For Google Summer of Code with OpenMRS this week, I looked into setting up the programming environment with IntelliJ as my IDE, and locating the error in the code that made the previously mentioned XSS vulnerability possible.
Setting Up IntelliJ:
I had a few issues setting up IntelliJ initially as the Java settings I had on my previously installed version were not compatible with OpenMRS. I decided to reinstall IntelliJ and start again, setting it up to be fully compatible with the Java version supported by OpenMRS. This took m a while as I am quite new to IntelliJ and I had to research the settings that needed to change for it to work.
Getting the Code and Locating the Error:
I successfully used Git and GitHub to clone the code I needed from the Manage Appointments section of the Appointment Scheduling part of the application, and opened this in IntelliJ. It took a bit of time to find the code, but once I found the src folder it was easy for me to navigate to the correct manageAppointments.gsp page. I read through the code in the page and located the line I believe to be the cause of the error — next week I plan to make changes to this to see if it is indeed the cause, and if it is, to fix it.
This week I got more to grips with how the whole system works, and hopefully from next week I can make progress more quickly.