diff options
author | Nan Zhou <nanzhoumails@gmail.com> | 2022-08-10 01:46:25 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2022-09-06 17:47:32 +0300 |
commit | 07ffa4e8ce8bdf6822df702872eade16d1bb5184 (patch) | |
tree | f4047cb375ef15fc56bf7cf8e5780b76789bba1b /redfish-core/include | |
parent | d8a5d5d8e07f6dec97ed0cbc84052656165f6172 (diff) | |
download | bmcweb-07ffa4e8ce8bdf6822df702872eade16d1bb5184.tar.xz |
query: make $select true by default
The most outstanding concerns for $select query have been resolved. We
added a set of restrictions: character set, property length, # of
properties, which makes this feature safe to use.
This commit takes $select out of the insecure flag, so every system can
start to use it. This decision has been made in Discord, available at
[1] https://discord.com/channels/775381525260664832/994314752102760559/1006650821569675355
Tested:
1. unit test passed
2. no new service validator failure on hardware
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I1f669cd35afcc1a65473a3ed665768e172a423bc
Diffstat (limited to 'redfish-core/include')
-rw-r--r-- | redfish-core/include/utils/query_param.hpp | 2 | ||||
-rw-r--r-- | redfish-core/include/utils/query_param_test.cpp | 14 |
2 files changed, 5 insertions, 11 deletions
diff --git a/redfish-core/include/utils/query_param.hpp b/redfish-core/include/utils/query_param.hpp index f51993ea90..45cb43bb48 100644 --- a/redfish-core/include/utils/query_param.hpp +++ b/redfish-core/include/utils/query_param.hpp @@ -431,7 +431,7 @@ inline std::optional<Query> return std::nullopt; } } - else if (key == "$select" && bmcwebInsecureEnableQueryParams) + else if (key == "$select") { if (!getSelectParam(value, ret)) { diff --git a/redfish-core/include/utils/query_param_test.cpp b/redfish-core/include/utils/query_param_test.cpp index 7358821ae2..965b6adf9c 100644 --- a/redfish-core/include/utils/query_param_test.cpp +++ b/redfish-core/include/utils/query_param_test.cpp @@ -358,16 +358,10 @@ TEST(RecursiveSelect, ReservedPropertiesAreSelected) ASSERT_TRUE(ret); crow::Response res; std::optional<Query> query = parseParameters(ret->params(), res); - if constexpr (bmcwebInsecureEnableQueryParams) - { - ASSERT_NE(query, std::nullopt); - recursiveSelect(root, query->selectTrie.root); - EXPECT_EQ(root, expected); - } - else - { - EXPECT_EQ(query, std::nullopt); - } + + ASSERT_NE(query, std::nullopt); + recursiveSelect(root, query->selectTrie.root); + EXPECT_EQ(root, expected); } TEST(QueryParams, ParseParametersOnly) |