I'm using the Check package to validate parameters passed to Meteor methods. And I'm using Audit argument checks to enforce this.
However, I've added another package, Meteor Tags and when I try to use methods from the Tags package, I get a server error "Exception while invoking method '/patterns/addTag' Error: Did not check() all arguments during call to '/patterns/addTag'".
I think I understand why this error happens - the method in the Tags package doesn't check its inputs, so Audit Argument Checks generates an error. But I can't find any way around this, apart from 1) don't enforce checking, or 2) hack the Tags package methods so they use check. Neither of these seems like a great option - checking server parameters is a good idea, and hacking a package is not very maintainable.
Does anybody know if there is any smart way to use 'Audit argument checks' with packages that provide new server methods? I have looked at the Check documents, and searched online, but I haven't found an answer.
I hope this question makes sense.
Using audit-argument-checks is like saying: "I want to be serious about the security of the methods in my app." It's global to all methods in your app's codebase, including the methods from your installed packages.
There is no way to specify which parts of the app get checked, as that would be the equivalent of saying: "I want to be serious about the security of the methods I've written, but I don't care about the security holes created by some pacakges" (which doesn't make a lot of sense).
Note to package authors
Check your method arguments. It's not hard, and it prevents this situation from happening. Frankly, a package without this basic security really shouldn't be installed in the first place.
What you should do
Unless you have a throwaway app, I wouldn't recommend removing audit-argument-checks. Instead I'd do the following (assuming the package really has something of value):
Open an issue on github and let the maintainer know what's up.
Fork the code, and add the required checks. Keep this version as a local package.
Submit a pull request for the changes.
If all goes well, your PR will be accepted and everyone can benefit from the change. In the worst case, you'll still have a local copy that you can use in your app.
Related
I'm trying to get my head around the workings of an xAPI package authored in Rise which has been supplied to me so I can build a test PoC app.
I can see the functions built into the index.html page, and that things like progress and quiz scores are genrated, but where do I find the end-point for a LRS within the package?
I have incorporated the package into a test app I built, but rather than generate and send statements myself I would like use what comes as part of the package.
If I import and play the package in SCORM Cloud, I get generated statements returned.
The only thing I can see is an entry in the tincan.js file, this.recordStores=[] other than that I'm unsure where to go next, any suggestions?
Generally this kind of package implements a set of guidelines that were released with the 0.9 version of the specification (at the time named the Tin Can API and then later changed to xAPI). Those guidelines provide for a packaging and launch mechanism which is what Rise has implemented. The launch mechanism indicates that the endpoint and authentication credentials will be passed on the query string to the launched content where it can retrieve them. The TinCanJS library used by Rise implements functionality to digest the query string and set up objects, those you find in this.recordStores to communicate with the xAPI LRS identified in the query string parameters.
You have two primary options,
Get the query string parameters directly from the launch URL and
process it yourself, potentially using the same global library objects
(TinCan.LRS) already available to get an LRS object that you can
then interact with as you see fit,
Leverage the object already created for you via the this.recordStores list that is already prepared by the package itself
There are pros/cons to both methods and they largely depend on your familiarity with JavaScript and how flexible you need/want to be.
I've recently updated my serverless project, and I've found that many things have changed in the last few updates.
https://serverless.com/
I don't fully understand whats the correct way to have multiple lambda functions and api gateway endpoints related to the same project. With the old serverless I have every lambda and endpoint as a completely seperate function, this worked pretty well for me.
I can't seem to do this anymore, if I try my second lambda function overrides my first, presumably because my "service name" for both is the same. My service name is the same because I want both rest endpoints in the same API in API Gateway. Since serverless creates the API name based on the service name.
So then I tried to add both functions to the same "Service". this worked for the most part, except that now I need to include my custom role statement for all my functions into the same role (because this one role is now being linked to all my functions). Effectively giving more permissions to each individual function than it should have. The other issue is that all my handler files for the different functions are being put into each functions deployment bundle.
So basically, I'm not sure what is the correct approach to have multiple functions that relate to the same project but are separate in functionality. It used to make sense, now doesn't.
If anybody can give me some pointers please
Thanks
I understand your frustration. I had the same feeling until I looked deeper into the new version and formed a better understanding. One thing to note though, is the new version is not completely finished yet. So if something is completely missing, you can file an issue and have it prioritized before 1.0 is out.
You are supposed to define multiple functions under the same service under the functions: section of serverless.yml. To package these functions individually (exclude code for other functions) you will have to set individually: true under package: section. You can then use include and exclude options at the root level and at the function level as well. There's an upcoming change that will let you use glob syntax in your include and exclude options (example **/*-fn.js). You can find more about packaging here https://www.serverless.com/framework/docs/providers/aws/guide/deploying.
Not sure how to use different roles for different functions under the same service.. How did you do it with 0.5?
I was trying to find a solution for individual iam roles per function as well. I couldn't find a way to do it, but while I was looking through the documentation I found the line: "Support for separate IAM Roles per function is coming soon." on this page, so at least we know they are working on it.
The "IAM Roles Per Function" plugin for Serverless allows you to do exactly what it says on the tin: specify roles for each function. You can still use the provider-level roles as well:
By default, function level iamRoleStatements override the provider level definition. It is also possible to inherit the provider level definition by specifying the option iamRoleStatementsInherit: true
EDIT: You can also apply a predefined AWS role at both the provider and function level.
I'm having an Issue with a blog extension in Magento CE 1.6.2.0.
I installed this extension: Neotheme_nBlog.
I created an entry in the administrator.
Then I went to http://www.example.com/index.php/blog/ to see the recently created entry.
What I saw was an error like this:
Fatal error: Call to a member function getName() on a non-object
in /home/example.com/public_html/app/design/frontend/default/caramel/template/magicat/left.phtml
I searched in google the terms: "template/magicat/left.phtml" getName and what I only found is sites having this issue, but no support at all.
Please note: I know what does that error mean in PHP ("unfortunately" I'm not new at that). What I don't understand is what's happening with such [NON/null] object and how to fix it without killing a dozen of kittens.
Question: What can I do to solve it? What is the nature of the error, regarding Magento?(again: not PHP).
Notes: The Magento site (http://magento.stackexchange.com) is somewhat poor and strict to bring support of such nature, so asking there is not an option.
Edit (as answer to comment, and to clarify):
Neotheme is still not responding the request.
Don't know what should I look on such file (instances are not initialized there, but only accessed).
I'm using the default theme (caramel), which has esthetical changes (does not have layout changes).
It's hard to say without seeing your system specifically, but on this
template/magicat/left.phtml
It looks like you've added a template named magicat/left.phtml to your system -- either via an extension or custom development. Somewhere in this file PHP's called getName on a non-object. There's a variety of reasons this could be happening, and without seeing the specific line of code PHP's complaining about in your system, it's hard to say. It'd also be helpful to know if magicat is part of the extension or something else.
The most common reason for this error in a template is code that relies on a block being there that's been removed by another extension (eitehr via layout XML or observer methods)
$this->getLayout()->getBlock('some_block')->getName();
The next most common is people using the registry to communicate between templates and views, but a registry key not being set
Mage::registry('some_item')->getName();
Without knowing the variable and context, it's doubtful anyone will be able to help you.
is there a way to get the prefix name of a managed package in apex?
I have a SOSL query but the app is in a developer org and in a managed package, if I have a way to get the package name, it would be great, because I don't have to hard code it.
Thanks.
The only way to do this, AFAIK, is to use the Metadata API. You can call describeMetadata() and then evaluate the organizationNamespace (String) value returned in describeMetadataResult.
From within Apex you could do a less elegant try/catch approach with dynamic SOQL/DML, at least to determine if something you suspect is there is actually there. Though this won't tell you what namespace prefix actually IS there like the Metadata API will.
Lacey is correct that you don't need the prefix, though name ambiguity can become a problem. So for example, if you have a custom object Expense__c and have installed an accounting package which includes ACCT__Expense__c, you definitely want to explicitly include the ACCT__ prefix if intending to access the managed package object as opposed to your own.
The UserInfo.isCurrentUserLicensed('nsPrefix') will throw a TypeException if the namespace passed in is not a valid namespace of an installed package (or managed package you're developing). I think this is the closest you're going to get without the metadata API.
I'm currently working on a Flex3/blazeDS/Spring/MySQL project.
In this, some users needs to download some import logs. Problem is that given the singleton concept around spring, if 2 users ask for a download at the same time, the servlet responsible for export file creation may cross content between the 2 asked files.
I'm not that much familiar with spring but from what i've been reading around it seems that the solution lies in saying that the servlet is in "Request" scope so there will be a new one created for each download request instead of having a singleton.
Does anyone have ever done something like this before? Every tutorials i've seen so far explains how to handle file download request but it never talks about the fact that 2 users asking for a download may have some issues...
Thanks for any leads on how to fix this.
Each user will receive his own thread, and you should not have any problems unless using member variables (which is a bad practice anyway). If not, I do not see any problem, but it would help if you can post your code.