| #
d7857201 |
| 28-Jan-2025 |
Ed Tanous <etanous@nvidia.com> |
Fix includes
Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is
Fix includes
Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is largely just
taking the clang-recommended fixes and checking them in. Subsequent
patches will fix the more unique issues.
Note, that a number of new ignores are added into the .clang-tidy file.
These can be cleaned up over time as they're understood. The majority
are places where boost includes a impl/x.hpp and x.hpp, but expects you
to use the later. include-cleaner opts for the impl, but it isn't clear
why.
Change-Id: Id3fdd7ee6df6c33b2fd35626898523048dd51bfb
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
show more ...
|
| #
40e9b92e |
| 10-Sep-2024 |
Ed Tanous <etanous@nvidia.com> |
Use SPDX identifiers
SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.
This pa
Use SPDX identifiers
SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.
This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.
[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects
Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
| #
e4628c81 |
| 16-Dec-2024 |
Ed Tanous <etanous@nvidia.com> |
Move isJSONContentType to content-type parser
Previously this function was based on a basic string comparison. This
is fine, but found several inconsistencies, like not handling spaces in
the appro
Move isJSONContentType to content-type parser
Previously this function was based on a basic string comparison. This
is fine, but found several inconsistencies, like not handling spaces in
the appropriate places.
This commit creates a new function getContentType, using the new parsing
infrastructure. As doing this, it showed that the existing parser
functions were not handling case insensitive compares for the mime type.
While this is technically not required, it's something we unit test for,
and relatively easy to add.
Note, that because this parser ignores charset, this moves charset=ascii
from something that previously failed, to something that now succeeds.
This is expected.
Tested: Unit tests pass. Good coverage
Change-Id: I825a72862135b62112ee504ab0d9ead9d6796354
Signed-off-by: Ed Tanous <etanous@nvidia.com>
show more ...
|
| #
83328316 |
| 09-May-2024 |
Ed Tanous <ed@tanous.net> |
Fix lesser used options
25b54dba775b31021a3a4677eb79e9771bcb97f7 missed several cases where we
had ifndef instead of ifdef. because these weren't the defaults, these
don't show up as failures when
Fix lesser used options
25b54dba775b31021a3a4677eb79e9771bcb97f7 missed several cases where we
had ifndef instead of ifdef. because these weren't the defaults, these
don't show up as failures when testing.
Tested: Redfish service validator passes. Inspection primarily.
Mechanical change.
Change-Id: I3f6915a97eb44d071795aed76476c6bee7e8ed27
Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
| #
1fccd0d5 |
| 19-Mar-2024 |
Ed Tanous <ed@tanous.net> |
Allow no spaces in content-type
For the content type header
application/json;charset=utf-8
The Redfish specification DSP0266 shows no space between the ; and
charset. Sites like mozilla show the
Allow no spaces in content-type
For the content type header
application/json;charset=utf-8
The Redfish specification DSP0266 shows no space between the ; and
charset. Sites like mozilla show the space included [1]
Considering the discrepancy, we should just accept both.
Resolves #271
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type
Tested: Submitter reports issue fixed.
Change-Id: I77b7db91d65acc84f2221ec50985d4b942fbe77f
Signed-off-by: Ed Tanous <ed@tanous.net>
show more ...
|
| #
18f8f608 |
| 18-Jul-2023 |
Ed Tanous <edtanous@google.com> |
Remove some boost includes
The less we rely on boost, and more on std algorithms, the less people
have to look up, and the more likely that our code will deduplicate.
Replace all uses of boost::alg
Remove some boost includes
The less we rely on boost, and more on std algorithms, the less people
have to look up, and the more likely that our code will deduplicate.
Replace all uses of boost::algorithms with std alternatives.
Tested: Redfish Service Validator passes.
Change-Id: I8a26f39b5709adc444b4178e92f5f3c7b988b05b
Signed-off-by: Ed Tanous <edtanous@google.com>
show more ...
|
| #
62598e31 |
| 17-Jul-2023 |
Ed Tanous <ed@tanous.net> |
Replace logging with std::format
std::format is a much more modern logging solution, and gives us a lot
more flexibility, and better compile times when doing logging.
Unfortunately, given its level
Replace logging with std::format
std::format is a much more modern logging solution, and gives us a lot
more flexibility, and better compile times when doing logging.
Unfortunately, given its level of compile time checks, it needs to be a
method, instead of the stream style logging we had before. This
requires a pretty substantial change. Fortunately, this change can be
largely automated, via the script included in this commit under
scripts/replace_logs.py. This is to aid people in moving their
patchsets over to the new form in the short period where old patches
will be based on the old logging. The intention is that this script
eventually goes away.
The old style logging (stream based) looked like.
BMCWEB_LOG_DEBUG << "Foo " << foo;
The new equivalent of the above would be:
BMCWEB_LOG_DEBUG("Foo {}", foo);
In the course of doing this, this also cleans up several ignored linter
errors, including macro usage, and array to pointer deconstruction.
Note, This patchset does remove the timestamp from the log message. In
practice, this was duplicated between journald and bmcweb, and there's
no need for both to exist.
One design decision of note is the addition of logPtr. Because the
compiler can't disambiguate between const char* and const MyThing*, it's
necessary to add an explicit cast to void*. This is identical to how
fmt handled it.
Tested: compiled with logging meson_option enabled, and launched bmcweb
Saw the usual logging, similar to what was present before:
```
[Error include/webassets.hpp:60] Unable to find or open /usr/share/www/ static file hosting disabled
[Debug include/persistent_data.hpp:133] Restored Session Timeout: 1800
[Debug redfish-core/include/event_service_manager.hpp:671] Old eventService config not exist
[Info src/webserver_main.cpp:59] Starting webserver on port 18080
[Error redfish-core/include/event_service_manager.hpp:1301] inotify_add_watch failed for redfish log file.
[Info src/webserver_main.cpp:137] Start Hostname Monitor Service...
```
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I86a46aa2454be7fe80df608cb7e5573ca4029ec8
show more ...
|
| #
33c6b580 |
| 14-Feb-2023 |
Ed Tanous <edtanous@google.com> |
Remove body member from Request
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68d
Remove body member from Request
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de
show more ...
|
| #
1aa0c2b8 |
| 08-Feb-2022 |
Ed Tanous <edtanous@google.com> |
Add option for validating content-type header
For systems implementing to the OWASP security guidelines[1] (of which all
should ideally) we should be checking the content-type header all times
that
Add option for validating content-type header
For systems implementing to the OWASP security guidelines[1] (of which all
should ideally) we should be checking the content-type header all times
that we parse a request as JSON.
This commit adds an option for parsing content-type, and sets a default
of "must get content-type". Ideally this would not be a breaking
change, but given the number of guides and scripts that omit the content
type, it seems worthwhile to add a trapdoor, such that people can opt
into their own model on how they would like to see this checking work.
Tested:
```
curl --insecure -H "Content-Type: application/json" -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
```
Succeeds.
Removing Content-Type argument causes bmc to return
Base.1.13.0.UnrecognizedRequestBody.
[1] cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
Change-Id: Iaa47dd563b40036ff2fc2cacb70d941fd8853038
Signed-off-by: Ed Tanous <edtanous@google.com>
show more ...
|