diff --git a/CHANGES_NEXT_RELEASE b/CHANGES_NEXT_RELEASE index 9caed8bdf0..b7f170a829 100644 --- a/CHANGES_NEXT_RELEASE +++ b/CHANGES_NEXT_RELEASE @@ -6,6 +6,7 @@ * #1583: If a 'q' contains an ampersand, that ampersand needs to be forwarded as a semicolon * #1593: Modify the type of an entity in a Replace operation (only working in legacy mode) * #1612: Support for ISO8601 timezones expressed in +/- HH:mm in 'q' for entity query + * #1615: Crash in HTTPS notifications with a notification endpoint with empty URL PATH * SOF: https://stackoverflow.com/questions/77911109/fiware-to-payload-too-large * Fixed a possible crash for TRoE and attributes of type Vocab/Json/Language * Forbidden to DELETE the Core Context !!! (it can be reloaded) diff --git a/src/lib/orionld/notifications/httpsNotify.cpp b/src/lib/orionld/notifications/httpsNotify.cpp index 93236d0b6f..e303e31d5a 100644 --- a/src/lib/orionld/notifications/httpsNotify.cpp +++ b/src/lib/orionld/notifications/httpsNotify.cpp @@ -132,8 +132,8 @@ int httpsNotify(CachedSubscription* cSubP, struct iovec* ioVec, int ioVecLen, do char url[512]; // FIXME: DON'T Create the URL over and over - store it in the CachedSubscription char* rest = cSubP->rest; - if (rest[0] == '/') - rest = &rest[1]; + if (rest == NULL) rest = (char*) ""; // If NULL, point to empty string (so that the later snprintf works) + else if (rest[0] == '/') rest = &rest[1]; // if the first char ia a slash ('/'), step over it if (cSubP->port > 0) snprintf(url, sizeof(url), "%s://%s:%d/%s", cSubP->protocolString, cSubP->ip, cSubP->port, rest); diff --git a/test/functionalTest/cases/0000_ngsild/ngsild_issue_1615-empty-url-for-notification.test b/test/functionalTest/cases/0000_ngsild/ngsild_issue_1615-empty-url-for-notification.test new file mode 100644 index 0000000000..affd43be07 --- /dev/null +++ b/test/functionalTest/cases/0000_ngsild/ngsild_issue_1615-empty-url-for-notification.test @@ -0,0 +1,160 @@ +# Copyright 2024 FIWARE Foundation e.V. +# +# This file is part of Orion-LD Context Broker. +# +# Orion-LD Context Broker is free software: you can redistribute it and/or +# modify it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# Orion-LD Context Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero +# General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Orion-LD Context Broker. If not, see http://www.gnu.org/licenses/. +# +# For those usages not covered by this license please contact with +# orionld at fiware dot org + +# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh + +--NAME-- +Crash with HTTPS Subscription with empty PATH in URL for the notification - issue #1615 + +--SHELL-INIT-- +${SCRIPT_HOME}/httpsPrepare.sh --keyFileName /tmp/harnessTest.key --certFileName /tmp/harnessTest.pem +dbInit CB +dbInit CB x +orionldStart CB -mongocOnly -multiservice +accumulatorStart --pretty-print --https --key /tmp/harnessTest.key --cert /tmp/harnessTest.pem + +--SHELL-- + +# +# 01. Create an HTTPS subscription, according to issue #1516 +# 02. Create a matching entity urn:E1 of type WasteContainer +# 03. Update the attribute 'name' - provoke a notification (the broker crashes here according to the issue) +# +# As the accumulator is unable to treat empty URL PATH, we cannot query the accumulator. +# But, we can make sure the broker is still alive +# +# 04. Ping the broker to make sure it's still alive +# + +echo "01. Create an HTTPS subscription, according to issue #1516" +echo "==========================================================" +payload='{ + "description": "Notify me when name changes", + "type": "Subscription", + "entities": [{"type": "WasteContainer"}], + "watchedAttributes": ["name"], + "notification": { + "attributes": ["name"], + "format": "keyValues", + "endpoint": { + "uri": "https://127.0.0.1:'${LISTENER_PORT}'/" + } + }, + "@context": "https://raw.githubusercontent.com/smart-data-models/dataModel.WasteManagement/master/context.jsonld" +}' +orionCurl --url /ngsi-ld/v1/subscriptions --payload "$payload" -H "NGSILD-Tenant: X" --in jsonld +echo +echo + + +echo "02. Create a matching entity urn:E1 of type WasteContainer" +echo "==========================================================" +payload='{ + "id": "urn:E1", + "type": "WasteContainer", + "name": "abc" +}' +orionCurl --url /ngsi-ld/v1/entities --payload "$payload" -H "NGSILD-Tenant: X" -H 'Link: ' +echo +echo + + +echo "03. Update the attribute 'name' - provoke a notification (the broker crashes here according to the issue)" +echo "=========================================================================================================" +payload='{ + "type": "Property", + "value": "def" +}' +orionCurl --url /ngsi-ld/v1/entities/urn:E1/attrs/name --payload "$payload" -X PATCH -H "NGSILD-Tenant: X" -H 'Link: ' +echo +echo + + +echo "04. Ping the broker to make sure it's still alive" +echo "=================================================" +orionCurl --url /ngsi-ld/ex/v1/version +echo +echo + + +--REGEXPECT-- +01. Create an HTTPS subscription, according to issue #1516 +========================================================== +HTTP/1.1 201 Created +Content-Length: 0 +Date: REGEX(.*) +Location: /ngsi-ld/v1/subscriptions/urn:ngsi-ld:subscription:REGEX(.*) +NGSILD-Tenant: x + + + +02. Create a matching entity urn:E1 of type WasteContainer +========================================================== +HTTP/1.1 201 Created +Content-Length: 0 +Date: REGEX(.*) +Location: /ngsi-ld/v1/entities/urn:E1 +NGSILD-Tenant: x + + + +03. Update the attribute 'name' - provoke a notification (the broker crashes here according to the issue) +========================================================================================================= +HTTP/1.1 204 No Content +Date: REGEX(.*) + + + +04. Ping the broker to make sure it's still alive +================================================= +HTTP/1.1 200 OK +Content-Length: REGEX(.*) +Content-Type: application/json +Date: REGEX(.*) + +{ + "Core Context": "https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-contextREGEX(.*)", + "Next File Descriptor": REGEX(.*), + "Orion-LD version": "REGEX(.*)", + "based on orion": "REGEX(.*)", + "boost version": "REGEX(.*)", + "branch": "REGEX(.*)", + "bson version": "REGEX(.*)", + "cached subscriptions": 1, + "kalloc version": "REGEX(.*)", + "kbase version": "REGEX(.*)", + "khash version": "REGEX(.*)", + "kjson version": "REGEX(.*)", + "libcurl version": "REGEX(.*)", + "libuuid version": "UNKNOWN", + "microhttpd version": "REGEX(.*)", + "mongoc version": "REGEX(.*)", + "mongocpp version": "REGEX(.*)", + "mongodb server version": "REGEX(.*)", + "openssl version": "REGEX(.*)", + "rapidjson version": "REGEX(.*)" +} + + +--TEARDOWN-- +brokerStop CB +dbDrop CB +dbDrop CB x +accumulatorStop diff --git a/test/functionalTest/cases/0000_ngsild/ngsild_issue_1615.test b/test/functionalTest/cases/0000_ngsild/ngsild_issue_1615.test new file mode 100644 index 0000000000..542626eacd --- /dev/null +++ b/test/functionalTest/cases/0000_ngsild/ngsild_issue_1615.test @@ -0,0 +1,177 @@ +# Copyright 2024 FIWARE Foundation e.V. +# +# This file is part of Orion-LD Context Broker. +# +# Orion-LD Context Broker is free software: you can redistribute it and/or +# modify it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# Orion-LD Context Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero +# General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Orion-LD Context Broker. If not, see http://www.gnu.org/licenses/. +# +# For those usages not covered by this license please contact with +# orionld at fiware dot org + +# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh + +--NAME-- +Crash with HTTPS Subscription - issue #1615 + +--SHELL-INIT-- +${SCRIPT_HOME}/httpsPrepare.sh --keyFileName /tmp/harnessTest.key --certFileName /tmp/harnessTest.pem +dbInit CB +dbInit CB x +orionldStart CB -mongocOnly -multiservice +accumulatorStart --pretty-print --https --key /tmp/harnessTest.key --cert /tmp/harnessTest.pem + +--SHELL-- + +# +# 01. Create an HTTPS subscription, according to issue #1516 +# 02. Create a matching entity urn:E1 of type WasteContainer +# 03. Update the attribute 'name' - provoke a notification (the broker crashes here according to the issue) +# 04. Dump the accumulator, see two notifications +# + +echo "01. Create an HTTPS subscription, according to issue #1516" +echo "==========================================================" +payload='{ + "description": "Notify me when name changes", + "type": "Subscription", + "entities": [{"type": "WasteContainer"}], + "watchedAttributes": ["name"], + "notification": { + "attributes": ["name"], + "format": "keyValues", + "endpoint": { + "uri": "https://127.0.0.1:'${LISTENER_PORT}'/notify" + } + }, + "@context": "https://raw.githubusercontent.com/smart-data-models/dataModel.WasteManagement/master/context.jsonld" +}' +orionCurl --url /ngsi-ld/v1/subscriptions --payload "$payload" -H "NGSILD-Tenant: X" --in jsonld +echo +echo + + +echo "02. Create a matching entity urn:E1 of type WasteContainer" +echo "==========================================================" +payload='{ + "id": "urn:E1", + "type": "WasteContainer", + "name": "abc" +}' +orionCurl --url /ngsi-ld/v1/entities --payload "$payload" -H "NGSILD-Tenant: X" -H 'Link: ' +echo +echo + + +echo "03. Update the attribute 'name' - provoke a notification (the broker crashes here according to the issue)" +echo "=========================================================================================================" +payload='{ + "type": "Property", + "value": "def" +}' +orionCurl --url /ngsi-ld/v1/entities/urn:E1/attrs/name --payload "$payload" -X PATCH -H "NGSILD-Tenant: X" -H 'Link: ' +echo +echo + + +echo "04. Dump the accumulator, see two notifications" +echo "===============================================" +accumulatorDump IPV4 HTTPS +echo +echo + + +--REGEXPECT-- +01. Create an HTTPS subscription, according to issue #1516 +========================================================== +HTTP/1.1 201 Created +Content-Length: 0 +Date: REGEX(.*) +Location: /ngsi-ld/v1/subscriptions/urn:ngsi-ld:subscription:REGEX(.*) +NGSILD-Tenant: x + + + +02. Create a matching entity urn:E1 of type WasteContainer +========================================================== +HTTP/1.1 201 Created +Content-Length: 0 +Date: REGEX(.*) +Location: /ngsi-ld/v1/entities/urn:E1 +NGSILD-Tenant: x + + + +03. Update the attribute 'name' - provoke a notification (the broker crashes here according to the issue) +========================================================================================================= +HTTP/1.1 204 No Content +Date: REGEX(.*) + + + +04. Dump the accumulator, see two notifications +=============================================== +POST https://REGEX(.*)/notify +Content-Length: 275 +User-Agent: orionld/REGEX(.*) +Host: REGEX(.*) +Accept: application/json +Ngsild-Tenant: x +Content-Type: application/json +Link: ; rel="http://www.w3.org/ns/json-ld#context"; type="application/ld+json" +Ngsild-Attribute-Format: Simplified + +{ + "data": [ + { + "id": "urn:E1", + "name": "abc", + "type": "WasteContainer" + } + ], + "id": "urn:ngsi-ld:Notification:REGEX(.*)", + "notifiedAt": "202REGEX(.*)Z", + "subscriptionId": "urn:ngsi-ld:subscription:REGEX(.*)", + "type": "Notification" +} +======================================= +POST https://REGEX(.*)/notify +Content-Length: 275 +User-Agent: orionld/REGEX(.*) +Host: REGEX(.*) +Accept: application/json +Ngsild-Tenant: x +Content-Type: application/json +Link: ; rel="http://www.w3.org/ns/json-ld#context"; type="application/ld+json" +Ngsild-Attribute-Format: Simplified + +{ + "data": [ + { + "id": "urn:E1", + "name": "def", + "type": "WasteContainer" + } + ], + "id": "urn:ngsi-ld:Notification:REGEX(.*)", + "notifiedAt": "202REGEX(.*)Z", + "subscriptionId": "urn:ngsi-ld:subscription:REGEX(.*)", + "type": "Notification" +} +======================================= + + +--TEARDOWN-- +brokerStop CB +dbDrop CB +dbDrop CB x +accumulatorStop