and more in a single search tool across platforms. Read the announcement here. |
08/30/2022 01:02 PM
Hello, In our dev environment, when running the provisioning job to complete pending tasks to create new accounts and add entitlements, the following error displays in each task.
SAV - Error while creating account 6113- Template contains string which are not allowed \bnew\s+[a-zA-Z0-9_.]{1,}\s*\(
Has anyone seen this error or knows how to fix it, if you need more info let me know. Just looking for any information as we cant find anything in freshdesk.
Thank you
Solved! Go to Solution.
08/30/2022 02:19 PM - edited 08/30/2022 02:29 PM
It seems your json having new keyword.
As a part of stronger security framework for the application, you can no longer initialize objects, ie. using 'new' keyword to initialize a hashmap, list etc.
You would need to use the usual mapping format and use conditional logic via ternary operators or if-else.
09/09/2022 12:16 AM
Hi,
Is blocking the new keyword mentioned in release notes for any version? I haven't found any official mention of this change so far.
We have ran into this issue in one customer env that was upgraded to 5.5 SP 3.12.6. However, it turned out that the issue was caused by a missing line in Config.groovy file and once Saviynt fixed that then the new keyword was again available in provisioning connectors. It seems to be limited to the following cases though that are listed in Config.groovy:
allowedStringsInTemplates = [
"new Date(",
"new Size(",
"new Hashmap(",
"new Random(",
"new java.util.Date(",
"new java.text.SimpleDateFormat(",
"new com.fasterxml.jackson.databind.ObjectMapper(",
"new String(",
"new ArrayList(",
"new LinkedHashMap(",
"new Integer(",
"new groovy.json.JsonBuilder(",
"new org.json.JSONObject(",
"new org.joda.time.Interval(",
"new org.joda.time.DateTime(",
"new GroovyRuntimeException(",
"new StringBuilder(",
"new java.sql.Timestamp("
]
Another related issue is that since upgrading to 5.5 SP3.12 we have been unable to use any com.saviynt classes in provisioning configurations (such as com.saviynt.ecm.identitywarehouse.domain.Users). There hasn't been any mention about that in release notes either and we've raised a Freshdesk ticket about the issue, which is still pending for a resolution.
Best regards,
Sampo