Fix: Only return error info in invalid URI case
Collection schemas return some valuable parameter information values
on get query, even when the URI is invalid and 404/400 error code
is returned.
Fix for the same is provided by packing the json response at proper
places and returning only the required error info, for security reasons.
Tested:
Verified by redfish GET query for invalid uri cases.
Only error msg and info is returned.
Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>
Change-Id: Iae45da86c2d2adbc39d78f7c267d551d4e6525f2
diff --git a/redfish-core/lib/update_service.hpp b/redfish-core/lib/update_service.hpp
index 7220b43..93be08c 100644
--- a/redfish-core/lib/update_service.hpp
+++ b/redfish-core/lib/update_service.hpp
@@ -565,14 +565,6 @@
const std::vector<std::string> ¶ms) override
{
std::shared_ptr<AsyncResp> asyncResp = std::make_shared<AsyncResp>(res);
- res.jsonValue["@odata.type"] =
- "#SoftwareInventory.v1_1_0.SoftwareInventory";
- res.jsonValue["@odata.context"] =
- "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory";
- res.jsonValue["Name"] = "Software Inventory";
- res.jsonValue["Updateable"] = false;
- res.jsonValue["Status"]["Health"] = "OK";
- res.jsonValue["Status"]["HealthRollup"] = "OK";
if (params.size() != 1)
{
@@ -717,6 +709,14 @@
"/redfish/v1/UpdateService/FirmwareInventory/" + *swId);
return;
}
+ asyncResp->res.jsonValue["@odata.type"] =
+ "#SoftwareInventory.v1_1_0.SoftwareInventory";
+ asyncResp->res.jsonValue["@odata.context"] =
+ "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory";
+ asyncResp->res.jsonValue["Name"] = "Software Inventory";
+ asyncResp->res.jsonValue["Updateable"] = false;
+ asyncResp->res.jsonValue["Status"]["Health"] = "OK";
+ asyncResp->res.jsonValue["Status"]["HealthRollup"] = "OK";
},
"xyz.openbmc_project.ObjectMapper",
"/xyz/openbmc_project/object_mapper",