query: make $select true by default
The most outstanding concerns for $select query have been resolved. We
added a set of restrictions: character set, property length, # of
properties, which makes this feature safe to use.
This commit takes $select out of the insecure flag, so every system can
start to use it. This decision has been made in Discord, available at
[1] https://discord.com/channels/775381525260664832/994314752102760559/1006650821569675355
Tested:
1. unit test passed
2. no new service validator failure on hardware
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I1f669cd35afcc1a65473a3ed665768e172a423bc
diff --git a/redfish-core/include/utils/query_param.hpp b/redfish-core/include/utils/query_param.hpp
index f51993e..45cb43b 100644
--- a/redfish-core/include/utils/query_param.hpp
+++ b/redfish-core/include/utils/query_param.hpp
@@ -431,7 +431,7 @@
return std::nullopt;
}
}
- else if (key == "$select" && bmcwebInsecureEnableQueryParams)
+ else if (key == "$select")
{
if (!getSelectParam(value, ret))
{
diff --git a/redfish-core/include/utils/query_param_test.cpp b/redfish-core/include/utils/query_param_test.cpp
index 7358821..965b6ad 100644
--- a/redfish-core/include/utils/query_param_test.cpp
+++ b/redfish-core/include/utils/query_param_test.cpp
@@ -358,16 +358,10 @@
ASSERT_TRUE(ret);
crow::Response res;
std::optional<Query> query = parseParameters(ret->params(), res);
- if constexpr (bmcwebInsecureEnableQueryParams)
- {
- ASSERT_NE(query, std::nullopt);
- recursiveSelect(root, query->selectTrie.root);
- EXPECT_EQ(root, expected);
- }
- else
- {
- EXPECT_EQ(query, std::nullopt);
- }
+
+ ASSERT_NE(query, std::nullopt);
+ recursiveSelect(root, query->selectTrie.root);
+ EXPECT_EQ(root, expected);
}
TEST(QueryParams, ParseParametersOnly)
diff --git a/redfish-core/lib/service_root.hpp b/redfish-core/lib/service_root.hpp
index 8d686c5..451c84c 100644
--- a/redfish-core/lib/service_root.hpp
+++ b/redfish-core/lib/service_root.hpp
@@ -95,7 +95,7 @@
bmcwebInsecureEnableQueryParams;
protocolFeatures["FilterQuery"] = false;
protocolFeatures["OnlyMemberQuery"] = true;
- protocolFeatures["SelectQuery"] = bmcwebInsecureEnableQueryParams;
+ protocolFeatures["SelectQuery"] = true;
protocolFeatures["DeepOperations"]["DeepPOST"] = false;
protocolFeatures["DeepOperations"]["DeepPATCH"] = false;
}
diff --git a/redfish-core/lib/ut/service_root_test.cpp b/redfish-core/lib/ut/service_root_test.cpp
index db8ba10..661f157 100644
--- a/redfish-core/lib/ut/service_root_test.cpp
+++ b/redfish-core/lib/ut/service_root_test.cpp
@@ -100,8 +100,7 @@
}
EXPECT_FALSE(json["ProtocolFeaturesSupported"]["FilterQuery"]);
EXPECT_TRUE(json["ProtocolFeaturesSupported"]["OnlyMemberQuery"]);
- EXPECT_EQ(json["ProtocolFeaturesSupported"]["SelectQuery"],
- bmcwebInsecureEnableQueryParams);
+ EXPECT_TRUE(json["ProtocolFeaturesSupported"]["SelectQuery"]);
EXPECT_FALSE(
json["ProtocolFeaturesSupported"]["DeepOperations"]["DeepPOST"]);
EXPECT_FALSE(