Closed bama19942000 closed 4 years ago
Can you please provide me with an example transform so I can test with?
It is not the backslashes. In my sandbox environment I removed each transform one at a time until I found the bad apple.
{ "attributes": { "input": { "attributes": { "values": [ { "attributes": { "name": "zlastcharacterofuid" }, "type": "identityAttribute" }, { "table": { "O": "LAST LETTER O", "default": "DEFAULT", "o": "LAST LETTER O" } } ] }, "type": "lookup" } }, "id": "bad apple", "type": "tolower" },
Matt Totty | Principal Consultant, IAM m. 205.215.4062
From: Darren Robinson notifications@github.com Sent: Monday, February 17, 2020 10:29 PM To: darrenjrobinson/powershell_module_identitynow powershell_module_identitynow@noreply.github.com Cc: Matt Totty Matt.Totty@optiv.com; Author author@noreply.github.com Subject: Re: [darrenjrobinson/powershell_module_identitynow] Get-IdentityNowTransform does not return list of transforms when back slashes are included in a transform (#11)
[External Email]
Can you please provide me with an example transform so I can test with?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_darrenjrobinson_powershell-5Fmodule-5Fidentitynow_issues_11-3Femail-5Fsource-3Dnotifications-26email-5Ftoken-3DAL7CIMDIH35R6ZG64PJPVP3RDNPYBA5CNFSM4KWX4BRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMARD5I-23issuecomment-2D587272693&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=9nDtKVw19VOpdxlFnsWn3fVBvz7qjoctEhtFbJOrEto&s=rH3zeCLulcn_9VkftgkDPgi5mTFQRiDHHCSTcDbyN7A&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AL7CIMH2PTP574A5NINOUSTRDNPYBANCNFSM4KWX4BRA&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=9nDtKVw19VOpdxlFnsWn3fVBvz7qjoctEhtFbJOrEto&s=hUKgJiuD8FaPG00NEZ4eJLDfziOwMM0_npN_R71mcKQ&e=.
Yes, it looks like this isn't valid
"table": {
"O": "LAST LETTER O",
"default": "DEFAULT",
"o": "LAST LETTER O"
}
Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys 'O' and 'o'.
The transform itself in IDN is valid. Anytime we have a lookup table like that convert to json seems to insert escape characters everywhere in an attempt to distinguish the keys. Even though json is case sensitive power shell is not. So i believe that is what is going on.
Sent from my iPhone
On Feb 18, 2020, at 8:27 PM, Darren Robinson notifications@github.com<mailto:notifications@github.com> wrote:
[External Email]
Yes, it looks like this isn't valid
"table": {
"O": "LAST LETTER O",
"default": "DEFAULT",
"o": "LAST LETTER O"
}
Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys 'O' and 'o'.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_darrenjrobinson_powershell-5Fmodule-5Fidentitynow_issues_11-3Femail-5Fsource-3Dnotifications-26email-5Ftoken-3DAL7CIMCIIGR7F4JRMWBZWU3RDSKH7A5CNFSM4KWX4BRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMGDMPI-23issuecomment-2D588002877&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=4ONXFH_NaxvKAomP1fLJv_56AEz_UwBNr4zqFANB00w&s=-T1KuZAGw0mHV_zCEU9e_p4mvLxLT2fYan15gXdvV40&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AL7CIMCAOV4TNGQCTVYYBILRDSKH7ANCNFSM4KWX4BRA&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=4ONXFH_NaxvKAomP1fLJv_56AEz_UwBNr4zqFANB00w&s=mmTN90zyoCCobmNnn1Mrxg41FdE6EQi6uv7hrpiqbbU&e=.
The update I just pushed will now return all transforms. You will still have issues with duplicate keys if you try and convert a transform that contains two keys with the same name (PowerShell doesn't respect case, so O and o are seen as duplicates).
To overcome that try this;
$xForms = Get-IdentityNowTransform
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions")
$idnObj = (New-Object -TypeName System.Web.Script.Serialization.JavaScriptSerializer -Property @{MaxJsonLength=67108864}).DeserializeObject($xForms)
$idnObj.items
Thanks Darren, I will try it out!
Matt…
Matt Totty | Principal Consultant, IAM m. 205.215.4062
From: Darren Robinson notifications@github.com Sent: Wednesday, February 19, 2020 3:32 PM To: darrenjrobinson/powershell_module_identitynow powershell_module_identitynow@noreply.github.com Cc: Matt Totty Matt.Totty@optiv.com; Author author@noreply.github.com Subject: Re: [darrenjrobinson/powershell_module_identitynow] Get-IdentityNowTransform does not return list of transforms when back slashes are included in a transform (#11)
[External Email]
The update I just pushed will now return all transforms. You will still have issues with duplicate keys if you try and convert a transform that contains two keys with the same name (PowerShell doesn't respect case, so O and o are seen as duplicates).
To overcome that try this;
$xForms = Get-IdentityNowTransform
$idnObj = (New-Object -TypeName System.Web.Script.Serialization.JavaScriptSerializer -Property @{MaxJsonLength=67108864}).DeserializeObject($xForms)
$idnObj.items
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_darrenjrobinson_powershell-5Fmodule-5Fidentitynow_issues_11-3Femail-5Fsource-3Dnotifications-26email-5Ftoken-3DAL7CIMDK27O32PXNO6WL4S3RDWQNRA5CNFSM4KWX4BRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMJYJUI-23issuecomment-2D588481745&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=YqS4maZWprF1ocXwWuWGUxzRolJjYCG_4dvOQXwD8BE&s=bJ5v6rDXRHY52msiAE-VFphoZQZryQznnK94zxEASg4&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AL7CIMHM2TR2MUIALU3BTLDRDWQNRANCNFSM4KWX4BRA&d=DwMCaQ&c=UjmJbqZPMTat0o02F6csow&r=1HOrINlqeOBc1b3YlktFVWTHX8PAw0R1SYOgW_cuXFA&m=YqS4maZWprF1ocXwWuWGUxzRolJjYCG_4dvOQXwD8BE&s=NiGY4J2m0Z6Uju1anUnYgVtvoll8qtDpMFYZhXv_nKk&e=.
This cmdlet does not seem to return a list of transforms when you have a transform in the list that has a backslash(s) in it- ( a transform that uses velocity scripting with backslashes for example). The JSON object is being populated with escape characters everywhere which prevent the code from traversing the object for id.