search

sghaskell / rest-storage-passwords-manager

Splunk app with Javascript CRUD interface to storage/passwords REST endpoint
8 stars 5 forks source link

Show password API Post fails if username contains backtick #10

Open atownson opened 4 weeks ago

atownson commented 4 weeks ago

Clicking the Show password link in the table results in a 400 response if the username contains a backtick (`) character, notably ``splunk_cred_sep``. Surrounding the search in quotes resolves this issue.

        var passwordSearch = new SearchManager({
            "id": "passwordSearch",
            "cancelOnUnload": true,
            "status_buckets": 0,
            "earliest_time": "-24h@h",
            "latest_time": "now",
            "sample_ratio": 1,
            "search": `| rest /servicesNS/-/-/storage/passwords splunk_server=local
                | search title="${row.realm}:${row.username}:"
                | table clear_password`,
            "app": utils.getCurrentApp(),
            "auto_cancel": 90,
            "preview": true,
            "tokenDependencies": {
            },
            "runWhenTimeIsUndefined": false
        }, {tokens: true, tokenNamespace: "submitted"});