Netshot icon indicating copy to clipboard operation
Netshot copied to clipboard

Published 20 hours ago verified publisher icon netfishers-onl

JSON output contains unescaped characters

Open CFLagerfeldt opened this issue 1 year ago • 3 comments

Version 0.19.3

API endpoint: /devices/{id}/complianceresults

If the comment returned from a device compliance check contains special characters (like double-quotes) these are copied into the API output directly (without being escaped), causing the JSON output to be invalid.

Example: [ { "id": 0, "ruleName": "string", "policyName": "string", "result": "CONFORMING", "comment": "string containing quotes "" causes invalid JSON", "checkDate": "2024-01-23T14:06:00.862Z", "expirationDate": "2024-01-23T14:06:00.862Z" } ]

CFLagerfeldt avatar Jan 23 '24 14:01 CFLagerfeldt

Not sure how are you getting this result, but I don't think Netshot API is returning this.

SCadilhac avatar Jan 23 '24 23:01 SCadilhac

The issue can be replicated with a simple Javascript compliance check:

function check(device) { return { result: CONFORMING, comment: "string containing quotes \"quote\" causes invalid JSON" }; }

CFLagerfeldt avatar Jan 24 '24 00:01 CFLagerfeldt 

% curl -s 'http://localhost:8081/api/devices/1/complianceresults' -H 'Cookie: JSESSIONID=8409947972935339579' | jq
[
  {
    "id": 8,
    "ruleName": "Escape",
    "policyName": "Policy 12",
    "result": "NONCONFORMING",
    "comment": "string containing quotes \"quote\" causes invalid JSON",
    "checkDate": 1708029824502,
    "expirationDate": null
  },
  ...
]

I cannot reproduce this issue. What command how are you using to request the API endpoint?

SCadilhac avatar Feb 15 '24 20:02 SCadilhac