Home
SOAP and INET objects should not be used
Rule description
- SOAP and INET PowerBuilder objects do not support use of TLS 1.2 and that makes it vulnerable to attacks
Non-compliant Code Example
global function string hyperlinktourl (integer id) integer li_rc inet iinet_base veinet veiinet_base iinet_base = CREATE inet veiinet_base = CREATE veinet SetPointer(HourGlass!) li_rc = &iinet_base.HyperlinkToURL("https://www.visual-expert.com") li_rc = veiinet_base.HyperlinkToURL("https://www.visual-expert.com") DESTROY iinet_base Return "" end function
global function string getUrl (integer id) integer li_rc inet linet_main internetresult luo_data // as defined above veinet veiinet veinternetresult veluo_data veiinet = CREATE veinet linet_main = CREATE inet luo_data = CREATE internetresult SetPointer(HourGlass!) li_rc = & linet_main.GetURL("https://www.visual-expert.com", luo_data) li_rc = & linet_main.GetURL("https://www.visual-expert.com", veluo_data) li_rc = veiinet.GetURL("https://www.visual-expert.com", luo_data) li_rc = veiinet.GetURL("https://www.visual-expert.com", veluo_data) SetPointer(Arrow!) IF li_rc = 1 THEN MessageBox("Success!", string(luo_data)) ELSE MessageBox("Failure!", "Oops rc:" + string(li_rc)) END IF DESTROY luo_data DESTROY linet_main Return " end function
global function string postUrl (integer id) Blob lblb_args String ls_headers String ls_url Long ll_length inet iinet veinet veiinet veinternetresult iir_msgbox iinet = CREATE inet veiinet = CREATE veinet iir_msgbox = CREATE veinternetresult ls_url = "https://www.visual-expert.com/" ls_url += "EN/powerbuilder-code-pb/" ls_url += "function-source-analysis-documentation-impact.html?" lblb_args = blob("") ll_length = Len(lblb_args) ls_headers = "Content-Length: " & +String(ll_length) + "~n~n" iinet.PostURL & (ls_url, lblb_args, ls_headers, 8080, iir_msgbox) veiinet.PostURL & (ls_url, lblb_args, ls_headers, 8080, iir_msgbox) Return "" end function
global function string getproductbyid (integer id); SoapConnection soapConnection ProductClientProxy productProxyObject long rVal, lLog string productName_string, str_endpoint str_endpoint = "http://services.xmethods.net:80/soap" soapConnection = create SoapConnection lLog = soapConnection.SetOptions("SoapLog=~"C:\ProductProxySoapLog.log~"") rVal = soapConnection.CreateInstance(productProxyObject, & "ProductClientProxy", str_endpoint) try productName_string = productProxyObject.GetProductName(id) // Invoke service messagebox("Product Detail", "Product Name : " & +productName_string) catch (SoapException e) messagebox("Error", "Cannot invoke Web service") Return "" // error handling end try destroy soapConnection Return productName_string end function
global function string callINETHyperlinkToURL (integer id) integer li_rc SetPointer(HourGlass!) li_rc = & HyperlinkToURL("https://www.visual-expert.com") Return "" end function
global function string callINETGET (integer id) integer li_rc internetresult luo_data // as defined above luo_data = CREATE internetresult SetPointer(HourGlass!) li_rc = & GetURL("https://www.visual-expert.com", luo_data) SetPointer(Arrow!) IF li_rc = 1 THEN MessageBox("Success!", string(luo_data)) ELSE MessageBox("Failure!", "Oops rc:" + string(li_rc)) END IF DESTROY luo_data Return "" end function
global function string callINETPOST (integer id) Blob lblb_args String ls_headers String ls_url Long ll_length veinternetresult iir_msgbox iir_msgbox = CREATE veinternetresult ls_url = "https://www.visual-expert.com/" ls_url += "EN/powerbuilder-code-pb/" ls_url += "function-source-analysis-documentation-impact.html?" lblb_args = blob("") ll_length = Len(lblb_args) ls_headers = "Content-Length: " & +String(ll_length) + "~n~n" PostURL &(ls_url, lblb_args, ls_headers, 8080, iir_msgbox) Return "" end function
Compliant Code Example
public function integer ve_postdata (string ve_data, long buffersize);integer isPost string ve_data integer ve_li_ret httpclient ve_client ve_li_ret = ve_client.postdata(ve_data,buffersize) return 1 end function
public function integer ve_getdata_package (string ve_url, ref jsonpackage json_pkg);string ls_json string ls_error integer ve_li_ret, li_i httpclient ve_client ve_li_ret = ve_client.sendrequest("GET", ve_url) if ve_li_ret < 0 then messagebox("Error","Failed") else ve_li_ret = ve_client.getresponsebody(ls_json) if ve_li_ret > 0 then ls_error = json_pkg.loadstring(ls_json) if ls_error = '' then else messagebox(gs_msg_title, "Load Jpackage Failed") end if end if end if return 1 end function