Problem when the entity value attribute contain special character - fiware-orion

I have tied to insert in OCB an entity with a password attribute codified:
{
"id": "prueba-tipo-string2",
"type": "StringParser",
"dateObserved": {
"type": "DateTime",
"value": "2020-08-13T08:56:56.00Z"
},
"password": {
"type": "text",
"value": "U2FsdGVkX10bFP8Rj7xLAQDFwMBphXpK/+leH3mlpQ="
}
}
OCB always response to me with the following error:
"found a forbidden character in the value of an attribute"
In Postman
{
"error": "BadRequest",
"description": "Invalid characters in attribute value"
}

Orion restricts the usage of some characters due to security reasons (script injections attack in some circumstances), see this piece of documentation. In particular, the = you have in the password attribute value.
You can avoid this, for instance, by encoding the password in base 64, or using URL encoding before storing it in Orion.
Another alternative using TextUnrestricted in attribute type. This special attribute type does not check if the attribute value contains a forbidden character. However, it could have security implications, use it at your own risk!

Related

Azdo custom task string input default value not to adhere reg exp validation

I'm creating a custom task and in the task.json I got this input:
{
"name": "testUrl",
"type": "string",
"required": false,
"label": "Test Url",
"defaultValue": "",
"visibleRule": "requiresTest = True",
"validation": {
"expression": "isMatch(value, '^https?:\/\/','IgnoreCase')",
"message": "Supplied string must be an absoulte url only"
}
}
This input is optional and has a default value of an empty string. The problem is that if the user doesn't set it, the value of an empty string does not meet the requirement of the reg exp (which forces the input to be an absolute uri only , which is what I want). The task then fails because of that input.
Is there a way to have an initial value which won't be validated against the validation expression until the user try to edit it? I don't want to have a default value in a form of a url, but leave it an empty string.

Azdo custom task extension definition of string input with a regular expression doesn't work

I have an Azure custom task implemented with Typescript with a task.json containing a string input which is supposed to get a semantic version:
{
"name": "version",
"type": "string",
"required": true,
"label": "Version",
"defaultValue": "",
"helpMarkDown": "",
"pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
},
Even though the regex for the version is defined (and the regex itself is correct and taken from the semantic version's official docs), the user can still enter whatever string he wants with no limitation and no error message is shown.
How do I make the input show an error message when the user enters an input which does not match the regular expression?
You need to use the validation.expression and message, like in this example:
https://github.com/microsoft/azure-pipelines-tasks/blob/b0e99b6d8c7d1b8eba65d9ec08c118832a5635e3/Tasks/KubernetesManifestV0/task.json#L90
"validation": {
"expression": "isMatch(value, '(^(([0-9]|[1-9][0-9]|100)(\\.\\d*)?)$)','Multiline')",
"message": "Enter valid percentage value i.e between 0 to 100."
}
See also:
https://github.com/Microsoft/azure-pipelines-tasks/blob/master/docs/taskinputvalidation.md

Is there a way to stop Autorest.Powershell from flattening response objects?

I have a response object in my swagger.json file that includes a nested object as one of its fields. When I use Autorest.Powershell to generate a client for this API, it flattens the nested object. So when the service returns the following response:
{
"code": 200,
"status": "OK",
"data": {
"FileName": "gameserver.zip",
"AssetUploadUrl": "https://example.com"
}
}
my Autorest.Powershell client returns a flattened object like this:
{
"code": 200,
"status": "OK",
"dataFileName": "gameserver.zip",
"dataAssetUploadUrl": "https://example.com"
}
Is there some sort of configuration setting I can use to disable this behavior?
Here are the relevant portions of my swagger.json file, if it helps:
"definitions": {
"GetAssetUploadUrlResponse": {
"type": "object",
"properties": {
"AssetUploadUrl": {
"description": "The asset's upload URL.",
"type": "string"
},
"FileName": {
"description": "The asset's file name to get the upload URL for.",
"type": "string"
}
},
"example": {
"FileName": "gameserver.zip",
"AssetUploadUrl": "https://example.com"
}
}
},
"responses": {
"GetAssetUploadUrlResponse": {
"description": "",
"schema": {
"type": "object",
"properties": {
"code": {
"type": "integer",
"description": "The Http status code. If X-ReportErrorAsSuccess header is set to true, this will report the actual http error code."
},
"status": {
"type": "string",
"description": "The Http status code as a string."
},
"data": {
"$ref": "#/definitions/GetAssetUploadUrlResponse"
}
},
"example": {
"code": 200,
"status": "OK",
"data": {
"FileName": "gameserver.zip",
"AssetUploadUrl": "https://example.com"
}
}
}
}
}
There are several ways, none of which is really straightforward (as, I'm starting to believe, is the case with most things AutoRest-related; sorry, couldn't resist :-P ).
There are three semi-official ways. Semi-official here means they are based on public AutoRest mechanism but are not themselves documented. Being semi-official, they might only work with certain versions of AutoRest components, so, here are the ones I used
(from autorest --info):
#autorest/core (3.0.6369)
#autorest/modelerfour (4.15.414)
#autorest/powershell (3.0.421)
Finally, here are the relevant parts of AutoRest's code base: inline properties plug-in and configuration directive definition
inlining-threshold setting
This setting control the maximum number of properties an inner object could have for it to be considered eligible for inlining. You can set it either on the command line or in the "literate config" .md file.
```yaml
inlining-threshold: 0
```
In theory, setting this to 0 should prevent any inner member's properties from being inlined, however the plug-in has a hard-coded exception that if the inner object is in a property that's itself named properties then the limit is ignored and it's still flattened.
definitions:
SomeSchema:
type: "object"
properties:
detail_info: # <-- threshold honored
$ref: "#/definitions/InfoSchema"
properties: # <-- this is always flattened because of its special name
$ref: "#/definitions/OtherSchema"
no-inline directive
The PowerShell AutoRest plug-in also defines a custom directive that is used to specify that certain schemas should never be inlined. Using "literate config", it goes like
```yaml
directive:
- no-inline:
- OtherSchema
- ThirdSchema
```
The pros of this approach are that the no-inline directive overrides the "always inline properties in a property named properties" exception mentioned above, so it can be used to alleviate the problem.
The cons are that all schema names should be listed explicitly. (It seems the directive should also support Rx name expression but I couldn't get no-inline: ".*" to work)
Low-level transform
This is approach disables inlining unconditionally in all cases, however it is coupled to the specific internal code model used by AutoRest. (In principle, the model should be stable, at least within major versions). It also relies on the PowerShell plug-in using a specific (non-contractual) property to flag schemas excluded from inlining.
```yaml
directive:
- from: code-model-v4-no-tags
where: $.schemas.objects.*
transform: |
$.language.default['skip-inline'] = true;
```

Can't post node that requires a pre assigned value with services api

I have setup a content type with a subject field that has pre assigned values in a dropdown field.
I am using the services api to post new content from a polymer app.
When I POST to the api I send the field structure and value in json but get and error.
"406 (Not Acceptable : An illegal choice has been detected. Please contact the site administrator.)"
Even though the object I am sending matches one of the required values in the field.
Do I need to prefix the value with something? I assume I'm posting to the right place to get that response but don't know why it would accept anything other than the string value.
Here is what I sent to the api which is picked up by my Charles proxy.
{
"node": {
"type": "case",
"title": "my case",
"language": "und",
"field_subject": {
"und": {
"0": {
"value": "subject1"
}
}
},
"body": {
"und": {
"0": {
"value": "my details of subject"
}
}
}
}
}
And here is an example of what I have setup in my Drupal field
subject1| first
subject2| second
subject3| third
subject4| forth
For anyone else with the same problem, this subject is poorly documented, but the answer is simple, my subject did not need the value key despite devel suggesting thats how it would be formatted.
"field_subject": {
"und": [
"subject1"
]
}
I could also shorten my code with "und" being an array.

datatype of complextype entity is null when returning an array of complex types

We have created a complextype field "carriers" which is an array of Carrier objects. See below metadata
"dataProperties": [
{
"name": "carriers",
"complexTypeName":"Carrier#Test",
"isScalar":false
}]
The Carrier entity is defined as below:
{
"shortName": "Carrier",
"namespace": "Test",
"isComplexType": true,
"dataProperties": [
{
"name": "Testing",
"isScalar":true,
"dataType": "String"
}
]
}
We are trying to return an array of complextype in breeze from a REST service call. We get an error in breeze.debug.js in the method proto._updateTargetFromRaw. The error is because the datatype is null.
Any idea how to fix this issue?
I'm guessing the problem is in your "complexTypeName". You wrote "Carrier#Test" when I think you meant to write "Carrier:#Test". The ":#" combination separates the "short name" from the namespace; you omitted the colon.
Hope that's the explanation.