Avoid retrieving all image from the server with arbitrary parameters

[cylien]

problem description

in start.html, adding query pentameters that are not defined in DICOMweb will cause a query of all metadata from a DICOMweb server. In this situation, BL will retrieve all images from the server. for example, as the following URL, the QIDO request will get all metadata of the DICOM objects in the server.

https://{host}/bluelight/bluelight/html/start.html?session_code=xxx

solution

1. adding a white list of query parameters before sending QIDO request to a server, filtering the undefined query parameters to avoid the situation described above.
2. after step 1, check the QIDO request if the request has no query parameter, then stop to query the server.

Adding a while list of the query parameters in QIDO

• search query parameters
• define a rule defined in DICOMweb. The syntax of the match Query Parameter shall be:

  match          = normal-match / uid-list-match
  normal-match   = 1*("&" attribute "=" value)
  uid-list-match = 1*("&" attribute "=" 1#value)
  attribute      = (attribute-id) *("." attribute-id)
  attribute-id   = tag *("." tag) / keyword *("." keyword)
  tag            = 8HEXDIG
  keyword= ;A keyword from [Table 6-1 “Registry of DICOM Data Elements” in PS3.6](https://dicom.nema.org/medical/dicom/current/output/chtml/part06/chapter_6.html#table_6-1).

  One or more DICOM Attribute/Values pairs specify the matching criteria for the search. Each search transaction defines which Attributes are required or permitted.

[cylien]

8770cc38279eed76a49f399bb0ca2fc779ed0016