Engagement/jessica/15896 radx mars deidentify

[JessicaWNava]

This PR updated the RADX Mars deidentification schema to meet their new spec.

Test Steps:

1. Make sure the integration tests pass.
2. Compare the changes to those requested here: https://www.nibib.nih.gov/covid-19/radx-tech-program/mars/hl7-message-de-identification-for-sending-to-hhs-protect

Changes

• Updated the deidentification transform
• Updated the corresponding integration test.

Checklist

Testing

• Tested locally?
• Ran ./prime test or ./gradlew testSmoke against local Docker ReportStream container?
• (For Changes to /frontend-react/...) Ran npm run lint:write?
• Added tests?

Process

• Are there licensing issues with any new dependencies introduced?
• Includes a summary of what a code reviewer should test/verify?
• Updated the release notes?
• Database changes are submitted as a separate PR?
• DevOps team has been notified if PR requires ops support?

Linked Issues

• Fixes #issue

To Be Done

Create GitHub issues to track the work remaining, if any

• #issue

Specific Security-related subjects a reviewer should pay specific attention to

• Does this PR introduce new endpoints?
  • new endpoint A
  • new endpoint B
• Does this PR include changes in authentication and/or authorization of existing endpoints?
• Does this change introduce new dependencies that need vetting?
• Does this change require changes to our infrastructure?
• Does logging contain sensitive data?
• Does this PR include or remove any sensitive information itself?

If you answered 'yes' to any of the questions above, conduct a detailed Review that addresses at least:

• What are the potential security threats and mitigations? Please list the STRIDE threats and how they are mitigated
  • Spoofing (faking authenticity)
    • Threat T, which could be achieved by A, is mitigated by M
  • Tampering (influence or sabotage the integrity of information, data, or system)
  • Repudiation (the ability to dispute the origin or originator of an action)
  • Information disclosure (data made available to entities who should not have it)
  • Denial of service (make a resource unavailable)
  • Elevation of Privilege (reduce restrictions that apply or gain privileges one should not have)
• Have you ensured logging does not contain sensitive data?
• Have you received any additional approvals needed for this change?

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details

Scanned Manifest Files

[github-actions]

Test Results

1 244 tests  +3   1 240 ✅ +3   8m 1s ⏱️ +11s
  162 suites ±0       4 💤 ±0 
  162 files   ±0       0 ❌ ±0 

Results for commit 2b6aa08. ± Comparison against base commit ffbe8be.

[sonarcloud]

Quality Gate failed

Failed conditions
8.5% Coverage on New Code (required ≥ 80%)
B Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

[github-actions]

Integration Test Results

 53 files  ±0   53 suites  ±0   27m 43s ⏱️ -1s
410 tests ±0  401 ✅ ±0  9 💤 ±0  0 ❌ ±0 
413 runs  ±0  404 ✅ ±0  9 💤 ±0  0 ❌ ±0 

Results for commit 2b6aa08. ± Comparison against base commit ffbe8be.