Fix: Only return error info in invalid URI case
Collection schemas return some valuable parameter information values
on get query, even when the URI is invalid and 404/400 error code
is returned.
Fix for the same is provided by packing the json response at proper
places and returning only the required error info, for security reasons.
Tested:
Verified by redfish GET query for invalid uri cases.
Only error msg and info is returned.
Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>
Change-Id: Iae45da86c2d2adbc39d78f7c267d551d4e6525f2
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 16c8731..f1a83a9 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -1173,14 +1173,6 @@
void doGet(crow::Response& res, const crow::Request& req,
const std::vector<std::string>& params) override
{
- res.jsonValue = {
- {"@odata.context",
- "/redfish/v1/$metadata#ManagerAccount.ManagerAccount"},
- {"@odata.type", "#ManagerAccount.v1_0_3.ManagerAccount"},
- {"Name", "User Account"},
- {"Description", "User Account"},
- {"Password", nullptr},
- {"RoleId", "Administrator"}};
auto asyncResp = std::make_shared<AsyncResp>(res);
@@ -1214,6 +1206,15 @@
accountName);
return;
}
+
+ asyncResp->res.jsonValue = {
+ {"@odata.context",
+ "/redfish/v1/$metadata#ManagerAccount.ManagerAccount"},
+ {"@odata.type", "#ManagerAccount.v1_0_3.ManagerAccount"},
+ {"Name", "User Account"},
+ {"Description", "User Account"},
+ {"Password", nullptr}};
+
for (const auto& interface : userIt->second)
{
if (interface.first ==
diff --git a/redfish-core/lib/update_service.hpp b/redfish-core/lib/update_service.hpp
index 7220b43..93be08c 100644
--- a/redfish-core/lib/update_service.hpp
+++ b/redfish-core/lib/update_service.hpp
@@ -565,14 +565,6 @@
const std::vector<std::string> ¶ms) override
{
std::shared_ptr<AsyncResp> asyncResp = std::make_shared<AsyncResp>(res);
- res.jsonValue["@odata.type"] =
- "#SoftwareInventory.v1_1_0.SoftwareInventory";
- res.jsonValue["@odata.context"] =
- "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory";
- res.jsonValue["Name"] = "Software Inventory";
- res.jsonValue["Updateable"] = false;
- res.jsonValue["Status"]["Health"] = "OK";
- res.jsonValue["Status"]["HealthRollup"] = "OK";
if (params.size() != 1)
{
@@ -717,6 +709,14 @@
"/redfish/v1/UpdateService/FirmwareInventory/" + *swId);
return;
}
+ asyncResp->res.jsonValue["@odata.type"] =
+ "#SoftwareInventory.v1_1_0.SoftwareInventory";
+ asyncResp->res.jsonValue["@odata.context"] =
+ "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory";
+ asyncResp->res.jsonValue["Name"] = "Software Inventory";
+ asyncResp->res.jsonValue["Updateable"] = false;
+ asyncResp->res.jsonValue["Status"]["Health"] = "OK";
+ asyncResp->res.jsonValue["Status"]["HealthRollup"] = "OK";
},
"xyz.openbmc_project.ObjectMapper",
"/xyz/openbmc_project/object_mapper",