IdHTTP.Get(url, ss) give 403 Forbidden - delphi-10-seattle

I'm using IdHTTP to execute php files on server. Worked fine for years. Suddenly getting 403 Forbidden errors with all my programs. Archived versions from year ago now fail also. Web host says they have changed nothing. To test, placed a simple php file that simply echoes a value on 3 separate host platforms (none SSL). Calls to all 3 fail with 403 error. If the url is placed in a browser address and called from there, call succeeds with expected value returned. Also tried running program connected via different ISPs. These failures just popped up in the last few days. Happens on many different computers.
Here is a very simple example that fails when sent to all 3 test servers
procedure TForm1.Button1Click(Sender: TObject);
var url: string;
H: TIdHttp;
SS: TStringStream;
begin
url := 'http://www.somesite.com/test.php';
H := TIdHttp.Create(nil);
SS := TStringStream.Create;
try
H.Get(url, SS);
Edit1.Text := SS.DataString;
finally
H.Free;
SS.Free;
end;
end;
Any help greatly appreciated.

Related

Postman Canary 8.0.0-canary01 not saving environment variables

Today I upgraded my Postman to the latest version, going from PostmanCanary 7.37.0-canary01 to 8.0.0-canary01.
I used to run a login request and save the returned access token to my environment variables with this script:
response = JSON.parse(responseBody);
access_token = response.access_token;
postman.setEnvironmentVariable("access_token",access_token);
to process this response :
{
"token_type": "Bearer",
"expires_in": "3599",
"ext_expires_in": "3599",
"expires_on": "1610147694",
"not_before": "1610143794",
"resource": "https://xxxxxxxxxxx.crm.dynamics.com/",
"access_token": "eyJ0eXAiOiJKV1QxxxxxxxxxxxxxxxI1NiIsIng1dCI6IjVPZjlQNUY5xxxxxxxxxxxxxxxxxxxxxx1EayIsxxxxZCI6IjxxxxxxxxxxxxNDd0NtxxxxxxxxxEREUS1Exxxx.xxxxxxxxxxxxxxxwczovL2RxxxxkZXZxxxxxxxxxxxxxxxxxxxxxcy5jb20vIiwiaXNxxxxxxxxxxxxxxxxzdHMud2luZG93cy5uZXQvNTBmOGZjYzxxxxxxxxxxxxxxxxxxxxxtMzZlZDU3YzdjOGEyLyIsImlhdCI6MTYxMDE0Mzc5NCwibmJmIjoxNjEwMTQzNzk0LCJleHAiOjE2MTAxNDc2OTQsImFpbyI6IkUySmdZQWc0bjN2L1o4VE5HT20zdnRQMStMZGFBZ0E9IiwiYXBwaWQiOiI4ZTc3ZDkzZi05MmY1LTRhMWYtOWY1OS1iZGY4ZGNkYTNkY2IiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC81MGY4ZmNjNC05NGQ4LTRmMDctODRlYi0zNmVkNTdjN2M4YTIvIiwib2lkIjoiYmJmZjA5OTQtZGQyNi00Nzg5LThlMjktMTc5OTIwOWI0ZDMxIiwicmgiOiIwLkFBQUF4UHo0VU5pVUIwLUU2emJ0VjhmSW9qX1pkNDcxa2g5S24xbTktTnphUGNzTkFCdy4iLCJzdWIiOiJiYmZmMDk5NC1kZDI2LTQ3ODktOGUyOS0xNzk5MjA5YjRkMzEiLCJ0aWQiOiI1MGY4ZmNjNC05NGQ4LTRmMDctODRlYi0zNmVkNTdjN2M4YTIiLCJ1dGkiOiJjZXJzaGlldGxFeU15Q1c2MVFWTUFBIiwidmVyIjoiMS4wIn0.EXV9P_DZIdVbTUK4PY6VcyrUmUx752ZA9MGr5BJ7xxxxxxxxxxxx-xxxxxxxxxX5wgidfGfoNklllZuoJVTi91jtnKP2T9Q-XFShpXhexDdCgOvMe9ZOOd0vOb11of1YPl37GKILtHikT3oPvKfUjBhOjZkFJo6F7pKeuxa3XiD_3WM1eCurVzuaG9iME94mFXb3HNTgUrWw9mPEqDwVzfxxxxx-xxxx-xxxxy0lw-2EcqpEYk7fqHUOTPUfAj2426zVV7ITfFPLdN08c4OND336sXpKjEFa5c7Buyk1dc24nawqJwCoKve1DaZAwPwljZKhGIIW4rd-1nitik2xWg"
}
Even if the environment variables did not exist prior to the call, this script would create them and set values. If I opened the environment variables, it would be listed.
After the upgrade, this no longer works. My subsequent requests kept failing because an old access_token was still there as it was not getting updated. I deleted the old access_token and confirmed that the access_token is now no longer being created.
I read about the resulting parsed JSON causing issues for other people because it is not text. I don't truly believe this to be the issue, mine is a single value, not a structure nor an array, but decided to play it safe and stringify it. Following the current documentation, I changed my script to :
response = JSON.parse(responseBody);
access_token = response.access_token;
console.log (access_token); // I can see the token in the console - parsing executed correctly
pm.environment.set("access_token",JSON.stringify(access_token)); // setting the environment variable
console.log(pm.environment.get("access_token")); // getting the exact same environment variable I have just set - I can see this on the console as well
console.log("WTF?!?!?"); // Self explanatory - added at the end to ensure all instructions in the script are read and executed - I see this every time as well
This does not work either (with or without stringify) and gives me the same results. Everything seems fine on the console, but when I look at my environment variables, access_token is not present although I can access it during the execution of the test script. Afterward, it is gone.
At this point I'm frustrated and at a loss - have anyone else seen similar behavior or am I missing something stupidly simple?
Hi Please use stable postman version :
https://www.postman.com/downloads/
Canary builds usually for beta testing , the issue seems to be there and i have raised a bug:https://github.com/postmanlabs/postman-app-support/issues/9412
Update The issue is fixed now : https://github.com/postmanlabs/postman-app-support/issues/9412

Server fails to launch in Google App Engine; OK in Localhost

I have a Flex App written in Go and React that is deployed to Google App engine. I would like it to interact with a MySql Database (2nd generation) on Google Cloud over a Unix socket. I believe the issue lies with the Go server not launching/responding to requests (see below for justification). The App is located at https://haveibeenexploited.appspot.com/
The project is simple. I have two routes in my Server:
server.go
package main
import (
"net/http"
"searchcontract"
)
func main() {
http.Handle("/", http.FileServer(http.Dir("./app/build")))
http.HandleFunc("/search", searchcontract.SearchContract)
http.ListenAndServe(":8080", nil)
}
The second route ("/search") is activated when a user hits the search button. Ideal behavior should return a row specifying the exploits available for the given "contract address" which React writes out to the screen.
searchcontract/searchcontract.go
//SearchContract is a handler that queries the DB for compromised contracts.
func SearchContract(w http.ResponseWriter, r *http.Request) {
var contractName contractID //Used for parsing in contractName
queryResult := getRow(&contractName.Name)
w.WriteHeader(200)
json.NewEncoder(w).Encode(queryResult)
}
//processRow queries the DB for a contract with ID value of name.
func getRow(contractName *string) *ContractVulnerabilityInfo {
var storage ContractVulnerabilityInfo //stores row to encode
//Login to database
...
scanErr := db.QueryRow("SELECT * FROM contracts WHERE ContractAddress=?;", &contractName).Scan(&storage.ContractAddress, &storage.IntegerOverflow, &storage.IntegerUnderflow, &storage.DOS, &storage.ExceptionState, &storage.ExternalCall, &storage.ExternalCallFixed, &storage.MultipleCalls, &storage.DelegateCall, &storage.PredictableEnv, &storage.TxOrigin, &storage.EtherWithdrawal, &storage.StateChange, &storage.UnprotectedSelfdestruct, &storage.UncheckedCall)
...
return &storage
}
My app.yaml file should allow me to deploy this flex app and does:
runtime: go1.12
env: flex
handlers:
- url: /.*
script: _server # my server.go file handles all endpoints
automatic_scaling:
max_num_instances: 1
resources:
cpu: 1
memory_gb: 0.5
disk_size_gb: 10
env_variables:
# user:password#unix(/cloudsql/INSTANCE_CONNECTION_NAME)/dbname
MYSQL_CONNECTION: root:root#unix(/cloudsql/haveibeenexploited:us-west1:hibe)/mythril
# https://cloud.google.com/sql/docs/mysql/connect-app-engine
beta_settings:
cloud_sql_instances: haveibeenexploited:us-west1:hibe
I am able to query the database successfully on localhost.Localhost correctly shows address
However, whenever I try to implement and push to AppEngine, when I query something that should be in the database, it does not show up in the remote App! App Engine does not show address in database. Furthermore, I get a status code of '0' returned, which indicates to me that the server function isn't even being called at all ('200' is what I expect if successful or some other error message.').
Summary
I can't wrap my head around this bug. What should work locally should work remotely. Also, I can't debug this app probably because Stackdriver does not support flex apps and the devserver Google Cloud provides does not support Go Apps.
I believe the primary issue is with Go not speaking to the React element correctly or the routing not being taken care of appropriately.
1) The problem does not lie with MySql connection/database access
- I changed my route to only be one page, turned off React, and included a hardcoded query. The result on localhost. The result on App Engine
2) There is an issue in either a) my routing or b) the interaction between React and Go.
3) Go seems to start correctly... at least when React is not started.
Any help is appreciated.
EDIT I believe that the go app indeed is still running, but the searchfunction is failing for whatever reason. The reason I believe this is because when I add another route for haveibeenexploited.com/hello, it works.

Do I need to free instance of TJSONArray

The answer is obviously yes, but I have this code that has been running for almost a month now 24/7 and everything is fine. Here is the code :
var
jsonArray : TJSONArray;
jsonValue : TJSONValue;
json : string;
begin
json := 'JSON_MASTER';
jsonArray := TJSONObject.ParseJSONValue(TEncoding.UTF8.GetBytes(json), 0) as TJSONArray;
for jsonValue in jsonArray do
begin
// do the thing 1
end;
json := 'JSON_DETAIL';
jsonArray := TJSONObject.ParseJSONValue(TEncoding.UTF8.GetBytes(json), 0) as TJSONArray;
for jsonValue in jsonArray do
begin
// do the thing 2
end;
end;
The application is a web service(SOAP). The function is executed around 2K per day. I am aware of the issue in the code but because the SOAP is not crushing I'm not fixing it yet. The task manager performance report shows fine. There is no sign of growing memory usage. Why is there no sign of memory leaks? Is there such thing as garbage collection in TJSONArray?
It depends on which platform you are running on.
If your app is running on a non-ARC platform, such as Windows or OSX, then YES, you need to manually free the TJSONArray when you are done using it, or else it will be leaked.
If your app is running on an ARC platform, such as iOS, Android, or Linux, then NO, you do not need to manually free the TJSONArray when you are done using it, as it will be freed automatically when all references to it have gone out of scope.

HTTP Communication failure - 500 Native SSL error

We are using Google API to compute mileage for our travel. Everything was working fine for over 1 year, however we started having the below said issue in the last couple of months.
Our program is able to connect to the API, the API returning with the error message http_communication_failure. The exact error is Application Server
Error 500 Native SSL error
Error is logged with Tag: {0001fee7}Thu Jun
21 09:36:49 2018
When I pasted the URL in the browser, it is returning the mileage information. However through the API call (receive data) in the program, we are getting this error message.
No program changes or Certificate changes have been done in the last 1 year. Our Basis team looked in to the possible issues with SSL. Everything seems to be OK from our end. I looked through your troubleshooting page, and tried all the suggested solutions. Nothing seem to fix our problem. Please let us know what else we need to look at.
CONCATENATE 'https://maps.googleapis.com/maps/api/distancematrix/xml?origins=' lv_dep '&destinations=' lv_arr '&units=imperial'
'&key=' lv_key
INTO lv_http_url.
CALL METHOD cl_http_client=>create_by_url
EXPORTING
url = lv_http_url
ssl_id = 'ANONYM'
IMPORTING
client = lo_http_client
EXCEPTIONS
argument_not_found = 1
plugin_not_active = 2
internal_error = 3
others = 4.
IF sy-subrc EQ 0.
lo_http_client->send( EXCEPTIONS http_communication_failure = 1
http_invalid_state = 2 ).
CALL METHOD lo_http_client->receive
EXCEPTIONS
http_communication_failure = 1
http_invalid_state = 2
http_processing_failed = 3
others = 4.
See if port 443 is create in Trns: smicm, if you can't see it, create it.
increase the trace in menu go to->trace level.
call Appi and see log.
if you see a error about SSL, export the certificate from your PC, I supose is "google trust service".
go trns: STRUST in SAP and inport the new certificate.

Problems while parsing a json file coming from google speech server

I am trying to implement google speech recognition api into my program. To do this I use the function below to parse json file sended from google server. However program sometimes works well sometimes not and gets access violation error
The code is below. Where is problem? is there anyway to check whether the json object is true format or not before parsing it?
function TGoogleSpeech.Convert(const stream: TStream): string;
var
ret: string;
js: TlkJSONobject;
begin
try
ret := FHttp.Post(FURL, stream);
js := TlkJSON.ParseText(ret) as TlkJSONobject;
try
Result := js.Field['hypotheses'].Child[0].Field['utterance'].Value;
finally
js.Free;
end;
except
Result := '';
end;
end;
I am using the uLKJSOn library.
guys I found the answer:
And it is really interesting,
when recognition is not good Googleserver sends this code as json
{"status":5,"id":"","hypotheses":[]}
it doesn't have utterance field and that cause problem.
Therefore I did this update and clean the unwanted part using the code below
ret :=ansireplacetext(ret,'{"status":5,"id":"","hypotheses":[]}','');
if (AnsiContainsText(ret,'utterance') and (length(ret)>1) then
and so on..