Materialisering av bruksenhet ved innkommende egenregistreringer

[anderssonw]

Endrer med dette oppsettet for hvordan man henter ut bruksenhetsinfo. Tidligere har vi kjørt gjennom alle egenregistreringer ved uthenting, men nå applyer vi kun siste egenregistrering inn til en snapshot av bruksenheten når vi får inn nye egenregistreringer.

Har også gjort at vi bruker UUID internt over boble-IDer, som kan være starten på at vi går over til dette fremfor bobleIDer. Ikke helt sikker på hvordan vi burde håndtere UUIDer i testing, men for nå har jeg bare gått med "tulle"-UUIDer.

I tillegg til dette har jeg satt opp en del Value Classes for IDene, og renamet bobleIDene til å gjenspeile at det er bobleIDer.

Endrer også bruk av kotlinx serialisering i applikasjonsmodulen, da den var litt vel "intrusive" for applikasjonslogikk. Håpet var egentlig å bli kvitt serialiseringsimplementasjoner fullstendig, men på grunn av manglende "hjelp" på hva man deserialiserer av Signatur vs. Fødselsnummer så måtte vi annotere litt der.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.
• ⚠️ 4 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

settings.gradle.kts

Package	Version	License	Issue Type
org.jetbrains.kotlin:kotlin-stdlib-common	2.0.0	Null	Unknown License

Denied Licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0, AGPL-3.0-or-later

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
maven/com.fasterxml.jackson.core:jackson-annotations	2.18.2	🟢 7.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/24 approved changesets -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 10 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/com.fasterxml.jackson.core:jackson-core	2.18.2	🟢 7.3	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 9 out of 9 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 1 Found 5/28 approved changesets -- score normalized to 1 Contributors 🟢 10 project has 5 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
maven/com.fasterxml.jackson.core:jackson-databind	2.18.2	🟢 7.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 0 Found 1/29 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/com.fasterxml.jackson.dataformat:jackson-dataformat-toml	2.18.2	🟢 7.5	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 8/23 approved changesets -- score normalized to 3 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies 🟢 10 all dependencies are pinned Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
maven/com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.18.2	🟢 7.5	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 8/23 approved changesets -- score normalized to 3 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies 🟢 10 all dependencies are pinned Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
maven/com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.18.2	🟢 7.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 9 binaries present in source code Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Pinned-Dependencies 🟢 10 all dependencies are pinned Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
maven/com.fasterxml.jackson.module:jackson-module-kotlin	2.18.2	🟢 7.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/13 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/com.fasterxml.jackson:jackson-bom	2.18.2	🟢 6.7	Details Check Score Reason Code-Review ⚠️ 0 Found 1/23 approved changesets -- score normalized to 0 Maintained 🟢 10 20 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 9 binaries present in source code Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy 🟢 10 security policy file detected Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.jetbrains.kotlin:kotlin-reflect	1.8.10	⚠️ 2.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ -1 no workflows found Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. License 🟢 9 license file detected SAST ⚠️ 0 no SAST tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 28 existing vulnerabilities detected
maven/org.jetbrains.kotlin:kotlin-stdlib-common	2.0.0	⚠️ 2.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ -1 no workflows found Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. License 🟢 9 license file detected SAST ⚠️ 0 no SAST tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 28 existing vulnerabilities detected
maven/org.jetbrains.kotlin:kotlin-stdlib-jdk7	1.8.0	⚠️ 2.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ -1 no workflows found Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. License 🟢 9 license file detected SAST ⚠️ 0 no SAST tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 28 existing vulnerabilities detected
maven/org.jetbrains.kotlin:kotlin-stdlib-jdk8	1.8.0	⚠️ 2.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ -1 No tokens found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ -1 no workflows found Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. License 🟢 9 license file detected SAST ⚠️ 0 no SAST tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 28 existing vulnerabilities detected
maven/org.jetbrains.kotlinx:kotlinx-coroutines-bom	1.6.4	🟢 5.3	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Binary-Artifacts 🟢 7 binaries present in source code Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ -1 no dependencies found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.jetbrains.kotlinx:kotlinx-coroutines-core	1.6.4	🟢 5.3	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Binary-Artifacts 🟢 7 binaries present in source code Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ -1 no dependencies found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm	1.6.4	🟢 5.3	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Binary-Artifacts 🟢 7 binaries present in source code Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ -1 no dependencies found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• settings.gradle.kts

[kvstrant]

Det er noen ting som må endres på hvis databasen trenger både til- og fra-dato. Dette kan bli et tema hvis man ønsker å hente ut flere rader for et gitt tidspunkt.

[kvstrant]

Jeg sliter med å finne noen god forklaring på om dette er en akseptabel ting å gjøre. Det er jo ikke i henhold til noen standard jeg kan finne.

[anderssonw]

Er det et problem å ha "uekte" UUIDer for tester? Jeg så bare dette som en grei måte å deale med UUIDene i testing å gjøre, men vet ikke om det har noen potensielle konsekvenser

[kvstrant]

Jeg vet ikke jeg heller.

[kvstrant]

Virker det ikke å bare sende en String? Hvis ikke, så kunne dette godt få en hjelpefunksjon. Kanskje til og med en fun PreparedStatement.setUuid(val index: Int, val uuid: UUID).

[anderssonw]

Fikk ikke det til, nei. Men enig i at det kunne vært en fin funksjon. Årnær!

[anderssonw]

Fant ut her at det faktisk er lov å bruke setObject direkte uten å spesifisere type for objektet. Tenker du det er fint med en liten hjelpefunksjon for UUID så man ikke må vite at man skal bruke setObject uansett, eller?

[anderssonw]

@kvstrant

[kvstrant]

Hva var det du kom frem til?

[anderssonw]

Jeg lagde en egen funksjon, siden UUID blir såpass vanlig. Kan vurdere å lage en tilsvarende for JsonBlob, men droppet det i første omgang pga. usikkerhet rundt håndtering av ObjectMapperen