Remove empty query params

[ruscoder]

Hi! GET /Patient?_id= will create request such as params: {_id: ''} and to handle it correctly we need to check that value != null and value != ''.

Security note
For Aidbox's users it leads to security issues when developers forgot to check minLength in policies, e.g.

    "properties": {
        "request-method": {
            "constant": "get",
        },
        "uri": {"constant": "/Patient"},
        "params": {
            "required": ["patient"],
        },
    }

and for GET /Patient?_id= this policy will allow the query, and the user will have an access to ALL patients in the system.

As workaround we use a bit enhanced policy, but it annoying to check minLength for required properties.

    "properties": {
        "request-method": {
            "constant": "get",
        },
        "uri": {"constant": "/Patient"},
        "params": {
            "required": ["patient"],
            "properties": {
                 "patient": {"minLength": 1}
            }
        },
    }

[kzotoff]

For some fields empty string may have another meaning: no entries to return.

For example, I generate some Patient ID set and want to get these entries so I just do GET /Patient?id=id-1,id-2,.... If set contains no elements, request will return all entries instead of none so I need to additionally check if my search set is not empty. It looks a bit inconsistent.

[ruscoder]

What do you think about it?

@ZaLLin @KGOH

I've updated description, added security risks

[Nesmeshnoy]

@ruscoder fixed. please check it and give us feedback.

[ruscoder]

Thanks! I'll test it

[Nesmeshnoy]

Keep us updated.

[ruscoder]

Works great!