The objective is to detect whether a binary file has been changed / modified.
If there is a "real" change, a certain process will be triggered.
The binary files like pdf or zip have been stored inside ML.
I am thinking to generate the checksum like xdmp:md5 for xml node for those binary files as well.
However xdmp:md5 works for string only. How to do that with binary uri stored inside ML DB?
OR should I simply use external tool to generate the checksum and store that file signature as a property for that binary file?
If you attempt to use the document-node() instead of the binary(), the error message is a bit misleading:
arg1 is not of type xs:string
It should probably state: "arg1 is not of type xs:string or binary()"
The xdmp:md5 and xdmp:sha* hash functions accept an item() that is either an xs:string or a binary()
$data Data to be hashed. Must be xs:string or a binary node.
So look to use either of them:
xdmp:md5()
xdmp:sha512()
xdmp:sha384()
xdmp:sha256()
xdmp:sha1()
Just note that you need to send the binary() node, not the document-node(). So, if you select the document with fn:doc(), XPath to the node:
doc("/myDoc.pdf")/binary() => xdmp:md5()
Related
I wrote a small service in go (although I don't think this would be a language specific issue), that caches some results by saving it to a file, and writing a URL query parameter into the filename with "prefix" + param + ".json" using ioutil.WriteFile. The service runs on Ubuntu.
Is it possible to do something malicious, by passing an unexpected string via the query?
Relevant attacks that come to mind are called path injection. For example what if the query parameter is something like ../../etc/passwd (okthis would probably not work as the user running this service would have no permissions, but you get the point). For example it could be possible to overwrite your service code itself.
You should sanitize the parameter before adding it to the filename. The best would be a strict whitelist of letters and numbers that are allowed, anything else should ve removed from the parameter. That way injection would not be possible.
You can also check whether the path you are writing to is actually under an explicitly allowed directory.
I will make a test in python, here is the struct of the project
app1/main.py
while True:
a = input() # passing query
with open("{}.json".format(a), "w") as f:
f.write("Hello world")
now i am a hacker, and i want to change "yourfile.json"
so i passed this
and than, the content of yourfile.json become: Hello world
I'm trying to send a quite simple JSON message from BizTalk.
{
"Value": 1
}
I set the type of the "Value" field to xs:int in my xml schema
<xs:element minOccurs="1" maxOccurs="1" name="Value" type="xs:int" />
But it keeps generating the wrong JSON message.
{
"Value": "1"
}
Not sure what I'm doing wrong here. Does anybody have some tips?
There can be multiple issues at work here.
Your XML payload is not going through a XML Dissasembler or Assembler before reaching the JSON Encoder, and hence the Message Type isn't set correctly, in which case it is not using the schema to determine the correct date types.
You have another earlier element in your schema with the same name but a different type. It will use the type from the first one for all elements with the same name. This was a bug in BizTalk 2013 R2, and I think it was still there in BizTalk 2016 and could cause some strange errors, especially if you had a Records (complex types) and Element (simple types) with the same name. e.g FIX: JSON encoder unable to handle XML schema with the same name for record and one of its elements in CU 7
Biztalk Embedded JSON Encoder has the ability to recognize schema of XML processed and should recognize xs:int value from schema and encoded without quotes.
But sometimes (as Sandro Pereira indicates even often) this encoder throws the error:
Reason: Value cannot be null.
Parameter name: key
That was my case. I had to use a custom JSON Encoder that recognizes XML datatype somehow.
My solution was:
Use this build of Newtonsoft.Json library that uses json:Type argument as indicator of XML tag datatype.
Create a custom JSON Encoder that uses the previous library
Create custom Complex Type in separate schema with targetNamespace = "http://james.newtonking.com/projects/json"
Note that attribute Type need to be Qualified
Import above schema in Your target schema using prefix json
Use this type as Data Structure Type and rename Your parameter.
Map this checking logical existance, to avoid putting argument without value or custom xslt tranform
Usefull sites:
Adding name to attribute
need to run a workflow where the session has source and target variables which will be feeded the value through PMCMD command.is it possible
You cannot directly pass the source and target table names, but you can parameterize those names and put those in parameter file. Then you can pass the parameter file path in pmcmd.
You cannot have source and target names in PMCMD command
Instead create a parameter file and provide the source and target names using the
parameter identifiers like $DBConnection_Src= and $DBConnection_Tgt=
Have below format,
[Folder_Naem.WF:Workflow_Name.ST:SessionName]
$DBConnection_Src=Source_Name
$DBConnection_Tgt=Target_Name
Create this parameter file and provide the path and file name,
In the mapping tab for source and target provide the parameters specified in the parameter file
Parameter file is very helpful for dynamic parameter changes. You can edit the parameter file rather than making changes in the informatica workflow
What is the simplest way to validate there are no syntax errors in an XQuery file? I want to test a number of xquery files as a part of routine testing to verify that no bad files exist with simple syntax errors. Generally for library modules I import the library module and that is enough to validate syntax of the file.
BaseX has an option RUNQUERY that can be used to disable query execution, so it only gets parsed. For using the command line, use the -R off flag.
The query can be passed as string, here I'm using the very simple query 1+1, which is totally valid and will not return any output, but a return value of 0.
basex -R off "1+1"
Passing an invalid query will return a syntax error message, and a non-zero return code.
basex -R off "1foo"
Stopped at [snip], 1/2:
[XPST0003] Expecting separator after number.
I guess there will be similar options for other XQuery implementations, but they're not standardized, so you'll have to look them up in the individual manuals.
I need a snippet to check file for validity (I'm allowing users to upload xml files). So I need to check whether uploaded file is XML.
The best I can think of is just check if extension is ".xml". What if its replaced?
You can try loading it like this and catch the exception:
XDocument xdoc = XDocument.Load("data.xml"));
Presumably, if they're uploading XML, then you're going to use it for something afterwards. In this case you should validate the XML against a Schema (XSD etc) so that you know you aren't going to hit unexpected values/layouts etc.
In Urlmon.dll, there's a function called FindMimeFromData.
From the documentation
MIME type detection, or "data
sniffing," refers to the process of
determining an appropriate MIME type
from binary data. The final result
depends on a combination of
server-supplied MIME type headers,
file extension, and/or the data
itself. Usually, only the first 256
bytes of data are significant.
So, read the first (up to) 256 bytes from the file and pass it to FindMimeFromData.
If you must validate the xml (assuming you want to validate the entire thing) you can use the XmlDocument class and catch an exception if it's not XML.