#
253f11b8 |
| 16-May-2024 |
Ed Tanous <ed@tanous.net> |
Allow configuring "bmc" and "system"
In the early days of bmcweb, we made two pretty critical assumptions; First, is that a given platform would only have a single BMC instance (represented as "bmc"
Allow configuring "bmc" and "system"
In the early days of bmcweb, we made two pretty critical assumptions; First, is that a given platform would only have a single BMC instance (represented as "bmc") and a single host instance (represented as "system"). Second we assumed that, given that Redfish suggests against hardcoding URIs in client implementation and leaves them freeform, clients would code to the standard.
Our own webui-vue hardcodes Redfish URIs [1], and the documentation is littered with examples of hardcoded curl examples of hardcoding these URIs. That bug was filed in 2020, and the issue has only gotten worse over time.
This patchset is an attempt to give a target that we can start solving these issues, without trying to boil the ocean and fix all clients in parallel.
This commit adds the meson options redfish-manager-uri-name and redfish-system-uri-name
These are used to control the "name" that bmcweb places in the fixed locations in the ManagerCollection and ComputerSystemCollection schemas.
Note, managers is added, but is not currently testable. It will be iterated on over time.
Tested: Changed the URL options to "edsbmc" and "edssystem" in meson options.
Redfish service validator passes. URLs appear changed when walking the tree.
[1] https://github.com/openbmc/webui-vue/issues/43
Change-Id: I4b44685067051512bd065da8c2e3db68ae5ce23a Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
#
8e8245db |
| 12-Apr-2024 |
Ed Tanous <ed@tanous.net> |
Fix nullptr failures for image upload
Several places that call *req.ioService were missing nullptr checks. Add them, and fix the one case where it might not be filled in.
Tested: With HTTP2 enable
Fix nullptr failures for image upload
Several places that call *req.ioService were missing nullptr checks. Add them, and fix the one case where it might not be filled in.
Tested: With HTTP2 enabled, the following command succeeds. ``` curl -k https://192.168.7.2/redfish/v1/UpdateService/update -F 'UpdateParameters={"Targets":["/redfish/v1/Managers/bmc"]} ;type=application/json' --user "root:0penBmc" -F UpdateFile=@/home/ed/bmcweb/16mb.txt -v -H "Expect:" ```
Change-Id: I81e7944c22f5922d461bf5d231086c7468a16e62 Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
#
7a31e336 |
| 06-Mar-2024 |
Ed Tanous <ed@tanous.net> |
Clean up Certificate Service to use readJson
Use multiple level direct read to simplify code.
Tested: Visual only. Need help if anyone wants to test.
Change-Id: Ib7c34daefbe2bb835cbe420b40861f2744
Clean up Certificate Service to use readJson
Use multiple level direct read to simplify code.
Tested: Visual only. Need help if anyone wants to test.
Change-Id: Ib7c34daefbe2bb835cbe420b40861f27442d05b1 Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
#
b2896149 |
| 31-Jan-2024 |
Ed Tanous <ed@tanous.net> |
Rename FileBody to HttpBody
Now that our custom body type does things more than files, it makes sense to rename it. This commit renames the header itself, then all instances of the class.
Tested:
Rename FileBody to HttpBody
Now that our custom body type does things more than files, it makes sense to rename it. This commit renames the header itself, then all instances of the class.
Tested: Basic GET requests succeed. Change-Id: If4361ac8992fc7c268f48a336707f96e68d3576c Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
#
8ece0e45 |
| 02-Jan-2024 |
Ed Tanous <ed@tanous.net> |
Fix spelling mistakes
These were found with: codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")
At some point in the future, we might want to get this enabled in CI.
Change-Id: Iccb57b2adfd06a2
Fix spelling mistakes
These were found with: codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")
At some point in the future, we might want to get this enabled in CI.
Change-Id: Iccb57b2adfd06a2e177e99db2923fe4e8e329118 Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
#
5a39f77a |
| 20-Oct-2023 |
Patrick Williams <patrick@stwcx.xyz> |
clang-format: copy latest and re-format
clang-format-17 has some backwards incompatible changes that require additional settings for best compatibility and re-running the formatter. Copy the latest
clang-format: copy latest and re-format
clang-format-17 has some backwards incompatible changes that require additional settings for best compatibility and re-running the formatter. Copy the latest .clang-format from the docs repository and reformat the repository.
Change-Id: I2f9540cf0d545a2da4d6289fc87b754f684bc9a7 Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
show more ...
|
#
6fd29553 |
| 04-Oct-2023 |
Ed Tanous <edtanous@google.com> |
Update to boost 1.83.0
In boost 1.83.0, the boost::url maintainers deprecated the header only usage of the library without warning. A discussion with the maintainers[1] made it clear that they remo
Update to boost 1.83.0
In boost 1.83.0, the boost::url maintainers deprecated the header only usage of the library without warning. A discussion with the maintainers[1] made it clear that they removed the abiliy on purpose, and they're not going to add it back or add a deprecation strategy (they did say they would update the documentation to actually match the intent), and that from here on in we should be using the cmake boost project to pull in the non-header-only boost libraries we use (which at this point is ONLY boost url).
This commit updates to remove the usage of boost::urls::result typedef, which was deprecated in this release (which causes a compile error) and moves it to boost::system::result.
In addition, it updates our meson files to pull in the boost project as a cmake dependency.
[1] https://cpplang.slack.com/archives/C01JR6C9C4U/p1696441238739129
Tested: Not yet.
Change-Id: Ia7adfc0348588915440687c3ab83a1de3e6b845a Signed-off-by: Ed Tanous <edtanous@google.com>
show more ...
|
#
f5f8eaa8 |
| 04-Sep-2023 |
Xinnan Xie <xiexinnan@bytedance.com> |
certificate_service: Fix garbled display caused by dangling reference
Post: ``` /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate ``` The "@odata.id" field in the response
certificate_service: Fix garbled display caused by dangling reference
Post: ``` /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate ``` The "@odata.id" field in the response will appear garbled. This is caused by boost::urls::url_view outlives its original char sequence. Fix this issue.
Tested: ``` 1.Get token 2.curl -k -H "X-Auth-Token: $token" -X POST https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate -d '{"CertificateUri": {"@odata.id":"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"}, "CertificateString":"...", "CertificateType": "PEM"}' { "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1", ... } ```
Change-Id: I6b16cbfaf22f835488a54097c83cee8a1b9e9f6a Signed-off-by: Xinnan Xie <xiexinnan@bytedance.com>
show more ...
|
#
b2254ccd |
| 27-Jul-2023 |
Michal Orzel <michalx.orzel@intel.com> |
Change authority D-Bus names
Changing authority service references in code from 'ldap' to more generic name, to comply with change in phosphor-certificate-manager.
Related change: https://gerrit.op
Change authority D-Bus names
Changing authority service references in code from 'ldap' to more generic name, to comply with change in phosphor-certificate-manager.
Related change: https://gerrit.openbmc.org/c/openbmc/phosphor-certificate-manager/+/65458
Tested: Adding, reading and removal of CA Certificate works without any noticeable regression.
Change-Id: Ia3e7a13bf7093bb7a9964769847d769475ed3e61 Signed-off-by: Michal Orzel <michalx.orzel@intel.com>
show more ...
|
#
80f79a40 |
| 24-Aug-2023 |
Michael Shen <gpgpgp@google.com> |
Fix typo `DBusInteracesMap` -> `DBusInterfacesMap`
Change-Id: I9a851076eccee9d79ad7bb036e58b717e06ad5d1 Signed-off-by: Michael Shen <gpgpgp@google.com>
|
#
62598e31 |
| 17-Jul-2023 |
Ed Tanous <ed@tanous.net> |
Replace logging with std::format
std::format is a much more modern logging solution, and gives us a lot more flexibility, and better compile times when doing logging.
Unfortunately, given its level
Replace logging with std::format
std::format is a much more modern logging solution, and gives us a lot more flexibility, and better compile times when doing logging.
Unfortunately, given its level of compile time checks, it needs to be a method, instead of the stream style logging we had before. This requires a pretty substantial change. Fortunately, this change can be largely automated, via the script included in this commit under scripts/replace_logs.py. This is to aid people in moving their patchsets over to the new form in the short period where old patches will be based on the old logging. The intention is that this script eventually goes away.
The old style logging (stream based) looked like.
BMCWEB_LOG_DEBUG << "Foo " << foo;
The new equivalent of the above would be: BMCWEB_LOG_DEBUG("Foo {}", foo);
In the course of doing this, this also cleans up several ignored linter errors, including macro usage, and array to pointer deconstruction.
Note, This patchset does remove the timestamp from the log message. In practice, this was duplicated between journald and bmcweb, and there's no need for both to exist.
One design decision of note is the addition of logPtr. Because the compiler can't disambiguate between const char* and const MyThing*, it's necessary to add an explicit cast to void*. This is identical to how fmt handled it.
Tested: compiled with logging meson_option enabled, and launched bmcweb
Saw the usual logging, similar to what was present before: ``` [Error include/webassets.hpp:60] Unable to find or open /usr/share/www/ static file hosting disabled [Debug include/persistent_data.hpp:133] Restored Session Timeout: 1800 [Debug redfish-core/include/event_service_manager.hpp:671] Old eventService config not exist [Info src/webserver_main.cpp:59] Starting webserver on port 18080 [Error redfish-core/include/event_service_manager.hpp:1301] inotify_add_watch failed for redfish log file. [Info src/webserver_main.cpp:137] Start Hostname Monitor Service... ``` Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I86a46aa2454be7fe80df608cb7e5573ca4029ec8
show more ...
|
#
e2616cc5 |
| 27-Jun-2022 |
Ed Tanous <edtanous@google.com> |
Make propertyValueNotInList typesafe
The error codes for this function accept a string_view, which has caused a number of cases of users of this function to call dump() to_string() and all manner of
Make propertyValueNotInList typesafe
The error codes for this function accept a string_view, which has caused a number of cases of users of this function to call dump() to_string() and all manner of other conversions. Considering that dump() is something that's difficult to call correctly, and overly wordy, it would be ideal if the message code just handled that for us.
Therefore, this commit changes the prototype to include a nlohmann::json object as an argument instead of string_view, then audits the codebase for all uses, and moves them to a more normalized usage, which allows the calling code to call "dump" for them.
Tested: PATCH /redfish/v1/SessionService {"SessionTimeout": 1}
Returns the PropertyValueNotInList error as it did before.
Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: If62909072db1f067ad1f8aa590bb716c84181219
show more ...
|
#
3e72c202 |
| 27-Mar-2023 |
Ninad Palsule <ninadpalsule@us.ibm.com> |
Added new pre-defined usergroup called hostconsole
The new pre-defined usergroup named "hostconsole" is added to differentiate access between host console and manager console. The only users allowed
Added new pre-defined usergroup called hostconsole
The new pre-defined usergroup named "hostconsole" is added to differentiate access between host console and manager console. The only users allowed to interact with host console are part of the "hostconsole" group and they are in an administrator role.
Note: The changes are spread across multiple repositories listed under "Related commits:"
The bmcweb changes to incorporate new group are as follows: - The new user is added in the hostconsole group only if it has an administrative role. - The ssh usergroup is only translated to ManagerConsole redfish group and hostconsole usergroup is translated to HostConsole redfish group. - The following changes are made to check the privileges for host console access - The new OEM privilege "OpenBMCHostConsole" added for host console access. This privilege is not shared externally hence it is not documented. - Updated obmc_console BMCWEB_ROUTE to use the new privilege. - Router functions now save user role and user groups in the session - getUserPrivileges() function now takes session reference instead of user role. This function now also checks for the user group "hostconsole" and add the new privilege if user is member of this group. - Updated all callers of the getUserPrivileges to pass session reference. - Added test to validate that new privilege is set correctly.
Tested: Loaded code on the system and validated that; - New user gets added in hostconsole group. NOTE: Prior to this commit all groups are assigned to new user. This drop does not change that behavior. - Access from the web gui is only available for users in hostconsole group. Used IBM internal simulator called simics to test this. This simulator allows accessing openbmc from GUI. - Checked the role collection and there is no change. $ curl -k -H "X-Auth-Token: $TOKEN" -X GET \ https://${bmc}/redfish/v1/AccountService/Roles $ curl -k -H "X-Auth-Token: $TOKEN" -X GET \ https://${bmc}/redfish/v1/AccountService/Roles/Administrator $ curl -k -H "X-Auth-Token: $TOKEN" -X GET \ https://${bmc}/redfish/v1/AccountService/Roles/ReadOnly $ curl -k -H "X-Auth-Token: $TOKEN" -X GET \ https://${bmc}/redfish/v1/AccountService/Roles/Operator
- HostConsole is in AccountType when hostconsole group is present in UserGroups D-Bus property
$ id user99 uid=1006(user99) gid=100(users) groups=1000(priv-admin),1005(web),\ 1006(redfish),1013(hostconsole),100(users)
$ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99 { "@odata.id": "/redfish/v1/AccountService/Accounts/user99", "@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount", "AccountTypes": [ "HostConsole", "Redfish", "WebUI", "ManagerConsole" ], "Description": "User Account", "Enabled": true, "Id": "user99", "Links": { "Role": { "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" } }, "Locked": false, "Locked@Redfish.AllowableValues": [ "false" ], "Name": "User Account", "Password": null, "PasswordChangeRequired": false, "RoleId": "Administrator", "UserName": "user99"
- The hostconsole group is not present for readonly or operator users and also made sure that console access is not provided. This testing is done one the system and console access was tried by modifying the https://github.com/openbmc/bmcweb/blob/master/scripts/websocket_test.py
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99 { "@odata.id": "/redfish/v1/AccountService/Accounts/user99", "@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount", "AccountTypes": [ "IPMI", "Redfish", "WebUI", "ManagerConsole" ], "Description": "User Account", "Enabled": true, "Id": "user99", "Links": { "Role": { "@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly" } }, "Locked": false, "Locked@Redfish.AllowableValues": [ "false" ], "Name": "User Account", "Password": null, "PasswordChangeRequired": false, "RoleId": "ReadOnly", "UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x150ac38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx [DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2 [DEBUG "routing.hpp":1084] userName = user99 userRole = priv-user [DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi [DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish [DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh [DEBUG "routing.hpp":1123] IsUserPrivileged: group=web [DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login [DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf [DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole [ERROR "routing.hpp":1192] Insufficient Privilege
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99 { "@odata.id": "/redfish/v1/AccountService/Accounts/user99", "@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount", "AccountTypes": [ "IPMI", "Redfish", "WebUI", "ManagerConsole" ], "Description": "User Account", "Enabled": true, "Id": "user99", "Links": { "Role": { "@odata.id": "/redfish/v1/AccountService/Roles/Operator" } }, "Locked": false, "Locked@Redfish.AllowableValues": [ "false" ], "Name": "User Account", "Password": null, "PasswordChangeRequired": false, "RoleId": "Operator", "UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x21c7c38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx [DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2 [DEBUG "routing.hpp":1084] userName = user99 userRole = priv-operator [DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi [DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish [DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh [DEBUG "routing.hpp":1123] IsUserPrivileged: group=web [DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login [DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureComponents [DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf [DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole [ERROR "routing.hpp":1192] Insufficient Privilege
Related commits: NOTE: docs, openbmc, obmc-console changes are already merged. bmcweb and phosphor-user-manager will be merged together. docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968 phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583 openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582 obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581 bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580
Change-Id: Ia5a33dafc9a76444e6a8e74e752f0f90cb0a31c8 Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
show more ...
|
#
ef4c65b7 |
| 24-Apr-2023 |
Ed Tanous <edtanous@google.com> |
Boost::urls::format
Boost 1.82 dropped a lovely new toy, boost::urls::format, which is a lot like our urlFromPieces method, but better in that it makes the resulting uris more readable, and allows d
Boost::urls::format
Boost 1.82 dropped a lovely new toy, boost::urls::format, which is a lot like our urlFromPieces method, but better in that it makes the resulting uris more readable, and allows doing things like fragments in a single line instead of multiple. We should prefer it in some cases.
Tested: Redfish service validator passes. Spot checks of URLs work as expected. Unit tests pass.
Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Ia7b38f0a95771c862507e7d5b4aa68aa1c98403c
show more ...
|
#
a87c4180 |
| 16-May-2023 |
vijayabharathi shetty <vijayabharathix.shetty@intel.com> |
Fix certificate replacement error code issue
We get 500 Internal Server Error when we try to replace certificate without providing certificate but expected response is 400 Bad Request. So fixed the
Fix certificate replacement error code issue
We get 500 Internal Server Error when we try to replace certificate without providing certificate but expected response is 400 Bad Request. So fixed the issue by removal of overriding the error code.
Tested: Response for attempt to replace certificate without certificate or without required json key
Before changes: 500 Internal Server Error
After changes: 400 Bad Request
Change-Id: I7f672d40f73f8cd1491625ba6714bd3ad2594faf Signed-off-by: vijayabharathi shetty <vijayabharathix.shetty@intel.com>
show more ...
|
#
b2ba3072 |
| 12-May-2023 |
Patrick Williams <patrick@stwcx.xyz> |
fix more push vs emplace calls
It seems like clang-tidy doesn't catch every place that an emplace could be used instead of a push. Use a few grep/sed pairs to find and fix up some common patterns.
fix more push vs emplace calls
It seems like clang-tidy doesn't catch every place that an emplace could be used instead of a push. Use a few grep/sed pairs to find and fix up some common patterns.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I93eaec26b8e3be240599e92b66cf54947073dc4c
show more ...
|
#
ad539545 |
| 12-May-2023 |
Patrick Williams <patrick@stwcx.xyz> |
use emplace where appropriate per clang-tidy
The clang-tidy warning 'modernize-use-emplace' correctly flags a few places where emplace should be used over push.
Signed-off-by: Patrick Williams <pat
use emplace where appropriate per clang-tidy
The clang-tidy warning 'modernize-use-emplace' correctly flags a few places where emplace should be used over push.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I6ca79285a87d6927e718345dc8dce0387e6b1eda
show more ...
|
#
6da47bab |
| 11-May-2023 |
Patrick Williams <patrick@stwcx.xyz> |
certificate-service: fix clang-tidy warnings
``` ../redfish-core/lib/certificate_service.hpp:154:32: error: 'i' is an unsafe pointer used for buffer access [-Werror,-Wunsafe-buffer-usage] std::s
certificate-service: fix clang-tidy warnings
``` ../redfish-core/lib/certificate_service.hpp:154:32: error: 'i' is an unsafe pointer used for buffer access [-Werror,-Wunsafe-buffer-usage] std::string_view::iterator i = value.begin(); ```
Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Change-Id: I6b6fb17d58bb7a3bd861aaf020540586490693da
show more ...
|
#
89492a15 |
| 10-May-2023 |
Patrick Williams <patrick@stwcx.xyz> |
clang-format: copy latest and re-format
clang-format-16 has some backwards incompatible changes that require additional settings for best compatibility and re-running the formatter. Copy the latest
clang-format: copy latest and re-format
clang-format-16 has some backwards incompatible changes that require additional settings for best compatibility and re-running the formatter. Copy the latest .clang-format from the docs repository and reformat the repository.
Change-Id: I75f89d2959b0f1338c20d72ad669fbdc1d720835 Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
show more ...
|
#
33c6b580 |
| 14-Feb-2023 |
Ed Tanous <edtanous@google.com> |
Remove body member from Request
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Ib16479db9d2b68d
Remove body member from Request
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de
show more ...
|
#
5e7e2dc5 |
| 16-Feb-2023 |
Ed Tanous <edtanous@google.com> |
Take boost error_code by reference
By convention, we should be following boost here, and passing error_code by reference, not by value. This makes our code consistent, and removes the need for a co
Take boost error_code by reference
By convention, we should be following boost here, and passing error_code by reference, not by value. This makes our code consistent, and removes the need for a copy in some cases.
Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Id42ea4a90b6685a84818b87d1506c11256b3b9ae
show more ...
|
#
26ccae32 |
| 16-Feb-2023 |
Ed Tanous <edtanous@google.com> |
Pass string views by value
string_view should always be passed by value; This commit is a sed replace of the code to make all string_views pass by value, per general coding guidelines[1].
[1] http
Pass string views by value
string_view should always be passed by value; This commit is a sed replace of the code to make all string_views pass by value, per general coding guidelines[1].
[1] https://quuxplusone.github.io/blog/2021/11/09/pass-string-view-by-value/
Tested: Code compiles.
Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: I55b342a29a0fbfce0a4ed9ea63db6014d03b134c
show more ...
|
#
1aa0c2b8 |
| 08-Feb-2022 |
Ed Tanous <edtanous@google.com> |
Add option for validating content-type header
For systems implementing to the OWASP security guidelines[1] (of which all should ideally) we should be checking the content-type header all times that
Add option for validating content-type header
For systems implementing to the OWASP security guidelines[1] (of which all should ideally) we should be checking the content-type header all times that we parse a request as JSON.
This commit adds an option for parsing content-type, and sets a default of "must get content-type". Ideally this would not be a breaking change, but given the number of guides and scripts that omit the content type, it seems worthwhile to add a trapdoor, such that people can opt into their own model on how they would like to see this checking work.
Tested: ``` curl --insecure -H "Content-Type: application/json" -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}' ```
Succeeds.
Removing Content-Type argument causes bmc to return Base.1.13.0.UnrecognizedRequestBody.
[1] cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
Change-Id: Iaa47dd563b40036ff2fc2cacb70d941fd8853038 Signed-off-by: Ed Tanous <edtanous@google.com>
show more ...
|
#
3ccb3adb |
| 13-Jan-2023 |
Ed Tanous <edtanous@google.com> |
Fix a boatload of #includes
Most of these missing includes were found by running clang-tidy on all files, including headers. The existing scripts just run clang-tidy on source files, which doesn't
Fix a boatload of #includes
Most of these missing includes were found by running clang-tidy on all files, including headers. The existing scripts just run clang-tidy on source files, which doesn't catch most of these.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Ic741fbb2cc9e5e92955fd5a1b778a482830e80e8
show more ...
|
#
cf9e417d |
| 21-Dec-2022 |
Ed Tanous <edtanous@google.com> |
Add check for globals
We don't follow this cpp core guidelines rule well. This is something that we should aspire to cleaning up in the future, but for the moment, lets turn the rule on in clang-ti
Add check for globals
We don't follow this cpp core guidelines rule well. This is something that we should aspire to cleaning up in the future, but for the moment, lets turn the rule on in clang-tidy to stop the bleeding, add ignores for the things that we know need some better abstractions, and work on these over time.
Most of this commit is just adding NOLINTNEXTLINE exceptions for all of our globals. There was one case in the sensor code where clang correctly noted that those globals weren't actually const, which got missed because of the use of auto.
Tested: CI should be good enough for this. Passes clang-tidy.
Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Ieda08fee69a3b209d4b3e9771809a6c41524f066
show more ...
|