seismic-dms-service issueshttps://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues2024-02-29T12:14:56Zhttps://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues/129DATASET SELECT LS POST: while putting invalid characters in select it is givi...2024-02-29T12:14:56ZIsha KumariDATASET SELECT LS POST: while putting invalid characters in select it is giving response code 200. it should give 400 DATASET SELECT LS POST: while putting invalid characters in selectit is giving response code 200. it should give 400 DATASET SELECT LS POST: while putting invalid characters in selectit is giving response code 200. it should give 400https://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues/121[SAST] Client_Privacy_Violation in file queue.ts2023-11-13T15:53:55ZYauhen Shaliou [EPAM/GCP][SAST] Client_Privacy_Violation in file queue.ts**Description**
Method setup at line 42 of \\seismic-store-service\\app\\sdms\\src\\cloud\\shared\\queue.ts sends user information outside the application. This may constitute a Privacy Violation.
<table>
<tr>
<th> </th>
<th>Source</th...**Description**
Method setup at line 42 of \\seismic-store-service\\app\\sdms\\src\\cloud\\shared\\queue.ts sends user information outside the application. This may constitute a Privacy Violation.
<table>
<tr>
<th> </th>
<th>Source</th>
<th>Destination</th>
</tr>
<tr>
<th>File</th>
<td>seismic-store-service/app/sdms/src/cloud/shared/queue.ts</td>
<td>seismic-store-service/app/sdms/src/cloud/providers/azure/insights.ts</td>
</tr>
<tr>
<th>Line number</th>
<td>42</td>
<td>129</td>
</tr>
<tr>
<th>Object</th>
<td>password</td>
<td>log</td>
</tr>
<tr>
<th>Code line</th>
<td>redisOptions.password = cacheParams.KEY;</td>
<td>console.log(data);</td>
</tr>
</table>https://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues/120[SAST] SSL_Verification_Bypass in file cosmosdb.ts2023-11-13T15:22:49ZYauhen Shaliou [EPAM/GCP][SAST] SSL_Verification_Bypass in file cosmosdb.ts# **Location:**
<table>
<tr>
<th> </th>
<th>
</th>
<th>Destination</th>
</tr>
<tr>
<th>File</th>
<td>
</td>
<td>seismic-store-service/app/sdms/src/cloud/providers/azure/cosmosdb.ts</td>
</tr>
<tr>
<th>Line number</th>
<td>
</td>
<td>...# **Location:**
<table>
<tr>
<th> </th>
<th>
</th>
<th>Destination</th>
</tr>
<tr>
<th>File</th>
<td>
</td>
<td>seismic-store-service/app/sdms/src/cloud/providers/azure/cosmosdb.ts</td>
</tr>
<tr>
<th>Line number</th>
<td>
</td>
<td>67</td>
</tr>
<tr>
<th>Object</th>
<td>
</td>
<td>rejectUnauthorized</td>
</tr>
<tr>
<th>Code line</th>
<td>
</td>
<td>rejectUnauthorized: false</td>
</tr>
</table>
**Description**
\\seismic-store-service\\app\\sdms\\src\\cloud\\providers\\azure\\cosmosdb.ts relies HTTPS requests, in constructor. The rejectUnauthorized parameter, at line 67, effectively disables verification of the SSL certificate trust chain.
JavaScript Explicitly Disabling Certificate Verification var https = require('https'); var options = { hostname: 'domain.com', port: 443, path: '/', method: 'GET', rejectUnauthorized: false; }; options.agent = new https.Agent(options); var req = https.request(options, function(res) { res.on('data', function(d) { handleRequest(d); }); }); req.end();https://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues/102When deleting a subproject, blobs are deleted individually before the contain...2023-07-20T11:20:30ZMaggie SalakWhen deleting a subproject, blobs are deleted individually before the container is removedSteps to reproduce:
* Call the endpoint delete a subproject (DELETE /subproject/tenant/{tenantid}/subproject/{subprojectid})
* The blob container linked to the subproject should be deleted. In the current implementation all blobs inside...Steps to reproduce:
* Call the endpoint delete a subproject (DELETE /subproject/tenant/{tenantid}/subproject/{subprojectid})
* The blob container linked to the subproject should be deleted. In the current implementation all blobs inside the container are first deleted individually, before the container itself is removed. See the relevant [code section](https://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/blob/master/app/sdms/src/cloud/providers/azure/seistore.ts#L74).
Suggestions:
* Remove the blob deletion from the implementation and only delete the entire container.https://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues/101Long running query (in Azure) is not cancelled2023-08-07T14:27:49ZLaura DamianLong running query (in Azure) is not cancelledSteps to reproduce:
- try to retrieve datasets in a folder with more than 1M datasets
- cancel the request or wait for timeout in the typescript code
- check the "Total Request Units" in CosmosDB metrics. These do not decrease.
Sugge...Steps to reproduce:
- try to retrieve datasets in a folder with more than 1M datasets
- cancel the request or wait for timeout in the typescript code
- check the "Total Request Units" in CosmosDB metrics. These do not decrease.
Suggestions:
- Add an explicit timeout in the typescript code for the calls to the sidecar.
- Add a cancellation token in the sidecar's endpoints and propagate them to CosmosDBMax ZeierLaura DamianKonstantin GukovMax Zeierhttps://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues/90Fix deployment to allow access to in https://osdu-glab.msft-osdu-test.org/sei...2023-06-15T14:28:28ZSacha BrantsFix deployment to allow access to in https://osdu-glab.msft-osdu-test.org/seistore-svc/api/v4/swagger-ui.htmlhttps://community.opengroup.org/osdu/platform/domain-data-mgmt-services/seismic/seismic-dms-suite/seismic-store-service/-/issues/58For Tenant there is no endpoint that can be used to list all the available te...2023-03-24T19:22:43ZKamlesh TodaiFor Tenant there is no endpoint that can be used to list all the available tenantsThere should be a way to list all the tenants to which the user has access. At present, there is no way to do that. If one had created the tenant in the past and cannot remember the name, then there is no way to find that name.There should be a way to list all the tenants to which the user has access. At present, there is no way to do that. If one had created the tenant in the past and cannot remember the name, then there is no way to find that name.