tags = mycoll.find({"category": "movie"}).distinct("tags")
I have used above code in django and feel it's there is no issue with
But checkmarx throwing error
Help?
Related
I'm trying to send xAPI statements from an "Activity Provider" to the ADL LRS live demo. The goal is to implement this from my C# .NET application, but I was having trouble implementing it so I tried running a simple POST request from JMeter.
I do get a 200 response, but when I try to check whether the statement was successfully stored at https://lrs.adlnet.gov/me/statements, it's empty.
Am I completely misunderstanding how this structure is supposed to work? I'm going to install the ADL LRS eventually for testing purposes, but I wanted to get the actual request structure worked out first.
The path looks incorrect, the POST should be to {endpoint}/statements, so in your case it looks like it should be https://lrs.adlnet.gov/xAPI/statements. Additionally you should make sure you are setting the X-Experience-API-Version header. If this doesn't solve the issue, you should look at more than just the response status code, and see what the body contains (and add it to your question). The body for the type of request you are sending should return JSON, with an array with a single statement identifier in it. Additionally when you retrieve the statements the URL you use should match the one that you specify when you send, so /me/ is not correct.
If it is a basic C# .NET project you may be interested in https://github.com/RusticiSoftware/TinCan.NET. It is showing its age, but in general for a number of projects it will still work or would at least be a reasonable place to start.
So I'm using the Apex office print (AOP) plugin for printing the reports from Oracle Apex. After I created a process which prints the document by clicking the button, there is an error:
"Error: SyntaxError: Unexpected token % in JSON at position 0".
Does anybody know what is the problem?
It's usually a hint that some JSON is malformed
You should consider the information presented by the AOP team on this particular error, and compare that with your situation.
https://www.apexofficeprint.com/docs/index.html#1012-syntaxerror-unexpected-token-p-in-json-at-position-0
If you are using APEX 5.1 or above, the Dynamic Action plug-in will always work, whereas the Process plug-in might give this JSON error.
The AOP process in the Processing part will only work if the “Reload on Submit” attribute (of the page) is set to “Always”. Since APEX 5.1 and above that attribute is set to “Only for Success” and then the process plug-in is not working.
Alternative you can put the AOP Process to be After Header, and make it conditional than it will work regardless of the setting of "Reload on Submit".
We recommend using the AOP dynamic action.
We are creating a API automation suite and we need to write/test sql injection testcase.
I have use SQLMAP for same to test my api for sql-injection.
Now I need to send some parameter in my test script to test these testcases.
I have tried syntax like:-
or 1=1
'1' ='1'
' OR ''='
What other I can try.
Do it work with JSON Payload POST request as well or should I tried this for GET request only.
please suggest a good approach so that I can accomplish my task correctly
You could start by using one of the several collections of SQL Injection and XSS payload strings hosted on GitHub. For example: SQL/XSS Injection Strings.
If you want a serious testing for vulnerabilities you should use a prooven penetration testing framework like Kali Linux or a SQL Injection tool.
The client side form validation rules in Semantic UI are nice, but we all know the client cannot be trusted, so naturally we need to validate on the server.
Anyone knows how to have server-side errors displayed like the "native" SUI validation errors. Users shouldn't see any difference regarding where validation is done.
So far I've combining the SUI form validation with the SUI "api" function. This is because the API function gives med onFailure callback from the server, where I can then parsing the server errors and add with "add errors" form command.
But it never worked perfectly.
With such a basic requirement, how would you create a form with both client- and server-side validation in SUI?
Kind of like in this post but without the Meteor, just plain HTML.
This SS question is also similar, but the responses are not quite there.
Update
First, client validation is run, and only if this succeeds, we call the server. This means we're in the onSuccess.
If there are server errors (validation MUST always be done on server, client can't be trusted), I think they can be parsed and added like this:
$form.form('add errors', formErrors).
(based on a discussion on semantic-ui forum on Gitter, March 9th 2016)
https://gitter.im/Semantic-Org/Semantic-UI
We have an MVC 5 site and currently we are using bundles for our css and java script which is all working just fine. The issue is that when doing so, it creates something like:
/bundles/stylesheet?v=_NMyDE-CcoALPkYZqbmiXkI3LfoWnS1GFeEZNVMaBT81
We also use a third party site to verify that our site is trusted and secure and the other day it flagged us for the fact that using the above with '+and+'b'<'a on the end returns a 200 response instead of a 500.
So i guess i have two questions, is this a security flaw in MVC's bundles that is susceptible to SQL injection and if so, is there a workaround or fix?
The v parameter sent in that web request is just used as a way to help the browser know when to request a new resource--commonly called "cache busting." The number that MVC puts in the bundle links will change any time the files used in the bundle are changed, but the server doesn't even pay any attention to the parameter at all when the actual request is made.
Because of this, the auditing software sees a pattern that indicates it can send "anything" to the server, and it never gets checked to see if it is valid. In some cases, this can be indicative that their sql injection "got through," but in this case it's a false positive.
The bundling framework doesn't touch SQL at all, so there's absolutely no way that this represents a SQL injection vulnerability.
For more information, see the "Bundle Caching" section of this article.