.
Incomplete or No Cache-control and Pragma HTTP Header Set
The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.
X-Content-Type-Options Header Missing
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ‘nosniff’. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
Web Browser XSS Protection Not Enabled
Web Browser XSS Protection is not enabled, or is disabled by the configuration of the ‘X-XSS-Protection’ HTTP response header on the web server
The X-XSS-Protection HTTP response header allows the web server to enable or disable the web browser’s XSS protection mechanism. The following values would attempt to enable it:
The following values would disable it:
The X-XSS-Protection HTTP response header is currently supported on Internet Explorer, Chrome and Safari (WebKit). Note that this alert is only raised if the response body could potentially contain an XSS payload (with a text-based content type, with a non-zero length).
TileMaker is currently working with some minor faults but needs to:
Needs to be specified.
Needs to be discussed with CDC.
These are to end of contract 10th October 2018
Laymen installation manual and technical manual for setting up RIF software installation on a new machine by any of the members of the RIF core team (i.e. Martin, Brandon and Fred) – 10th May 2018
(Instruction to be cross checked on ICL on site computers by SAHSU team before sign off)
Layman method for adding new user login. For both non-secured and secure environment ie private network. Provided as part of the database administrators manual. To be provided in SQL and requires database administration privileges. Automation to be a part of the future information governance tool – May 2018
UK geographies to be added and protocol for adding new geographies to the RIF to be available. Clear documented methods for adding new geographies. – May-June 2018
Straightforward way of adding data to the RIF database. Supply data formatting instructions to the SAHSU data team lead. – June 2018
Disease mapping and risk analysis: the same functionalities as originally included in the RIF 3.2 (except multiple investigations) should be included and working. Having additional functionalities (e.g. SatSCAN) would be good, but if not possible, clear guidance on how to add functionalities should be available. All the functionalities available in the beta-version should have been tested by the end of the contract period (with the support of the RIF team, including Aina and Fred). While Brandon and Martin will have key roles in the development of the risk analysis functionalities, you will oversee the integration into the RIF of the different pieces developed by each of them. – July 2018
ICD codes. Provide protocol for application notes. Will add support to the RIF for using ICD9, 10 and 11 simultaneously if time permits – Aug 2018
Confounders. Sex and age defaults. Protocol on how to add and test other cofounders to be made available for the SAHSU team to be able to manage. such as socio-demographic status (Carstairs or IMD), ethnicity or smoking. – Aug 2018
TileMaker and TileViewer: Details of coding and troubleshooting suggestions provided and possible bug fixes. Both to be tested on differing geographies before handover. – Apr-Sep 2018
A complete manual describing the functionalities of the RIF and their use, to be developed with other members of the RIF team, including Brandon, Martin, Aina and Fred. To be kept current. – Apr-Sep 2018
Fully up to date Github repository, with clear annotations and explanations. To be kept current – Apr-Sep 2018
| Who | April to May 2018 | June to July 2018 | August to September 2018 |
|---|---|---|---|
| Peter Hambly | Build SAHSU production system, UK 2011 geography | test SAHSU production system | RIF Handover to Martin McCallion |
| Manuals: system manager, data loader, revise user | Remaining database related functionality | Handover SAHSU production system to Hima Daby | |
| Martin McCallion | Risk analysis | Complete risk analysis | Data loader |
| Brandon Parkes | RIF results field renaming specification | ||
| Statistical script for processing risk analysis |
RIF Handover [Peter Hambly]
This is nice to have functionality that is on hold pending an assessment of need and/or technical feasibility
These are issues that have been noted but do not affect the running of the RIF
AbstractSQLManager logSQLQuery 1rifServices.dataStorageLayer.pg.PGSQLRIFContextManager==
==========================================================
QUERY NAME:checkGeoLevelViewExistsQuery
PARAMETERS:
1:"GEOID"
2:"USA_2014"
3:"1"
SQL QUERY TEXT
SELECT 1
FROM
rif40_geolevels
WHERE
geolevel_name=? AND
geography=?;
==========================================================
rifGenericLibrary.system.RIFServiceException: Record "Area types" with value "GEOID" not found in the database.
at rifServices.dataStorageLayer.pg.PGSQLRIFContextManager.checkGeoLevelSelectExists(PGSQLRIFContextManager.java:1192)
at rifServices.dataStorageLayer.pg.PGSQLRIFContextManager.validateCommonMethodParameters(PGSQLRIFContextManager.
This is caused by the wrong setup in rif40_geogrpaphies (i.e. tilemaker)
sahsuland=> select * from rif40_geographies;
geography | description | hierarchytable | srid | defaultcomparea | defaultstudyarea | postal_population_table | postal_point_column | partition | max_geojson_digits | geometrytable | tiletable | minzoomlevel | maxzoomlevel | adjacencytable
-----------+------------------------------------------+---------------------+-------+------------------+------------------+-------------------------+---------------------+-----------+--------------------+--------------------+-----------------+--------------+--------------+---------------------
SAHSULAND | SAHSU Example geography | HIERARCHY_SAHSULAND | 27700 | SAHSU_GRD_LEVEL1 | SAHSU_GRD_LEVEL3 | | | 1 | 6 | GEOMETRY_SAHSULAND | TILES_SAHSULAND | 6 | 11 | ADJACENCY_SAHSULAND
USA_2014 | US 2014 Census geography to county level | HIERARCHY_USA_2014 | 4269 | GEOID | STATENS | | | 1 | 6 | GEOMETRY_USA_2014 | TILES_USA_2014 | 6 | 9 |
(2 rows)
Attempt at fix failed (trigger fault)
UPDATE rif40_geographies
SET defaultcomparea = 'CB_2014_US_STATE_500K'
WHERE defaultcomparea = 'GEOID' AND geography = 'USA_2014';
UPDATE rif40_geographies
SET defaultstudyarea = 'CB_2014_US_COUNTY_500K'
WHERE geography = 'USA_2014';
So the script was fixed, reload needed DELETE FROM rif40_covariates WHERE geography = ‘USA_2014’ adding. This was fixed from before; I appear to have used an older script! Also STATE was not a comparison are; this is probably a fault in the scripts. All flags should be set in rif40_geolevels Postgres run study middleware code not stopping on error!
GET XHR https://peter-pc:8080/rifServices/studySubmission/ms/getDatabaseType?userID=peter [HTTP/1.1 200 25ms]
09:09:31.552 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://peter-pc:8080/rifServices/studySubmission/ms/getDatabaseType?userID=peter. (Reason: CORS header 'Access-Control-Allow-Origin' missing). 1 (unknown)
Peter Hambly May 2nd 2018