public void ShouldAnonymizePNGFile()
{
string filePathToRead = @"../../../Data/Plan.png";
string filePathToWrite = @"../../../Data/PlanAnonymized.png";
Anonymizer.Anonymize(filePathToRead, filePathToWrite);
}
internal ImageManager(string userImagePath)
{
Logger.Debug($"Helios will load user images from {Anonymizer.Anonymize(userImagePath)}");
_documentImagePath = userImagePath;
_documentImageUri = new Uri(userImagePath);
_xamlFirewall = new XamlFirewall();
}
static void Main(string[] args)
{
// Create ByteScout.DocumentAnonymizer.Anonymizer object instance.
Anonymizer anonymizer = new Anonymizer();
// Load document.
anonymizer.LoadDocument(@".\invoice.pdf");
// Setup anonymization:
anonymizer.AnonymizeCompanyNames = true;
anonymizer.AnonymizePhoneNumbers = true;
anonymizer.AnonymizePersons = true;
anonymizer.AnonymizePersonalIDs = true;
anonymizer.AnonymizeAddresses = true;
anonymizer.AnonymizeEmails = true;
// Set anonymization type.
anonymizer.AnonymizationType = AnonymizationType.Randomizing; // or AnonymizationType.DummyValues
// Perform anonymization.
anonymizer.Anonymize();
// Save anonymized document.
anonymizer.SaveDocument(@".\result.pdf");
// Cleanup.
anonymizer.Dispose();
}
private void AnonymizeButton_Click(object sender, EventArgs e)
{
if (SaveFileDialog.ShowDialog() == DialogResult.OK)
{
Anonymizer.Anonymize(FilepathTextBox.Text, SaveFileDialog.FileName);
}
}
private static ImageSource LoadXamlResource(Uri imageUri, int?width, int?height)
{
Logger.Debug("XAML being loaded as vector drawing from trusted resource {URI}", Anonymizer.Anonymize(imageUri));
StreamResourceInfo streamResourceInfo = Application.GetResourceStream(imageUri);
if (streamResourceInfo == null)
{
// these are supposed to be in our assembly, so log as error
Logger.Error("could not resolve XAML image at {URI}", Anonymizer.Anonymize(imageUri));
return(null);
}
Stream xamlStream = streamResourceInfo.Stream;
if (xamlStream == null)
{
// these are supposed to be in our assembly, so log as error
Logger.Error("XAML image not found at {URI}", Anonymizer.Anonymize(imageUri));
return(null);
}
using (xamlStream)
{
Canvas canvas = (Canvas)XamlReader.Load(xamlStream);
return(RenderXaml(canvas, width, height));
}
}
public void Should_Not_Shift_Observation_EffectiveDate_Null()
{
var pepper = Guid.NewGuid();
var obs = new ObservationDatasetRecord { Salt = Guid.NewGuid() };
var anon = new Anonymizer<ObservationDatasetRecord>(pepper);
anon.Anonymize(obs);
Assert.Null(obs.EffectiveDate);
}
public void Should_Mask_Observation_PersonId_And_EncounterId()
{
var pepper = Guid.NewGuid();
var obs = new ObservationDatasetRecord { Salt = Guid.NewGuid(), PersonId = "abc123", EncounterId = "def456" };
var anon = new Anonymizer<ObservationDatasetRecord>(pepper);
anon.Anonymize(obs);
Assert.NotEqual("abc123", obs.PersonId);
Assert.NotEqual("def456", obs.EncounterId);
}
public void Should_Mask_Encounter_PersonId_And_EncounterId()
{
var pepper = Guid.NewGuid();
var enc = new EncounterDatasetRecord { Salt = Guid.NewGuid(), PersonId = "abc123", EncounterId = "def456" };
var anon = new Anonymizer<EncounterDatasetRecord>(pepper);
anon.Anonymize(enc);
Assert.NotEqual("abc123", enc.PersonId);
Assert.NotEqual("def456", enc.EncounterId);
}
public void Should_Not_Shift_Encounter_AdmitDate_And_DischargeDate_Null()
{
var pepper = Guid.NewGuid();
var enc = new EncounterDatasetRecord { Salt = Guid.NewGuid() };
var anon = new Anonymizer<EncounterDatasetRecord>(pepper);
anon.Anonymize(enc);
Assert.Null(enc.AdmitDate);
Assert.Null(enc.DischargeDate);
}
public void Should_Shift_Observation_EffectiveDate_NotNull()
{
var pepper = Guid.NewGuid();
var obs = new ObservationDatasetRecord { Salt = Guid.NewGuid(), EffectiveDate = new DateTime(2018, 12, 14, 10, 33, 00) };
var anon = new Anonymizer<ObservationDatasetRecord>(pepper);
anon.Anonymize(obs);
Assert.NotNull(obs.EffectiveDate);
Assert.NotEqual(new DateTime(2018, 12, 14, 10, 33, 00), obs.EffectiveDate);
Assert.Equal(33, obs.EffectiveDate.Value.Minute);
}
Func <ProcedureDatasetRecord, Procedure> GetConverter(bool anonymize)
{
if (anonymize)
{
var anon = new Anonymizer <ProcedureDatasetRecord>(Pepper);
return((rec) =>
{
anon.Anonymize(rec);
return rec.ToProcedure();
});
}
return((rec) => rec.ToProcedure());
}
Func <ConditionDatasetRecord, Condition> GetConverter(bool anonymize)
{
if (anonymize)
{
var anon = new Anonymizer <ConditionDatasetRecord>(Pepper);
return((rec) =>
{
anon.Anonymize(rec);
return rec.ToCondition();
});
}
return((rec) => rec.ToCondition());
}
Func <EncounterDatasetRecord, Encounter> GetConverter(bool anonymize)
{
if (anonymize)
{
var anon = new Anonymizer <EncounterDatasetRecord>(Pepper);
return((rec) =>
{
anon.Anonymize(rec);
return rec.ToEncounter();
});
}
return((rec) => rec.ToEncounter());
}
Func <AllergyDatasetRecord, Allergy> GetConverter(bool anonymize)
{
if (anonymize)
{
var anon = new Anonymizer <AllergyDatasetRecord>(Pepper);
return((rec) =>
{
anon.Anonymize(rec);
return rec.ToAllergy();
});
}
return((rec) => rec.ToAllergy());
}
Func <MedicationRequestDatasetRecord, MedicationRequest> GetConverter(bool anonymize)
{
if (anonymize)
{
var anon = new Anonymizer <MedicationRequestDatasetRecord>(Pepper);
return((rec) =>
{
anon.Anonymize(rec);
return rec.ToMedicationRequest();
});
}
return((rec) => rec.ToMedicationRequest());
}
public string MakeImagePathAbsolute(string fileName)
{
if (string.IsNullOrEmpty(fileName))
{
return(null);
}
if (fileName.StartsWith("pack:"))
{
return(fileName);
}
if (Path.IsPathRooted(fileName))
{
// absolute file path, we can check this
if (File.Exists(fileName))
{
return(fileName);
}
}
else
{
if (fileName.StartsWith("{"))
{
int closingIndex = fileName.IndexOf('}');
if (closingIndex > -1)
{
// reference to an assembly by name, convert to pack URI
string assembly = fileName.Substring(1, closingIndex - 1);
return("pack://application:,,,/" + assembly + ";component" +
fileName.Substring(closingIndex + 1));
}
}
// First check the users images directory
string loadName = Path.Combine(_documentImagePath, fileName);
if (File.Exists(loadName))
{
return(loadName);
}
// these load failures happen during deserialization, so we have no idea if they should be warnings or not
// unless we configure this with a control center preference
//
// we cannot configure it from the Profile Interface's settings, because that has not been loaded yet
Logger.Info("referenced user image not found at {loadName}", Anonymizer.Anonymize(loadName));
}
return("");
}
Func <EncounterDatasetRecord, Encounter> GetConverter(bool anonymize, DeidentificationOptions opts)
{
if (anonymize)
{
var shift = opts.Patient.DateShifting;
var anon = new Anonymizer <EncounterDatasetRecord>(Pepper, shift.Increment.ToString(), shift.LowerBound, shift.UpperBound);
return((rec) =>
{
anon.Anonymize(rec);
return rec.ToEncounter();
});
}
return((rec) => rec.ToEncounter());
}
public void Should_Shift_Encounter_AdmitDate_And_DischargeDate_NotNull()
{
var pepper = Guid.NewGuid();
var enc = new EncounterDatasetRecord { Salt = Guid.NewGuid(), AdmitDate = new DateTime(2018, 12, 13, 10, 33, 00), DischargeDate = new DateTime(2018, 12, 14, 10, 33, 00) };
var anon = new Anonymizer<EncounterDatasetRecord>(pepper);
var diff = enc.DischargeDate.Value.Subtract(enc.AdmitDate.Value).Minutes;
anon.Anonymize(enc);
Assert.NotNull(enc.AdmitDate);
Assert.NotNull(enc.DischargeDate);
Assert.NotEqual(new DateTime(2018, 12, 13, 10, 33, 00), enc.AdmitDate);
Assert.NotEqual(new DateTime(2018, 12, 14, 10, 33, 00), enc.DischargeDate);
Assert.Equal(diff, enc.DischargeDate.Value.Subtract(enc.AdmitDate.Value).Minutes);
}
private ImageSource DoLoadImage(string uri, int?width, int?height, LoadImageOptions options)
{
// parse as URI and check for existence of file, return Uri for resource that exists
// or null (note: resource is not necesarily allowed to be read)
Uri imageUri = GetImageUri(uri);
if (imageUri == null)
{
return(null);
}
// based on protocol/scheme, check to make sure source location is permitted
if (!CheckImageLocationSecurity(imageUri))
{
return(null);
}
if (uri.EndsWith(".xaml"))
{
return(imageUri.Scheme == "pack" ? LoadXamlResource(imageUri, width, height) : LoadXamlFile(imageUri, width, height));
}
Logger.Debug("image being loaded from {URI}", Anonymizer.Anonymize(imageUri));
BitmapImage image = new BitmapImage();
image.BeginInit();
// Don't keep disk files open, because we may want to change them. But it is ok to lazy load from embedded resources that can't change.
image.CacheOption = imageUri.Scheme == "pack" ? BitmapCacheOption.OnDemand : BitmapCacheOption.OnLoad;
// Override BitMapCreateOptions but only for certain controls that require a reload of images
image.CreateOptions = options.HasFlag(LoadImageOptions.ReloadIfChangedExternally) ? BitmapCreateOptions.IgnoreImageCache : BitmapCreateOptions.DelayCreation;
image.UriSource = imageUri;
// REVISIT: not clear if it is legal to set decoding in just one axis but we will find out if anyone ever uses this function with only one scaling factor
if (width.HasValue)
{
image.DecodePixelWidth = Math.Max(1, width.Value);
}
if (height.HasValue)
{
image.DecodePixelHeight = Math.Max(1, height.Value);
}
image.EndInit();
return(image);
}
internal bool TryApply(string source, out string patched, out string status, out string expected)
{
status = null;
if (_patches.Count < 1)
{
// don't bother running the code below with zero sized arrays
ConfigManager.LogManager.LogInfo($"ignoring empty patch for '{Anonymizer.Anonymize(TargetPath)}'");
expected = null;
patched = source;
return(true);
}
bool[] applied = GooglePatchApply(source, _patches, out patched, out List <Patch> effectivePatches, out diff_match_patch.PatchResult[] resultCodes);
for (int i = 0; i < applied.Length; i++)
{
if (!applied[i])
{
status = $"failed to apply patch to {TargetPath}: {resultCodes[i]}{Environment.NewLine}The patch could not locate the expected content section (searching near character {effectivePatches[i].start1}):";
IEnumerable <string> expectedText = effectivePatches[i].diffs
.Where(diff => diff.operation != Operation.INSERT)
.Select(diff => diff.text);
expected = string.Join("", expectedText);
return(false);
}
switch (resultCodes[i])
{
case diff_match_patch.PatchResult.UNKNOWN:
throw new Exception($"invalid result code from application of {effectivePatches[i]}");
case diff_match_patch.PatchResult.APPLIED_PERFECT:
break;
case diff_match_patch.PatchResult.APPLIED_IMPERFECT:
status = "patch imperfectly matched input, but was applied";
break;
default:
throw new Exception(
$"patch should not have returned success with result code {resultCodes[i]}");
}
}
expected = null;
return(true);
}
private ImageSource LoadXamlFile(Uri imageUri, int?width, int?height)
{
Logger.Debug("XAML being loaded as vector drawing from {URI}", Anonymizer.Anonymize(imageUri));
using (Stream xamlStream = new FileStream(imageUri.AbsolutePath, FileMode.Open))
{
try
{
Canvas canvas = _xamlFirewall.LoadXamlDefensively <Canvas>(xamlStream);
return(RenderXaml(canvas, width, height));
}
catch (XamlFirewall.DisallowedElementException ex)
{
Logger.Error("attempt to load XAML {URI} that did not contain simple drawing code denied. {Element} is not allowed.",
imageUri, ex.ElementName);
return(null);
}
}
}
Func <PatientDemographicRecord, PatientDemographic> GetExportConverter(bool anonymize)
{
if (anonymize)
{
var anon = new Anonymizer <PatientDemographicRecord>(Pepper);
return((rec) =>
{
anon.Anonymize(rec);
rec.Age = rec.CalculateAge();
return rec.ToAnonymousPatientDemographic();
});
}
return((rec) =>
{
rec.Age = rec.CalculateAge();
return rec.ToIdentifiedPatientDemographic();
});
}
Func <PatientDemographicRecord, PatientDemographic> GetExportConverter(bool anonymize, DeidentificationOptions opts)
{
if (anonymize)
{
var shift = opts.Patient.DateShifting;
var anon = new Anonymizer <PatientDemographicRecord>(Pepper, shift.Increment.ToString(), shift.LowerBound, shift.UpperBound);
return((rec) =>
{
anon.Anonymize(rec);
rec.Age = rec.CalculateAge();
return rec.ToAnonymousPatientDemographic();
});
}
return((rec) =>
{
rec.Age = rec.CalculateAge();
return rec.ToIdentifiedPatientDemographic();
});
}
public IList <StatusReportItem> ReadResults()
{
if (_client == null)
{
throw new Exception("tried to read results from elevated process before executing it");
}
if (_process == null)
{
return(ReportError($"The executable {Anonymizer.Anonymize(_executablePath)} to be run as administrator was not found"));
}
try
{
_client.Connect(ConnectTimeout);
}
catch (TimeoutException)
{
Logger.Error("start up of elevated process {Path} timed out", _executablePath);
return(ReportError($"The elevated process {_executablePath} failed to respond within the permissible timeout"));
}
try
{
_client.ReadMode = PipeTransmissionMode.Message;
using (OneMessageStream oneMessage = new OneMessageStream(_client))
using (StreamReader reader = new StreamReader(oneMessage))
using (JsonTextReader jsonReader = new JsonTextReader(reader))
{
JsonSerializer json = new JsonSerializer();
return(json.Deserialize <StatusReportItem[]>(jsonReader) ??
ReportError($"The elevated process {_executablePath} failed to return any result"));
}
}
catch (InvalidOperationException ex)
{
Logger.Error(ex, "connection to elevated process {Path} failed", _executablePath);
return(ReportError($"The elevated process {_executablePath} failed to return a valid status report"));
}
catch (Exception ex)
{
Logger.Error(ex, "unexpected exception from IPC with elevated process {Path}", _executablePath);
return(ReportError($"The elevated process {_executablePath} failed in an unexpected way"));
}
}
private DicomDataSet Anonymize()
{
DicomDataSet dsAnonymized = new DicomDataSet();
try
{
DicomElement pixelData = null;
pixelData = _ActiveDataSet.FindFirstElement(null, DicomTag.PixelData, true);
_Anonymizer.BlackoutRects.Clear();
if (toolStripButtonRedact.Checked && pixelData != null && _ActiveDataSet.GetImageCount(pixelData) > 0)
{
using (SelectBlackoutRectsDialog dlgRects = new SelectBlackoutRectsDialog(_ActiveDataSet))
{
if (dlgRects.ShowDialog(this) == DialogResult.OK && dlgRects.BlackoutRects.Count > 0)
{
_Anonymizer.BlackoutRects.AddRange(dlgRects.BlackoutRects);
}
}
}
if (_ActiveDataSet.InformationClass != DicomClassType.BasicDirectory)
{
dsAnonymized.Copy(_ActiveDataSet, null, null);
ToggleProgress(true);
_Anonymizer.Anonymize(dsAnonymized);
ShowDifference(_ActiveDataSet, dsAnonymized);
}
}
catch (Exception exception)
{
Messager.ShowError(this, exception);
}
finally
{
ToggleProgress(false);
}
return(dsAnonymized);
}
public static void Anonymize(this DicomDataSet dataset)
{
_Anonymizer.Anonymize(dataset);
}
public InstallationResult Install(IInstallationCallbacks2 callbacks)
{
ProfileManifest16 manifest = null;
try
{
using (ZipArchive archive = ZipFile.Open(_archivePath, ZipArchiveMode.Read))
{
ZipArchiveEntry manifestEntry = archive.Entries.FirstOrDefault(entry =>
entry.FullName.Equals(MANIFEST_PATH, StringComparison.CurrentCultureIgnoreCase));
if (manifestEntry != null)
{
manifest = LoadManifest(manifestEntry);
if (manifest == null)
{
// this cannot happen because we would get a parse failure? maybe empty file?
throw new Exception($"JSON manifest {MANIFEST_PATH} could not be parsed");
}
// see if we are allowed to install this package
if (!CheckVersionRequirements(manifest, out IList <StatusReportItem> problems))
{
if (RunningVersion.IsDevelopmentPrototype ||
ConfigManager.SettingsManager.LoadSetting("ArchiveInstall", "VersionOverride", false))
{
InstallationPromptResult result = callbacks.DangerPrompt($"{ArchivePath} Installation",
"Installation requirements are not met. Do you want to install anyway?", problems);
if (result == InstallationPromptResult.Cancel)
{
return(InstallationResult.Canceled);
}
}
else
{
callbacks.Failure($"{ArchivePath} cannot be installed", "Installation requirements are not met", problems);
return(InstallationResult.Canceled);
}
}
// present welcome screen, if applicable
if (!ShowWelcome(callbacks, manifest))
{
callbacks.Failure($"{ArchivePath} installation canceled", "Installation canceled by user", new List <StatusReportItem>());
return(InstallationResult.Canceled);
}
// process selection and build exclusion list
foreach (Choice choice in manifest.Choices)
{
// filter options based on version requirements
List <StatusReportItem> details = new List <StatusReportItem>();
foreach (Option option in choice.Options)
{
if (!CheckVersionRequirements(option, out IList <StatusReportItem> optionDetails))
{
// this option is not allowed
details.AddRange(optionDetails);
option.IsValid = false;
option.ValidityNarrative = "Version requirements not met";
}
}
// check if we still have viable choices
if (!choice.Options.Any())
{
callbacks.Failure($"{ArchivePath} cannot be installed", "None of the options for a required choice are valid for your installation.", details);
return(InstallationResult.Fatal);
}
// fix up dialog if not specified
choice.Message = choice.Message ?? "The Profile Archive being installed contains multiple versions of some of its files. Please choose one version to install:";
// wait for response
Option selected = PresentChoice(choice);
// check if dialog closed or canceled
if (selected == null)
{
return(InstallationResult.Canceled);
}
// process results
if (selected?.PathExclusions != null)
{
foreach (string path in selected.PathExclusions)
{
_pathExclusions.Add(path);
}
}
}
}
// first check if we have a whole lot of writable files, in which case ask the user if the overwrite strategy should be changed
CheckForFirstArchiveInstall(archive);
// now unpack everything
IList <StatusReportItem> report = archive.Entries
.Where(NotFilteredVerbose)
.Select(Unpack)
.Where(item => item != null)
.ToList();
callbacks.Success($"Installed {ArchivePath}",
$"Files were installed into {Anonymizer.Anonymize(ConfigManager.DocumentPath)}", report);
}
return(InstallationResult.Success);
}
catch (Exception ex)
{
callbacks.Failure($"Failed to install {ArchivePath}",
$"Attempt to install Helios Profile from '{Anonymizer.Anonymize(_archivePath)}' failed",
ReportException(ex));
return(InstallationResult.Fatal);
}
}
public override void WriteJson(JsonWriter writer, string value, JsonSerializer serializer)
{
writer.WriteValue(Anonymizer.Anonymize(value));
}
public PatchList SelectPatches(string patchesRoot, ref string selectedVersion, string patchSet)
{
if (!Directory.Exists(patchesRoot))
{
return(new PatchList());
}
string candidateVersion = "";
string candidatePatchSetPath = "";
foreach (string versionPath in Directory.EnumerateDirectories(patchesRoot, "???_???_?????_*",
SearchOption.TopDirectoryOnly))
{
string directoryVersion = Path.GetFileName(versionPath);
// ReSharper disable once AssignNullToNotNullAttribute versionPath is returned from directory enumeration and can't be null
string patchSetPath = Path.Combine(versionPath, patchSet);
if (!Directory.Exists(patchSetPath))
{
// patch set not included in this update
continue;
}
if (string.Compare(directoryVersion, Version, StringComparison.InvariantCulture) > 0)
{
// patches are only for later version of DCS
continue;
}
if (string.Compare(directoryVersion, candidateVersion, StringComparison.InvariantCulture) <= 0)
{
// we already have a better match
continue;
}
if (selectedVersion != null && string.Compare(directoryVersion, selectedVersion, StringComparison.InvariantCulture) <= 0)
{
// we found a better match in another location
continue;
}
candidateVersion = directoryVersion;
candidatePatchSetPath = patchSetPath;
}
if (candidatePatchSetPath == "")
{
if (selectedVersion != null)
{
ConfigManager.LogManager.LogInfo(
$"no additional {patchSet} patches for DCS {DisplayVersion} from {Anonymizer.Anonymize(patchesRoot)} based on selected patch version {selectedVersion}");
}
else
{
ConfigManager.LogManager.LogInfo(
$"current version of DCS {DisplayVersion} is not supported by any installed {patchSet} patch set from {Anonymizer.Anonymize(patchesRoot)}");
}
return(new PatchList());
}
ConfigManager.LogManager.LogInfo(
$"loading {patchSet} patches for DCS {DisplayVersion} from {Anonymizer.Anonymize(patchesRoot)} using version {candidateVersion} of the patches");
selectedVersion = candidateVersion;
return(PatchList.Load(candidatePatchSetPath));
}
public bool TryExecute()
{
// get a unique pipe name
string pipeName = Guid.NewGuid().ToString();
// work around MS problem described in https://stackoverflow.com/questions/32739224/c-sharp-unauthorizedaccessexception-when-enabling-messagemode-for-read-only-name
_client = new NamedPipeClientStream(".",
pipeName,
PipeAccessRights.ReadData | PipeAccessRights.WriteAttributes,
PipeOptions.None,
System.Security.Principal.TokenImpersonationLevel.None,
HandleInheritability.None);
// check for existing process
if (!File.Exists(_executablePath))
{
// NOTE: we will also report this when called for status
Logger.Error($"Elevation of privileges failed because the executable to be run as administrator does not exist: {Anonymizer.Anonymize(_executablePath)}");
return(false);
}
// create elevated process
string arguments = string.Join(" ", new[] { "-o", pipeName }.Concat(_args));
ProcessStartInfo startInfo = new ProcessStartInfo(_executablePath, arguments)
{
Verb = "runas",
UseShellExecute = true
};
try
{
_process = Process.Start(startInfo);
return(true);
}
catch (Win32Exception)
{
// NOTE: this is a normal case, don't log the exception
Logger.Error("Elevation of privileges to install patches failed or was canceled by the user");
return(false);
}
}
