While using https://github.com/sewenew/redis-plus-plus as library for talking to redis, the following question came up.
How would you escape user send data, which should be saved as a value of e.g. a json object (in order to not allow redis command injection)?
json.set doc $ '{"key": "value"}'
The user could send:
val\"ue
as a new value for key.
I'm using the raw command for json.set in redis-plus-plus and had to pass it like this in order to get processed correctly by redis (value below would be the string val"ue):
m_pDb->jsonSet(key, "$.key", "\"" + value + "\"");
which calls this funtion:
void result(const std::vector<std::string>& cmd)
{
auto val = m_pRedis->command(cmd.cbegin(), cmd.cend());
ue could now be interpreted as further redis command.
If I'm not wrong the command would at the end be like this:
json.set doc $.key "val"ue"
The point is, it should not be possible to "escape" out of the value and cause an parser error or whatever.
Is value passed wrong? Is there some build in escaping?
Should every possible injection escaped by the developer?
Using Jmeter, I'm passing values to a webservice through a REST API. On Success the API updates the values to a mongo DB.
While Asserting using JMeter BeanShell Assertion..I want to display the values sent in the Request and values Stored in the DB.
Im Using the below Script..
String req_data="${Request_Configuration}";
String res_data="${mongo_db_Configuration}";
if(res_data.equalsIgnoreCase(req_data)){
Failure=false;
FailureMessage = "Data stored in DB is correct";
System.out.println("ReqData="+req_data);
System.out.println("ResData="+res_data);
}
else{
Failure = true;
FailureMessage = "Data Stored in DB is NOT correct";
System.out.println("ReqData="+req_data);
System.out.println("ResData="+res_data);
}
Im Just not able to Print ReqData and ResData. Please help out.
You have a problem in your script. In Beanshell you cannot access variables like ${Request_Configuration}, you need to use vars.get("Request_Configuration") instead.
vars is a shorthand for JMeterVariables class instance for current context.
So your Beanshell Assertion code should look as follows:
String req_data=vars.get("Request_Configuration");
String res_data=vars.get("mongo_db_Configuration");
if(res_data.equalsIgnoreCase(req_data)){
Failure=false;
FailureMessage = "Data stored in DB is correct";
System.out.println("ReqData="+req_data);
System.out.println("ResData="+res_data);
}
else{
Failure = true;
FailureMessage = "Data Stored in DB is NOT correct";
System.out.println("ReqData="+req_data);
System.out.println("ResData="+res_data);
}
I would also suggest using log.info() instead of System.out.println() as in that case results will go to jmeter.log file and won't be "eaten" by exceeding screen buffer size.
See How to use BeanShell: JMeter's favorite built-in component guide for more information on Beanshell scripting and various JMeter API objects exposed to Beanshell explanation.
Use log.info()
Example
log.info("myVariable: " + vars.get("myVariable"));
My use case:
I did use the following code snipped in a BeanShell Assertion within my HTTP Request-sampler to print out my three variables id, type and value:
log.info(Thread.currentThread().getName()+": " + SampleLabel + ": id: " + vars.get("id"));
log.info(Thread.currentThread().getName()+": " + SampleLabel + ": +-type: " + vars.get("type"));
log.info(Thread.currentThread().getName()+": " + SampleLabel + ": +-value: " + vars.get("value"));
Printing also the built-in SampleLabel variable gives you the hint from which sampler you logged this information.
Is there a way to search all the mappings, sessions, etc. in Informatica for a text string contained within a SQL override?
For example, suppose I know a certain stored procedure (SP_FOO) is being called somewhere in an INFA process, but I don't know where exactly. Somewhere I think there is a Post SQL on a source or target calling it. Could I search all the sessions for Post SQL containing SP_FOO ? (Similar to what I could do with grep with source code.)
You can use Repository queries for querying REPO tables(if you have enough access) to get data related with all the mappings,transformations,sessions etc.
Please use the below link to get almost all kind of repo queries.Ur answers can be find in the below link.
https://uisapp2.iu.edu/confluence-prd/display/EDW/Querying+PowerCenter+data
select *--distinct sbj.SUBJECT_AREA,m.PARENT_MAPPING_NAME
from REP_SUBJECT sbj,REP_ALL_MAPPINGS m,REP_WIDGET_INST w,REP_WIDGET_ATTR wa
where sbj.SUBJECT_ID = m.SUBJECT_ID AND
m.MAPPING_ID = w.MAPPING_ID AND
w.WIDGET_ID = wa.WIDGET_ID
and sbj.SUBJECT_AREA in ('TLR','PPM_PNLST_WEB','PPM_CURRENCY','OLA','ODS','MMS','IT_METRIC','E_CONSENT','EDW','EDD','EDC','ABS')
and (UPPER(ATTR_VALUE) like '%PSA_CONTACT_EVENT%'
-- or UPPER(ATTR_VALUE) like '%PSA_MEMBER_CHARACTERISTIC%'
-- or UPPER(ATTR_VALUE) like '%PSA_REPORTING_HH_CHRSTC%'
-- or UPPER(ATTR_VALUE) like '%PSA_REPORTING_MEMBER_CHRSTC%'
)
--and m.PARENT_MAPPING_NAME like '%ARM%'
order by 1
Please let me know if you have any issues.
Another less scientific way to do this is to export the workflow(s) as XML and use a text editor to search through them for the stored procedure name.
If you have read access to the schema where the informatica repository resides, try this.
SELECT DISTINCT f.subj_name folder, e.mapping_name, object_type_name,
b.instance_name, a.attr_value
FROM opb_widget_attr a,
opb_widget_inst b,
opb_object_type c,
opb_attr d,
opb_mapping e,
opb_subject f
WHERE a.widget_id = b.widget_id
AND b.widget_type = c.object_type_id
AND ( object_type_name = 'Source Qualifier'
OR object_type_name LIKE '%Lookup%'
)
AND a.widget_id = b.widget_id
AND a.attr_id = d.attr_id
AND c.object_type_id = d.object_type_id
AND attr_name IN ('Sql Query')--, 'Lookup Sql Override')
AND b.mapping_id = e.mapping_id
AND e.subject_id = f.subj_id
AND a.attr_value is not null
--AND UPPER (a.attr_value) LIKE UPPER ('%currency%')
Yes. There is a small java based tool called Informatica Meta Query.
Using that tool, you can search for any information that is present in the Informatica meta data tables.
If you cannot find that tool, you can write queries directly in the Informatica Meta data tables to get the required information.
Adding few more lines to solution provided by Data Origin and Sandeep.
It is highly advised not to query repository tables directly. Rather, you can create synonyms or views and then query those objects to avoid any damage to rep tables.
In our dev/ prod environment application programmers are not granted any direct access to repo. tables.
As querying the Informatica database isn't the best idea, I would suggest you to export all the workflows in your folder into xml using Repository Manager. From Rep Mgr you can select all of them once and export them at once. Then write a java program to search the pattern from the xml's you have.
I have written a sample prog here, please modify it as per your requirement:
make a spec file with workflow names(specFileName).
main()
{
try {
File inFile = new File(specFileName);
BufferedReader reader = new BufferedReader(newFileReader(infile));
String tectToSearch = '<YourString>';
String currentLine;
while((currentLine = reader.readLine()) != null)
{
//trim newline when comparing with String
String trimmedLine = currentLine.trim();
if(currentline has the string pattern)
{
SOP(specFileName); //specfile name
}
}
reader.close();
}
catch(IOException ex)
{
System.out.println("Error reading to file '" + specFileName +"'");
}
}
In PHP it is very simple to check, if a variable has been transmitted via GET or POST. With the cgicc library they all look the same. Is there another possibility to read only GET or only POST variables?
My Code:
cgicc:Cgicc cgiobj;
std::cout << "Both, post or get: " << cgiobj("variablename") << std::endl;
I had the same question so I looked for a solution in the cgicc documentation.
Class CgiEnvironment provides getRequestMethod() which returns "GET" or "POST" accordingly to your request.
eg.
cgicc::Cgicc cgi;
cgicc::CgiEnvironment env = cgi.getEnvironment();
std::string requestMethod = env.getRequestMethod();
I have not tested it, though.
I am trying to replace only " with " within EntryBody
I tried <mt:entrybody replace=""","""> but this seems to not work. Version is MT5.02 and I don't want to use <mt:entrybody encode_html="1">
What I am trying to do is import all entires using CSV(comma separated) format(clients request) and " (quotation mark) inside EntryBody gives me syntax errors. I can't use encode_html because this encodes links() to entities and I don't want that.
Any advice?
One of these should work.
"\"","""
'"','"'