Uploaded image for project: 'OpenICF'
  1. OpenICF
  2. OPENICF-629

PS connector action=test doesn't validate syntax of scripts

    XMLWordPrintable

Details

    Description

      When you run _action=test on PS connector there's syntax error in the scripts then it shows you that everything is ok but when you do some request on script where is this syntax error it will thow an exception

      This action should validate PS script since it calls ValidateScript which run the PSParser.Tokenize and this method should validate the script.

      https://stash.forgerock.org/projects/OPENICF/repos/powershell-connector/browse/PowerShellConnector/MsPowerShellConnector.cs

      https://stash.forgerock.org/projects/OPENICF/repos/powershell-connector/browse/PowerShellConnector/MsPowerShellHost.cs

      http://stackoverflow.com/questions/10812843/is-there-a-way-of-validating-a-powershell-script?answertab=active#tab-top

      Step by step to reproduce

      • Prepare openidm with PS AD sample where you set "ReloadScriptOnExecution" : true
      • add some mistake into script, for example add "some mistake" to search.ps into part try/catch before line
        $searchBase = "OU=Basic,OU=Users,OU=test,DC=profiq,DC=local"  
      • run _action=test on ps connector
        curl  --header "X-OpenIDM-Username: openidm-admin"  --header "X-OpenIDM-Password: openidm-admin"  --header "Content-Type: application/json"  --request POST  "http://192.168.56.2:8080/openidm/system/adpowershell/?_action=test"
        
      • open .net server log where you can see that all scripts was parsed successfully
      • Run query on the PS connector to execute the search script where is the mistake.
        curl  --header "X-OpenIDM-Username: openidm-admin"  --header "X-OpenIDM-Password: openidm-admin"  --header "Content-Type: application/json"  --request GET  "http://192.168.56.2:8080/openidm/system/adpowershell/account?_queryFilter=true" 
        

      The expected result is when we run _action=test it throws an exception if there's some syntactical error or at least put some message to the logs saying that there's error in the scripts instead of writing that all scripts are good.

      If the scripts are not validated for syntactical errors, then it would be good to change the sentence about parsing the script

      from
      C://pyforge_deploy_server/tools/ADAuthenticate.ps1 script parsed successfully

      to
      C://pyforge_deploy_server/tools/ADAuthenticate.ps1 script loaded successfully

      because this gives an impression that the scripts are also validated.

      Attachments

        Activity

          People

            gael Gael Allioux
            vojtech.oczka Vojtěch Oczka [X] (Inactive)
            Vojtěch Oczka [X] Vojtěch Oczka [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: