I am considering the following architecture. A client connected to a server via websockets send a JSON package to the server. Inside of the JSON besides other data there is "action":"somefunction();". The server will then parse the JSON and if the action is not empty then it will eval and thus run that command.
The alternative to this would be to simply put a string "somefunction" in the action attribute and have a switch statement on the server to run the appropriate code.
Thoughts or other possibilities?
What you describe does not prevent a hostile client from sending arbitrary code to be executed. It is a security hole.
If you want to have client code trigger some functions on the server, then pass some data that your server will parse and check to make sure that only the appropriate code is executed. It could be a JSON structure like this that the client sends:
{
"name": "foo",
"arguments": ["a", "b", "c"]
}
When the server receives it and parses it with JSON.parse, it verifies that name is a valid value and invokes the corresponding function. The functions could be in a structure like this
var dispatch = {
foo: function (a, b, c) { },
bar: function (a) { }
// etc...
}
And once the JSON data is parsed and stored into a variable named data (for instance), the invocation could be:
dispatch[data.name].apply(undefined, data.arguments)
If needed return data could also be returned to the client as a JSON structure.
I tend to use window["function_name_as_string"](param1,param2); if I am calling a function by name with dynamic data.
Related
Firebase creates a name for the data i upload from matlab.
is there a way to cancel this name? or set it to something constant so the next time i upload ill overwrite it?
Example:
https://cdn1.imggmi.com/uploads/2019/3/24/0cb9e3c19155a8b338806121aed42ea2-full.jpg
(i want the data from matlab to be the same structure like the adc sample)
This is the code I use:
Firebase_Url = 'https://***.firebaseio.com/data_from_matlab.json/';
response = webwrite(Firebase_Url,'{ "first": "Jack", "last": "Sparrow" }')
It looks like Matlab's webwrite function sends a HTTP POST request, which Firebase's REST API translates to create a new node with a new unique ID.
It looks like you can pass RequestMethod: 'put' in the weboptions parameter to send a PUT request, which Firebase translation to a direct write at the location. So something like:
webwrite(Firebase_Url,'{ "first": "Jack", "last": "Sparrow" }',
weboptions("RequestMethod", "put"))
I actually was having a similar problem but I wanted to add multiple objects with different names and when I used RequestMethod: 'put' in weboptions Firebase deleted my old objects. I looked into the link given above I discovered that using RequestMethod: 'patch' I could add multiple objects under the same category without getting the randomly generated key.
I'm using React and fetch, and I'm trying to send a JSON string to a client's web service, they are expecting an object like this:
{
"id":"1",
"plan_id":"6",
"plan_start_date":"2017-08-02",
"months":"1",
"extra_hours":"4",
"attendees":"1",
"mails":"",
"shopping_cart_id":"0"
}
However, whenever I use JSON.stringify() to generate the JSON string, the result is something like this:
"{
"id":"1",
"plan_id":"6",
"plan_start_date":"2017-08-02",
"months":"1",
"extra_hours":"4",
"attendees":"1",
"mails":"",
"shopping_cart_id":"0"
}"
So when the request is sent, I get back an error stating that the object is not valid.
Is there a way to send the object like on the first example? I've tried manually building the object, but I can't get the key's names to stay in quotes.
EDIT: The code for the call is here:
addToCart(plan) { //Plan is the object with the previous example's structure
fetch("http:ClientWS", {
method: "POST",
body: JSON.stringify(plan) //Produces the "{}" issue
})
.then(response => response.json())
.then(json => {
//Read the response info, here it tells me that the value for 'id' is invalid
console.log(json.datos);
}).catch(function(ex) {
console.log(ex);
});
}
JSON.stringify() does not add extra quotes around the output. If you are seeing those extra quotes, I would say that it implies that the error is somewhere else.
That's because JSON.stringify takes your object and outputs a string variable by concatenating all the properties and values together and inserting some separators. And a string is displayed in quotes, again because it's a string. It's not an object any more. When you send it to the server, the server will see it as a single string value. The fact that the content of the string happens to look like JSON is not taken into consideration.
You do know that JSON and JavaScript objects are essentially the same thing? The stringified JSON that you can see is just a human-readable version of the object structure. It also turns out to be a convenient format in which to serialise objects (from all languages not just JS) for transmission in a HTTP request (or storage in a file or database, among other uses).
So actually when you send your object to the server, do just that - send the object. If you're doing it via ajax, the JS code you're using will generally serialise it for transmission on your behalf. You may have to set the correct content type header. That serialised object inside the HTTP request's body will end up looking a lot like the output of JSON.stringify (if you viewed it in your browser's network tab, for instance), except it won't actually be a string, and the server will interpret it correclty as an object containing multiple properties.
When I run db.collection.explain().find(), it gives the following error;
The last field in this json object has a double quote problem: `"totalChildMillis" : NumberLong(2)`.
When I parse this object, I got an exception saying that NumberLong(2) should be double quoted. Is there a way for MongoDB returns a standard JSON object?
{
"executionStages":{
"stage": "SINGLE_SHARD",
"nReturned": 10000,
"executionTimeMillis": 3,
"totalKeysExamined": 0,
"totalDocsExamined": 10000,
"totalChildMillis": NumberLong(2)
}
}
EDIT1
I am currently using Javascript NodeJS to create a sub-process of a mongo-shell. And send explain command to that process and listen on its output. Once I got the output, I need to parse it to a javascript object by JSON.parse() method. Based on this use case, what is the easier way for me to adapt mongo json extension to be a standard javascript object?
See the docs on MongoDB Extended JSON. Basically it comes down to the fact that MongoDB extends JSON to add additional datatypes that JSON does not support. In order to preserve that type information, various tools use either "strict" mode (which confirms to the JSON RFC) or "mongo shell" mode, which uses notations like NumberLong() and ISODate() to represent datatypes and is generally not parseable using a JSON parser.
Depending on what you're doing, you can use mongoexport which has an option to output in strict mode. But if you're trying to evaluate the explain plan of a query, I don't think that's going to work unless you insert the explain plan into a temp collection and then mongoexport it out.
Your best bet is to do whatever scripting you're trying to accomplish using a programming language (e.g. Java, Perl, Python, C#, etc.) and one of the corresponding MongoDB drivers. There you'll have much more flexibility and power with how you retrieve and parse data.
Since you mentioned in your edit that you're using Node.js, you can use the explain option to get the explain output directly from Node without having to spawn a sub-process.
Here's a very basic example:
var url = 'mongodb://localhost:27017/test';
var MongoClient = require('mongodb').MongoClient;
MongoClient.connect(url, function(err, db) {
assert.equal(null, err);
var collection = db.collection('test');
collection.find({}, {explain:true}).each(function(err, doc) {
if(doc != null)
console.dir(doc);
});
});
I created a post method to receive the geolocation data of customers:
Post method
When I call the post method with the JSON:
{"customer": 1, "latitude":-21.13179, "longitude":-47.736782 }
my PL/SQL Script works.
Now I'd like to send a group of records but I don't know how to do it.
I created a PUT method to receive a collections of geolocations and I constructed a script just to parse the parameter:
Put method
When I call the put method with the JSON:
{
"items":[
{
"customer":1,
"latitude":-21.13179,
"longitude":-47.736782
},
{
"customer":1,
"latitude":-21.13179,
"longitude":-47.736782
}
]
}
PL/SQL code:
declare
l_values apex_json.t_values;
begin
apex_json.parse (
p_values => l_values,
p_source => :items );
end;
I received the message:
400 - Bad Request - Expected a value but got: START_ARRAY.
What I'm doing of wrong?
I want to create a post/put method to receive a collection.
Thanks for your help.
There is an example in OracleBase that shows a way to use 'JSON_Table' in 12c and 'JSON_Obect_t' pl/sql in 12Cr2. The JSON data is passed as a blob to the stored proc which then parses and updates/whatever. I have not tested it yet but it looks like a good approach to deal with collections which apparently cannot be handled by ORDS "out of the box". I had experimented with using the bulkload approach to load a temp table but it was for csv only and a bit tedious. Here's Jeff Smiths blog post on that
I have not tested this yet, I rebuilt my approach to send each entry individually but eventually I'll need to use this. I'll update this answer when I do with examples.
I am facing the same issue and the reason would be what is posted in the below URL.
https://community.oracle.com/thread/2182167?start=0&tstart=0
"In APEX Listener 1.1 the PL/SQL Hander will automatically convert JSON properties to implicit parameters. Note this will only work for simple JSON objects, arrays or nested object are not supported."
Basically - one can't pass collections/arrays. I'm not sure if this has changed now or if there are any plans to change this in the roadmap.
I am running Lua on ESP8266 Wifi module with NodeMCU firmware. My application is listening on TCP port for JSON requests. When I get the request I parse it using:
jsonRequest = json.decode(request)
So then I can access desired value with:
jsonRequest.object.state
Everything works perfectly until I send an invalid JSON (without "object"). When that happens I get this error: Lua API (attempt to index a nil value) and my program stops with execution.
MY PROBLEM: I would like to check if my table contains that key before accessing, but I can't find a way to do it.
I could do it with pairs function and loop through all keys and check if there is the right one, but that would require lots of code because I have multiple nested objects in my JSON.
Any ideas?
To check if the table jsonRequest contains the key "object", use:
if jsonRequest.object ~= nil then
If the values stored in the table won't be the boolean value false, you can also use:
if jsonRequest.object then