My doubt is something like this, please help me.
I am taking request payload in Javascript to scan the attachment which comes with the payload for e.g:-
{ "sample":{ "name":"", "address":"", "otherDetails":"", "attachment":[ { "name": "sample1.txt", "content": "ahdhaGVjiad8odsfNCNJS=" }, { "name": "sample2.txt", "content": "ew0KCQkJCQkiZGF0YQl9DQoJCQkJfQ==" } ] } }
In Javascript i am taking request.content as below
var request = context.getVariable("request.content"); var payload = JSON.parse(requestPayload);
Now i am taking attachments from the payload
var attachments = payload.sample.attachment
This "attachments" variable will be used by the scanning function and malicious content will be dropped from the attachment and it will become null ("").
The output will look like :
[ { "name": "sample1.txt", "content": "" }, { "name": "sample2.txt", "content": "ew0KCQkJCQkiZGF0YQl9DQoJCQkJfQ==" } ]
Now what i observed is not only attachments has the scanned payload with malicious content dropped but payload is also changed and malicious attachment is dropped. I am not aware how is this happening. Can someone please explain?
Solved! Go to Solution.
Now what i observed is not only attachments has the scanned payload with malicious content dropped but payload is also changed and malicious attachment is dropped. I am not aware how is this happening.
I think you are saying, when you change the variable "attachments", you also observe a change in the value of the variable "payload" . Is that right?
This is expected behavior in JavaScript. It is not special to the behavior of JavaScript when running within an Apigee Edge JavaScript policy.
To understand this you need to be aware of the idea of pointers. Some people call them object references.
var payload = { field1 : 1, field2 : { name : "abc", content : "123" } }; var f2 = payload.field2;
At the completion of execution of that code snippet, f2 and payload.field2 "point to" the same thing. They are references to the same object, which holds:
{ name : "abc", content : "123" }
Modification to the value of f2.name will affect payload.field2.name This is because f2 points to the same thing as payload.field2.
f2.name = "xyz"; // will affect payload.field2
Modification to the value of f2 will not affect payload.field2 . This is because modification of f2 ...just causes f2 to point to something else. It assigns a new object reference to f2. The reference points to something other than the original object. payload.field2 continues to "point to" the original object.
f2 = "something else"; // does not affect payload.field2
This is a basic idea in JavaScript. Here is an article that explains in more detail: codeburst.
I assume your question is why payload data changed when attachment data is passed to another function right?
Here you are passing object (attachment) to another function. This is pass by reference. Hence, any changes done for object inside function will reflect to original object.
If you have chrome browser you can verify this in console
function scan(data) { data[0].content=""; } var payload = { "sample":{ "name":"", "address":"", "otherDetails":"", "attachment":[ { "name": "sample1.txt", "content": "ahdhaGVjiad8odsfNCNJS=" }, { "name": "sample2.txt", "content": "ew0KCQkJCQkiZGF0YQl9DQoJCQkJfQ==" } ] } }; //check - payload.sample.attachment[0].content var attachments = payload.sample.attachment; scan(attachments); //check - payload.sample.attachment[0].content
Now what i observed is not only attachments has the scanned payload with malicious content dropped but payload is also changed and malicious attachment is dropped. I am not aware how is this happening.
I think you are saying, when you change the variable "attachments", you also observe a change in the value of the variable "payload" . Is that right?
This is expected behavior in JavaScript. It is not special to the behavior of JavaScript when running within an Apigee Edge JavaScript policy.
To understand this you need to be aware of the idea of pointers. Some people call them object references.
var payload = { field1 : 1, field2 : { name : "abc", content : "123" } }; var f2 = payload.field2;
At the completion of execution of that code snippet, f2 and payload.field2 "point to" the same thing. They are references to the same object, which holds:
{ name : "abc", content : "123" }
Modification to the value of f2.name will affect payload.field2.name This is because f2 points to the same thing as payload.field2.
f2.name = "xyz"; // will affect payload.field2
Modification to the value of f2 will not affect payload.field2 . This is because modification of f2 ...just causes f2 to point to something else. It assigns a new object reference to f2. The reference points to something other than the original object. payload.field2 continues to "point to" the original object.
f2 = "something else"; // does not affect payload.field2
This is a basic idea in JavaScript. Here is an article that explains in more detail: codeburst.
Thanks @Dino-at-Google and @Sujnana Rai, for your reference