Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Task/handle textunrestricted attr #2128

Merged
merged 22 commits into from
Feb 3, 2022
Merged

Task/handle textunrestricted attr #2128

merged 22 commits into from
Feb 3, 2022

Conversation

AlvaroVega
Copy link
Member

@AlvaroVega AlvaroVega commented Feb 3, 2022
edited
Loading

issue #2125
This fix applies to all sinks, all modes (row and column) but only for attr types which are TextUnrestricted

fgalan
fgalan reviewed Feb 3, 2022
View reviewed changes
CHANGES_NEXT_RELEASE Outdated
@@ -1,2 +1,3 @@
- [cygnus-commons] Check TextUnrestricted type to escape character ' as '' (#2125)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe something about this should be done in documenation?

Not sure in which .md. Do we have one about NGSIHandler? (in a similar way we have per-sink documents)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done in f4bdb5e

@fgalan fgalan mentioned this pull request Feb 3, 2022
Closed
fgalan
fgalan reviewed Feb 3, 2022
View reviewed changes
doc/cygnus-ngsi/user_and_programmer_guide/unrestricted_type.md Outdated
@@ -0,0 +1 @@
An Attribute value of a TextUnrestricted type from an ContextBroker event is escaped from character ' to ''
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New .md files should be added to mkdoc.yml in the proper place.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NTC, as the file has been deleted.

fgalan
fgalan reviewed Feb 3, 2022
View reviewed changes
doc/cygnus-ngsi/user_and_programmer_guide/unrestricted_type.md Outdated
@@ -0,0 +1 @@
An Attribute value of a TextUnrestricted type from an ContextBroker event is escaped from character ' to ''
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
An Attribute value of a TextUnrestricted type from an ContextBroker event is escaped from character ' to ''
Cygnus escapes from `'` to `''` in attributes of type `TextUnrestricted` with the aim of avoiding injection attacks.
Note that other attributes (i.e. with type different to `TextUnrestricted` don't need such escaping as single quote (`'`) is a [forbidden character in Context Broker](https://fiware-orion.readthedocs.io/en/master/user/forbidden_characters/index.html) so that value will never arrives to Cygnus in notifications.

To align the text with the one used in the other .md file.

fgalan
fgalan reviewed Feb 3, 2022
View reviewed changes
CHANGES_NEXT_RELEASE Outdated Show resolved Hide resolved
fgalan
fgalan approved these changes Feb 3, 2022
View reviewed changes
Copy link
Member

@fgalan fgalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fgalan fgalan merged commit 728889a into master Feb 3, 2022
@fgalan fgalan deleted the task/handle_textunrestricted_attr2 branch February 3, 2022 14:01
@AlvaroVega AlvaroVega mentioned this pull request Feb 3, 2022
Closed
1 task
This was referenced Feb 3, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fgalan fgalan fgalan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlvaroVega @fgalan