I am wanting to call the following URL in my Jitterbit HTTP target:
https://xxx.visualstudio.com/DefaultCollection/_apis/wit/workitems/[vstsId]?api-version=1.0
where [vstsId] is dynamic and should be supplied from a global variable.
Is it possible to have dynamic urls in the target?
I could make the whole url dynamic if need be.
Any ideas? (I'm using javascript scripting rather than the Jitterbit scripting)
Thanks
Martin
Yes, you have it typed out correctly. At the beginning of your operation chain (or at the point where you know what $vstsld should be, and you can declare it), simply add a script to declare it, or add it into a transformation where you get the data from. At any point after that, in the current operation chain, you can access the value in that variable. Just make sure you set it with the $ symbol, which makes it global.
$vstsld='some value';
As W3bguy said. you call it in the script as $vstsld. Now you can pass in a test value data into your variable as well. just add the curly brackets inside your variable like the below
example
https://xxx.visualstudio.com/DefaultCollection/_apis/wit/workitems/[vstsId{1234}]?api-version=1.0
Related
I wrote a small service in go (although I don't think this would be a language specific issue), that caches some results by saving it to a file, and writing a URL query parameter into the filename with "prefix" + param + ".json" using ioutil.WriteFile. The service runs on Ubuntu.
Is it possible to do something malicious, by passing an unexpected string via the query?
Relevant attacks that come to mind are called path injection. For example what if the query parameter is something like ../../etc/passwd (okthis would probably not work as the user running this service would have no permissions, but you get the point). For example it could be possible to overwrite your service code itself.
You should sanitize the parameter before adding it to the filename. The best would be a strict whitelist of letters and numbers that are allowed, anything else should ve removed from the parameter. That way injection would not be possible.
You can also check whether the path you are writing to is actually under an explicitly allowed directory.
I will make a test in python, here is the struct of the project
app1/main.py
while True:
a = input() # passing query
with open("{}.json".format(a), "w") as f:
f.write("Hello world")
now i am a hacker, and i want to change "yourfile.json"
so i passed this
and than, the content of yourfile.json become: Hello world
I'm writing a Gatling simulation, and I want to verify both that a certain element exists, and that the content of one of its attributes starts with a certain substring. E.g.:
val scn: ScenarioBuilder = scenario("BasicSimulation")
.exec(http("request_1")
.get("/path/to/resource")
.check(
status.is(200),
css("form#name", "action").ofType[String].startsWith(BASE_URL).saveAs("next_url")))
Now, when I add the startsWith above, the compiler reports an error that says startsWith is not a member of io.gatling.http.check.body.HttpBodyCssCheckBuilder[String]. If I leave the startsWith out, then everything works just fine. I know that the expected form element is there, but I cant confirm that its #action attribute starts with the correct base.
How can I confirm that the attribute start with a certain substring?
Refer this https://gatling.io/docs/2.3/general/scenario/
I have copied the below from there but it is a session function and will work like below :-
doIf(session => session("myKey").as[String].startsWith("admin")) { // executed if the session value stored in "myKey" starts with "admin" exec(http("if true").get("..."))}
I just had the same problem. I guess one option is to use a validator, but I'm not sure how if you can declare one on the fly to validate against your BASE_URL (the documentation doesn't really give any examples). You can use transform and is.
Could look like this:
css("form#name", "action").transform(_.startsWith(BASE_URL)).is(true)
If you also want to include the saveAs call in one go you could probably also do something like this:
css("form#name", "action").transform(_.substring(0, BASE_URL.length)).is(BASE_URL).saveAs
But that's harder to read. Also I'm not sure what happens when substring throws an exception (like IndexOutOfBounds).
I need to extract the Call-id info from the calls started by a Call-file (in Asterisk), and use this value as a parameter of another function in order to return the full-cdr from the SIP-Proxy. Either i need to extract the call-id from call file based calls, or i gotta insert a call-id value through the file and use it. However, could not figure out how to do that. Looking forward to your replies, thanks in advance.
p.s. I'm not asking for Caller-id which refers to, as far as i understand, the from-number.
Call-id will be created by chan_sip AFTER you do call via call file.
So no, there are no way put it in file.
Maybe possible read by SIPHeader function AFTER call placed, but more likly you should do patch.
You can add special header like X-something if other part support search by it.
I am wondering if there's any function that I can create in order to modify the magic tags behaviour.
Ideally, I would like to use a tag like this {#post_content|120} which would go through my custom function and check if there's a | character, then execute the original magic tag, while trimming text down to 120 characters.
But I don't know where to hook in order to filter this content.
I know that I can pass a function name with the magic tag but this isn't really helpful as I need to pass the characters limit parameter which PODS doesn't support.
Also, I can't be creating functions for all my characters limit as I have a lot of places where I need different limits and I would end up using tons of functions and no dynamic solution.
Can I somehow trigger a magic tag with a parameter? Any other thoughts about doing this another way?
Thank you!
I don't think that's possible, {#your_field, your_function} is how it works (the function takes the field value as input) - you could use different function names like trim_120, trim_100 and do the stuff you need in there - I guess it's to create excerpts with different length's although there are other ways to do that e.g use the_content filter for one ...
I want to call a JSP with GET parameters within the GET parameter of a parent JSP. The URL for this would be http://server/getMap.jsp?lat=30&lon=-90&name=http://server/getName.jsp?lat1=30&lon1=-90
getName.jsp will return a string that goes in the name parameter of getMap.jsp.
I think the problem here is that &lon1=-90 at the end of the URL will be given to getMap.jsp instead of getName.jsp. Is there a way to distinguish which GET parameter goes to which URL?
One idea I had was to encode the second URL (e.g. = -> %3D and & -> %26) but that didn't work out well. My best idea so far is to allow only one parameter in the second URL, comma-delimited. So I'll have http://server/getMap.jsp?lat=30&lon=-90&name=http://server/getName.jsp?params=30,-90 and leave it up to getName.jsp to parse its variables. This way I leave the & alone.
NOTE - I know I can approach this problem from a completely different angle and avoid nested URLs altogether, but I still wonder (for the sake of knowledge!) if this is possible or if anyone has done it...
This has been done a lot, especially with ad serving technologies and URL redirects
But an encoded URL should just work fine. You need to completely encode it tho. A generator can be found here
So this:
http://server/getMap.jsp?lat=30&lon=-90&name=http://server/getName.jsp?lat1=30&lon1=-90
becomes this: http://server/getMap.jsp?lat=30&lon=-90&name=http%3A%2F%2Fserver%2FgetName.jsp%3Flat1%3D30%26lon1%3D-90
I am sure that jsp has a function for this. Look for "urlencode". Your JSP will see the contents of the GET-Variable "name" as the unencoded string: "http://server/getName.jsp?lat1=30&lon1=-90"