search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

Script Library Management REST API parses certain characters incorrectly #18731

Closed sanjulamadurapperuma closed 10 months ago

sanjulamadurapperuma commented 11 months ago

Describe the issue:

When converting the script content to a string, the Script Library Management REST API [1] POST and UPDATE requests remove double slash characters.

Due to this, it is not possible to add comments to the Javascript code, and any URLs specified are also broken as a result (i.e. //this is a comment -> /this is a comment & https://example.com -> https:/example.com).

Therefore, due to these syntax errors, it is not possible to utilize the function library that is added via the REST API.

The same behavior can be reproduced in both v6.1.0 and v5.11.0 with both JDK 8 and JDK 11 and the POST and UPDATE methods of the /script-libraries endpoint. When debugging further, it was observed that the conversion of the above-mentioned double slash to a single slash is caused by the IOUtils.toString method invocation present in [2] and [3].

How to reproduce:

Invoke the POST or UPDATE /script-libraries endpoint as mentioned in [1]. Navigate to the carbon management console > Function Libraries > List the libraries > Click "Edit" on the added function library and observe that double slashes have been converted to a single slash, causing syntax errors.

[1] - https://is.docs.wso2.com/en/latest/apis/script-library-rest-api [2] - https://github.com/wso2/identity-api-server/blob/v1.2.23/components/org.wso2.carbon.identity.api.server.script.library/org.wso2.carbon.identity.api.server.script.library.v1/src/main/java/org/wso2/carbon/identity/api/server/script/library/v1/core/ServerScriptLibrariesService.java#L154 [3] - https://github.com/wso2/identity-api-server/blob/v1.2.23/components/org.wso2.carbon.identity.api.server.script.library/org.wso2.carbon.identity.api.server.script.library.v1/src/main/java/org/wso2/carbon/identity/api/server/script/library/v1/core/ServerScriptLibrariesService.java#L196

Environment information (Please complete the following information; remove any unnecessary fields) :

AmshikaH commented 10 months ago

This issue is caused by storing the file content as the file pathname in [1] and [2], not due to the use of IOUtils.toString.

[1] - https://github.com/wso2/identity-api-server/blob/v1.2.23/components/org.wso2.carbon.identity.api.server.script.library/org.wso2.carbon.identity.api.server.script.library.v1/src/main/java/org/wso2/carbon/identity/api/server/script/library/v1/core/ServerScriptLibrariesService.java#L154 [2] - https://github.com/wso2/identity-api-server/blob/v1.2.23/components/org.wso2.carbon.identity.api.server.script.library/org.wso2.carbon.identity.api.server.script.library.v1/src/main/java/org/wso2/carbon/identity/api/server/script/library/v1/core/ServerScriptLibrariesService.java#L196