/ Development  

Unbelievable discovery; Debug parameter exposes sensitive JSON data

Hi there AppWorks fans,

Welcome to a new installment of AppWorks tips.

One thing I learn from pressure-cooking sessions is to watch closely what others do! Those are the precious moments where all the best tricks expose their secrets (most of the time undocumented things) and for this week one I didn’t know the existence, and it’s a small thingy; I leave the value of it with you…

Let get right into it…

Let’s say you have a great case management solution deployed into runtime. The solution has a ‘Case’ entity with all the default building blocks applied, including extra BBs like ‘Discussion’, ‘Assignee’, ‘Security’, ‘Tracking’, ‘Lifecycle’ etc. We’re not building it this time, but let’s assume you have it already published or deployed in your organization.

From this starting point, you can go into admin-time with a URL like this: http://192.168.56.107:8080/home/appworks_tips/app/admin

You will see your solution passing by (incl. the solutions from OpenText)!

Now, I tell you a little secret:

🛐 Add to this URL, this parameter: ?debug=true

With this parameter in place, select your solution and watch this:

debug_001

…It’s magic!

I just tried this debug-flag in design-time and runtime, but it’s not showing any more details from what I experienced. Comment me…

Well, that’s it…Have a look yourself; This is the export of my JSON file.

My notes on this file:

  • It’s not a file to read, but more a file to search.
  • Search for "type": and find stuff about dictionaries (for configs, props, rules, views, permissions, and layouts)…Interesting!
  • I see a ‘RuleManager’, but also relations AND my building blocks!
  • All pretty techie details based on IDs and references within the solution.
  • Having a specific problem can shine a light on a specific area of configuration parts.
  • A search for "displayName": can expose missing parts.
  • I see also "entries": elements which indicate I should also see instances passing. Mine are mostly empty, but that’s because I only published a solution and didn’t create any runtime instances. Try it yourself on your solution.
  • Finding your rule definitions: "ruleeventtype"
  • Solution gives nice results.
  • Same for "tableName":!
  • Removing all the ‘children’ elements leaves me with the below JSON part…
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{
    "changeDate": "2024-07-09T15:17:27Z",
    "changeId": "B5DF1ACE2A334F05AACFAAA7E036752C",
    "children": [...],
    "comment": {
        "entries": {
            "en-US": {
                "translatedString": "aw_tips prj_generic",
                "version": 1
            }
        },
        "required": false
    },
    "containerId": "080027F2140DA1EEBD705FD30269A121",
    "containerVersionId": "334bc67252da3db2b2b6ce2490f8cbe2",
    "definition": {
        "defaultLanguage": "en",
        "errorCount": 0,
        "hasErrors": false,
        "packageVersion": "1.0.0",
        "supportedLanguages": "en",
        "warningCount": 0
    },
    "displayName": {
        "entries": {
            "en-US": {
                "translatedString": "aw_tipsprj_generic",
                "version": 1
            }
        },
        "required": true
    },
    "id": "080027F2140DA1EEBD705FD30269A121",
    "name": "aw_tipsprj_generic",
    "parentId": null,
    "type": "Solution",
    "typeId": "12A260F2B9B34046AC6607C89EE951A2"
}

Learned something great again…”DONE”; Anyone else ready for a pressure-cooking session? I’ll be there…Watching your tricks and learning from each other about our beloved AppWorks platform. Back to you; Have a great weekend and I see you next week…cheers!

Don’t forget to subscribe to get updates on the activities happening on this site. Have you noticed the quiz where you find out if you are also “The AppWorks guy”?