From c6e1b0d23986e0888bbeeb84f67a9175b327a187 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Jun 2024 12:10:58 +0000
Subject: [PATCH 1/5] Update base64 requirement from 0.21.0 to 0.22.1

Updates the requirements on [base64](https://github.com/marshallpierce/rust-base64) to permit the latest version.
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md)
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.21.0...v0.22.1)

---
updated-dependencies:
- dependency-name: base64
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 168551a..4155a4f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,7 +7,7 @@ license = "Apache-2.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-base64 = { version = "0.21.0", default_features = false }
+base64 = { version = "0.22.1", default_features = false }
 http = "0.2"
 reqwest = { version = "0.11", default_features = false, features = ["json", "default-tls"] }
 serde = { version = "1.0.152", features = ["serde_derive"] }

From b203ba21a2f4f28d397839d8db92bc0d3558702a Mon Sep 17 00:00:00 2001
From: lablans <m.lablans@dkfz-heidelberg.de>
Date: Thu, 20 Jun 2024 12:27:40 +0000
Subject: [PATCH 2/5] Fix compile error around new version of base64 crate

---
 Cargo.toml | 2 +-
 src/cql.rs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 4155a4f..8d0e486 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,7 +7,7 @@ license = "Apache-2.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-base64 = { version = "0.22.1", default_features = false }
+base64 = "0.22.1"
 http = "0.2"
 reqwest = { version = "0.11", default_features = false, features = ["json", "default-tls"] }
 serde = { version = "1.0.152", features = ["serde_derive"] }
diff --git a/src/cql.rs b/src/cql.rs
index eb93a2f..f794e27 100644
--- a/src/cql.rs
+++ b/src/cql.rs
@@ -5,7 +5,7 @@ use crate::projects::{
     MANDATORY_CODE_SYSTEMS, OBSERVATION_LOINC_CODE, SAMPLE_TYPE_WORKAROUNDS,
 };
 
-use base64::{engine::general_purpose::STANDARD as BASE64, Engine as _};
+use base64::{prelude::BASE64_STANDARD as BASE64, Engine as _};
 use chrono::offset::Utc;
 use chrono::DateTime;
 use indexmap::set::IndexSet;

From 3e096838b0f113967505d124a22bd15e515a6f2b Mon Sep 17 00:00:00 2001
From: lablans <m.lablans@dkfz-heidelberg.de>
Date: Thu, 20 Jun 2024 12:37:53 +0000
Subject: [PATCH 3/5] Fix some warnings

---
 src/blaze.rs  | 1 -
 src/config.rs | 2 --
 src/cql.rs    | 6 +++---
 src/main.rs   | 2 +-
 src/util.rs   | 6 ++++--
 5 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/blaze.rs b/src/blaze.rs
index 61d0ce4..02162e1 100644
--- a/src/blaze.rs
+++ b/src/blaze.rs
@@ -4,7 +4,6 @@ use serde::Serialize;
 use serde_json::Value;
 use tracing::{debug, warn, info};
 
-use crate::BeamTask;
 use crate::errors::FocusError;
 use crate::util;
 use crate::util::get_json_field;
diff --git a/src/config.rs b/src/config.rs
index 3c783ec..e736fba 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -174,7 +174,6 @@ pub(crate) struct Config {
     pub rounding_step: usize,
     pub unobfuscated: Vec<String>,
     pub queries_to_cache: Option<PathBuf>,
-    tls_ca_certificates: Vec<Certificate>,
     pub client: Client,
     pub provider: Option<String>,
     pub provider_icon: Option<String>,
@@ -217,7 +216,6 @@ impl Config {
             rounding_step: cli_args.rounding_step,
             unobfuscated: cli_args.projects_no_obfuscation.split(';').map(|s| s.to_string()).collect(),
             queries_to_cache: cli_args.queries_to_cache,
-            tls_ca_certificates,
             provider: cli_args.provider,
             provider_icon: cli_args.provider_icon,
             auth_header: cli_args.auth_header,
diff --git a/src/cql.rs b/src/cql.rs
index f794e27..0468dfe 100644
--- a/src/cql.rs
+++ b/src/cql.rs
@@ -17,11 +17,11 @@ pub fn generate_body(ast: ast::Ast) -> Result<String, FocusError> {
         .to_string()
         .replace(
             "{{LIBRARY_UUID}}",
-            format!("urn:uuid:{}", Uuid::new_v4().to_string()).as_str(),
+            format!("urn:uuid:{}", Uuid::new_v4()).as_str(),
         )
         .replace(
             "{{MEASURE_UUID}}",
-            format!("urn:uuid:{}", Uuid::new_v4().to_string()).as_str(),
+            format!("urn:uuid:{}", Uuid::new_v4()).as_str(),
         )
         .replace(
             "{{LIBRARY_ENCODED}}",
@@ -118,7 +118,7 @@ pub fn process(
             if let Some(code_lists_vec) = code_lists_option {
                 for (index, code_list) in code_lists_vec.iter().enumerate() {
                     code_systems.insert(code_list);
-                    let placeholder = format!("{{{{A{}}}}}", (index + 1).to_string()); //to keep compatibility with snippets in typescript
+                    let placeholder = format!("{{{{A{}}}}}", (index + 1)); //to keep compatibility with snippets in typescript
                     condition_string = condition_string.replace(placeholder.as_str(), code_list);
                 }
             }
diff --git a/src/main.rs b/src/main.rs
index 5aa9f50..1e4e423 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -174,7 +174,7 @@ async fn process_task(
             return Err(FocusError::MissingExporterTaskType);
         };
         let body = &task.body;
-        return Ok(run_exporter_query(task, body, task_type).await?);
+        return run_exporter_query(task, body, task_type).await;
     }
 
     if CONFIG.endpoint_type == EndpointType::Blaze {
diff --git a/src/util.rs b/src/util.rs
index 843b789..423f12a 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -8,7 +8,7 @@ use serde_json::{json, Value};
 use std::collections::HashMap;
 use std::fs::File;
 use std::io::{self, BufRead, BufReader};
-use std::path::{Path, PathBuf};
+use std::path::Path;
 use tracing::warn;
 
 #[derive(Debug, Deserialize, Serialize)]
@@ -107,6 +107,7 @@ pub(crate) fn is_cql_tampered_with(decoded_library: impl Into<String>) -> bool {
     decoded_library.contains("define")
 }
 
+#[allow(clippy::too_many_arguments)]
 pub fn obfuscate_counts_mr(
     json_str: &str,
     obf_cache: &mut ObfCache,
@@ -127,7 +128,7 @@ pub fn obfuscate_counts_mr(
         2 => ObfuscateBelow10Mode::Obfuscate,
         _ => ObfuscateBelow10Mode::Obfuscate,
     };
-    let mut measure_report: MeasureReport = serde_json::from_str(&json_str)
+    let mut measure_report: MeasureReport = serde_json::from_str(json_str)
         .map_err(|e| FocusError::DeserializationError(format!(r#"{}. Is obfuscation turned on when it shouldn't be? Is the metadata in the task formatted correctly, like this {{"project": "name"}}? Are there any other projects stated in the projects_no_obfuscation parameter in the bridgehead?"#, e)))?;
     for g in &mut measure_report.group {
         match &g.code.text[..] {
@@ -274,6 +275,7 @@ pub fn obfuscate_counts_mr(
     Ok(measure_report_obfuscated)
 }
 
+#[allow(clippy::too_many_arguments)]
 fn obfuscate_counts_recursive(
     val: &mut Value,
     delta: f64,

From 28ea6bbe4f3d66f84ce03b7be369899a46240790 Mon Sep 17 00:00:00 2001
From: Enola Knezevic <enola.knezevic@dkfz-heidelberg.com>
Date: Tue, 16 Jul 2024 19:06:18 +0200
Subject: [PATCH 4/5] trace log unobfuscated FHIR MeasureReport

---
 README.md   | 2 ++
 src/main.rs | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2de2579..a27acfb 100644
--- a/README.md
+++ b/README.md
@@ -58,6 +58,8 @@ Obfuscating zero counts is by default switched off. To enable obfuscating zero c
 
 Optionally, you can provide the `TLS_CA_CERTIFICATES_DIR` environment variable to add additional trusted certificates, e.g., if you have a TLS-terminating proxy server in place. The application respects the `HTTP_PROXY`, `HTTPS_PROXY`, `ALL_PROXY`, `NO_PROXY`, and their respective lowercase equivalents.
 
+Log level can be set using the `RUST_LOG` environment variable.
+
 ## Usage
 
 Creating a sample focus healthcheck task using curl (body can be any string and is ignored):
diff --git a/src/main.rs b/src/main.rs
index 1e4e423..5cc0d39 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -38,7 +38,7 @@ use std::time::{SystemTime, UNIX_EPOCH};
 use std::{process::exit, time::Duration};
 
 use serde::{Deserialize, Serialize};
-use tracing::{debug, error, warn};
+use tracing::{debug, error, warn, trace};
 
 // result cache
 type SearchQuery = String;
@@ -268,6 +268,8 @@ async fn run_cql_query(
 
             let cql_result = blaze::run_cql_query(&query.lib, &query.measure).await?;
 
+            trace!("MeasureReport with unobfuscated values: {}", &cql_result);
+
             let cql_result_new: String = match obfuscate {
                 true => obfuscate_counts_mr(
                     &cql_result,

From 1815977fad3599274192c1d946a8a8ae1248c4a8 Mon Sep 17 00:00:00 2001
From: Enola Knezevic <enola.knezevic@dkfz-heidelberg.com>
Date: Wed, 17 Jul 2024 09:12:33 +0200
Subject: [PATCH 5/5] warning added for trace level logs

---
 src/main.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main.rs b/src/main.rs
index 5cc0d39..33ff33b 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -103,6 +103,8 @@ pub async fn main() -> ExitCode {
     };
     banner::print_banner();
 
+    trace!("WARNING: You are running Focus in trace logging. This log level outputs unobfuscated result counts and is only intended for debugging the obfuscation. To avoid privacy risks, please check if that log level is appropriate. Consider using \"info\" or \"warn\".");
+
     let _ = CONFIG.api_key; // Initialize config
 
     tokio::select! {