Home

SOAP and INET objects should not be used

  • Vulnerability
  • - Critical

Description

    This rule states that the SOAP and INET objects should not be used when writing PowerBuilder code. These objects are not supported by PowerBuilder 2022 and can cause instability and unexpected behavior. Instead, developers should use other supported objects such as the Web Service Proxy or the HTTP Client object. Using these objects will ensure that the code is stable and reliable.

Key Benefits

  • Security: SOAP and INET objects can be easily exploited, making them a security risk.
  • Performance: SOAP and INET objects can slow down the performance of an application.
  • Maintenance: SOAP and INET objects require frequent maintenance and updates.

 

Non-compliant Code Example 

global function string hyperlinktourl (integer id)

integer li_rc
inet iinet_base
veinet veiinet_base
iinet_base = CREATE inet
veiinet_base = CREATE veinet

SetPointer(HourGlass!)
li_rc = &iinet_base.HyperlinkToURL("https://www.visual-expert.com")
li_rc = veiinet_base.HyperlinkToURL("https://www.visual-expert.com")

DESTROY iinet_base


Return ""
end function
global function string getUrl (integer id)

integer li_rc
inet linet_main
internetresult luo_data  // as defined above
veinet veiinet
veinternetresult veluo_data

veiinet = CREATE veinet
linet_main = CREATE inet
luo_data = CREATE internetresult

SetPointer(HourGlass!)
li_rc = &
  linet_main.GetURL("https://www.visual-expert.com", luo_data)
li_rc = &
  linet_main.GetURL("https://www.visual-expert.com", veluo_data)

li_rc = veiinet.GetURL("https://www.visual-expert.com", luo_data)
li_rc = veiinet.GetURL("https://www.visual-expert.com", veluo_data)

SetPointer(Arrow!)
IF li_rc = 1 THEN
   MessageBox("Success!", string(luo_data))
ELSE
   MessageBox("Failure!", "Oops rc:" + string(li_rc))
END IF

DESTROY luo_data
DESTROY linet_main

Return "
end function
global function string postUrl (integer id)

Blob lblb_args
String ls_headers
String ls_url
Long ll_length
inet iinet
veinet veiinet
veinternetresult iir_msgbox
iinet = CREATE inet
veiinet = CREATE veinet

iir_msgbox = CREATE veinternetresult
ls_url = "https://www.visual-expert.com/"
ls_url += "EN/powerbuilder-code-pb/"
ls_url += "function-source-analysis-documentation-impact.html?"
lblb_args = blob("")
ll_length = Len(lblb_args)
ls_headers = "Content-Length: " &
   +String(ll_length) + "~n~n"
iinet.PostURL &
   (ls_url, lblb_args, ls_headers, 8080, iir_msgbox)

veiinet.PostURL &
   (ls_url, lblb_args, ls_headers, 8080, iir_msgbox)


Return ""
end function
global function string getproductbyid (integer id);

SoapConnection soapConnection 
ProductClientProxy productProxyObject
long rVal, lLog
string productName_string, str_endpoint

str_endpoint = "http://services.xmethods.net:80/soap"
soapConnection = create SoapConnection

lLog = soapConnection.SetOptions("SoapLog=~"C:\ProductProxySoapLog.log~"")

rVal = soapConnection.CreateInstance(productProxyObject, &
   "ProductClientProxy", str_endpoint)


try

   productName_string = productProxyObject.GetProductName(id)
   // Invoke service
   messagebox("Product Detail", "Product Name : " &
   +productName_string)

catch (SoapException e)
   messagebox("Error", "Cannot invoke Web service")
   Return ""
    // error handling   
end try
destroy soapConnection


Return productName_string
end function
global function string callINETHyperlinkToURL (integer id)
integer li_rc
SetPointer(HourGlass!)
li_rc = &
  HyperlinkToURL("https://www.visual-expert.com")

Return ""
end function
global function string callINETGET (integer id)
integer li_rc
internetresult luo_data  // as defined above
luo_data = CREATE internetresult

SetPointer(HourGlass!)
li_rc = &
  GetURL("https://www.visual-expert.com", luo_data)
SetPointer(Arrow!)
IF li_rc = 1 THEN
   MessageBox("Success!", string(luo_data))
ELSE
   MessageBox("Failure!", "Oops rc:" + string(li_rc))
END IF

DESTROY luo_data

Return ""
end function
global function string callINETPOST (integer id)

Blob lblb_args
String ls_headers
String ls_url
Long ll_length
veinternetresult iir_msgbox
iir_msgbox = CREATE veinternetresult
ls_url = "https://www.visual-expert.com/"
ls_url += "EN/powerbuilder-code-pb/"
ls_url += "function-source-analysis-documentation-impact.html?"
lblb_args = blob("")
ll_length = Len(lblb_args)
ls_headers = "Content-Length: " &
   +String(ll_length) + "~n~n"
PostURL &(ls_url, lblb_args, ls_headers, 8080, iir_msgbox)


Return ""
end function

Compliant Code Example

public function integer ve_postdata (string ve_data, long buffersize);integer   isPost
string   ve_data
integer ve_li_ret
httpclient ve_client
ve_li_ret = ve_client.postdata(ve_data,buffersize)
return 1
end function
public function integer ve_getdata_package (string ve_url, ref jsonpackage json_pkg);string ls_json
string ls_error
integer ve_li_ret, li_i
httpclient ve_client
ve_li_ret = ve_client.sendrequest("GET", ve_url)
if ve_li_ret < 0 then
	messagebox("Error","Failed")
else

    ve_li_ret = ve_client.getresponsebody(ls_json)

    if ve_li_ret > 0 then
         ls_error = json_pkg.loadstring(ls_json)

        if ls_error = '' then

        else
                messagebox(gs_msg_title, "Load Jpackage Failed")

        end if


    end if
end if

return 1
end function
Visual Expert 2025
 VEPBRULE1