and more in a single search tool across platforms. Read the announcement here. |
08/02/2022 04:03 AM
Hello,
we are trying to use the "upload user" but when we set the User Pre-processor Config JSON like this:
{ "COMPUTEDCOLUMNS": [ "startdate" ], "PREPROCESSQUERIES": [ "UPDATE NEWUSERDATA SET startdate = CASE WHEN startdate is null THEN NOW() END" ] }
or like this
{"ADDITIONALTABLES":{"USERS":"SELECT USERKEY FROM USERS"},"COMPUTEDCOLUMNS":["customproperty2"],"PREPROCESSQUERIES":["UPDATE NEWUSERDATA SET CUSTOMPROPERTY2 = CONCAT(lastname,' ',firstname)"]}
it gives us the following error:
do you know what type of format it is expecting?
Regards,
PV
@
08/02/2022 01:16 PM
Hello @pivitale ,
Can you check your browser logs (assuming youre running a csv import) and see if you see anything in there ? Please share the sample files you are using and the do you see any specific errors in the logs ?
I'm suspecting this to be WAF related and you might have to route this through Saviynt Support but let us know if there in anything in the browser logs which might suggest it is.
08/03/2022 12:53 AM
the file is the following
but when we charge it without the query on the field "User Pre-processor Config JSON" it works correctly.
Which logs you are interesting on? Console? Network? we do not se anything relevant there.
PV
08/05/2022 04:07 AM
Any uppdate on this?
I think open an internal ticket would be the right way to solve this type of issue
08/05/2022 07:00 AM
Yes @pivitale, please open a suport ticket to resolve this. This doesnt seem like a config issue to me.
11/03/2022 04:27 AM - edited 11/03/2022 04:56 AM
Hi @pivitale,
Did you get any solution to this problem. We are hitting the same issue.
@rushikeshvartak Have you encountered something like this before?
Regards
Naveen
11/03/2022 05:04 AM
I see below error in log
Println :: SQLi-failure outer..failed due to pattern \\bUPDATE\\b((/\\*.+\\*/)|\\s+)*[A-Z0-9\\._]+((/\\*.+\\*/)|\\s+)*\\bSET\\b(.*) , controllerAction = USERS_UPLOADUSERSUBMIT , data = { \"ADDITIONALTABLES\": { \"USERS\": \"SELECT USERKEY,USERNAME,EMPLOYEEID FROM USERS\" }, \"COMPUTEDCOLUMNS\": [ \"USERNAME\",\"EMPLOYEEID\",\"FIRSTNAME\",\"LASTNAME\",\"EMAIL\",\"MANAGER\",\"JOBDESCRIPTION\",\"JOBCODE\",\"COMPANYNAME\",\"DEPARTMENTNAME\",\"STARTDATE\",\"PHONENUMBER\",\"CUSTOMPROPERTY10\",\"CUSTOMPROPERTY11\",\"CUSTOMPROPERTY12\",\"CUSTOMPROPERTY13\",\"CUSTOMPROPERTY14\",\"CUSTOMPROPERTY15\",\"CUSTOMPROPERTY16\",\"CUSTOMPROPERTY17\",\"CUSTOMPROPERTY18\",\"LOCATION\",\"STATUSKEY\",\"OWNER\",\"DISPLAYNAME\",\"PASSWORDEXPIRED\",\"SECONDARYMANAGER\" ], \"TABLEINDEXES\": { \"CURRENTUSERS\": [ \"EMPLOYEEID\" ] }, \"PREPROCESSQUERIES\": [ \"UPDATE NEWUSERDATA SET MANAGER=(SELECT USERKEY FROM CURRENTUSERS WHERE CURRENTUSERS.EMPLOYEEID =NEWUSERDATA.CUSTOMPROPERTY10)\" \u0009] }\n","stream":"stdout","time":"2022-11-03T11:59:03.204898397Z"}"
Println :: SQLi-failure --failed due to pattern \\bUPDATE\\b((/\\*.+\\*/)|\\s+)*[A-Z0-9\\._]+((/\\*.+\\*/)|\\s+)*\\bSET\\b(.*) , controllerAction = USERS_UPLOADUSERSUBMIT , data = { \"ADDITIONALTABLES\": { \"USERS\": \"SELECT USERKEY,USERNAME,EMPLOYEEID FROM USERS\" }, \"COMPUTEDCOLUMNS\": [ \"USERNAME\",\"EMPLOYEEID\",\"FIRSTNAME\",\"LASTNAME\",\"EMAIL\",\"MANAGER\",\"JOBDESCRIPTION\",\"JOBCODE\",\"COMPANYNAME\",\"DEPARTMENTNAME\",\"STARTDATE\",\"PHONENUMBER\",\"CUSTOMPROPERTY10\",\"CUSTOMPROPERTY11\",\"CUSTOMPROPERTY12\",\"CUSTOMPROPERTY13\",\"CUSTOMPROPERTY14\",\"CUSTOMPROPERTY15\",\"CUSTOMPROPERTY16\",\"CUSTOMPROPERTY17\",\"CUSTOMPROPERTY18\",\"LOCATION\",\"STATUSKEY\",\"OWNER\",\"DISPLAYNAME\",\"PASSWORDEXPIRED\",\"SECONDARYMANAGER\" ], \"TABLEINDEXES\": { \"CURRENTUSERS\": [ \"EMPLOYEEID\" ] }, \"PREPROCESSQUERIES\": [ \"UPDATE NEWUSERDATA SET MANAGER=(SELECT USERKEY FROM CURRENTUSERS WHERE CURRENTUSERS.EMPLOYEEID =NEWUSERDATA.CUSTOMPROPERTY10)\" \u0009] }\n","stream":"stdout","time":"2022-11-03T11:59:03.204959328Z"}"
11/03/2022 05:13 AM
Its sql but injection error you contact support team to remove same from respective gsp
11/03/2022 05:15 AM
Thanks @rushikeshvartak . I will raise ticket and update their reply here.