Gateway won't start after upgrade to 9.4 (due to pre 9.4 tactical JavaScriptAssertion )

book

Article ID: 130000

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

After upgrade to Gateway 9.4 gateway does not start and customer see the following error 

1. The Error 

After upgrade to 9.4 they got this error on startup : 
When this customer upgraded from 9.2 to 9.4 when startup they get : 
2019-03-19T11:30:23.423+0700 INFO    1 com.l7tech.policy.wsp.PermissiveWspVisitor: Ignoring invalid property ScriptBase64 of class com.l7tech.external.assertions.js.JavaScriptAssertion
2019-03-19T11:30:23.425+0700 WARNING 1 com.l7tech.server.boot.GatewayMain: Error starting server : java.lang.NullPointerException
java.lang.NullPointerException
    at java.util.regex.Matcher.getTextLength(Matcher.java:1283)
    at java.util.regex.Matcher.reset(Matcher.java:309)
    at java.util.regex.Matcher.<init>(Matcher.java:229)
    at java.util.regex.Pattern.matcher(Pattern.java:1093)
    at com.l7tech.external.assertions.js.JavaScriptAssertion.getUsedVariablesFromScript(JavaScriptAssertion.java:88)
    at com.l7tech.external.assertions.js.JavaScriptAssertion.getVariablesUsed(JavaScriptAssertion.java:74)
    at com.l7tech.policy.variable.PolicyVariableUtils.getVariablesUsedNoThrow(Unknown Source)
    at com.l7tech.server.policy.PolicyCacheImpl.a(Unknown Source)
    at com.l7tech.server.policy.PolicyCacheImpl.a(Unknown Source) 
 

Cause

Pre 9.4 the javascript assertion stores the javascript as base64 encoded. eg : ScriptBase64  
For 9.4 the assertion stores the raw javascript (ie it is not base64 encoded) 
eg: 

2. The Cause 
I checked the formats for the JavaScript Asseriton ( for the draft one they got, and the one in 9.4) : 

Here is the formats : 
From Assertion :   from the .saar module we have : (this is the one in 9.2 - but for my testign I used 9.3) : 
 
 <?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
    <wsp:All wsp:Usage="Required">
        <L7p:JavaScript>
            <L7p:ScriptBase64 stringValue="dmFyIHg9IDE7CgovKiBURVNUTU9EICovCg=="/>
        </L7p:JavaScript>
    </wsp:All>
</wsp:Policy>
 
For the JavaScript asserion that comes with 9.4 we have : 
 
 <?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
    <wsp:All wsp:Usage="Required">
        <L7p:JavaScript>
            <L7p:ExecutionTimeout stringValue=""/>
            <L7p:Name stringValue=""/>
            <L7p:Script stringValueReference="inline"><![CDATA[var x = 1;
 
/* TESTMOD */]]></L7p:Script>
        </L7p:JavaScript>
    </wsp:All>
</wsp:Policy>
 
 
(the base64 one will use : stringValue or stringValueRefernece="inline" - depending on the size of the text, ans does the non-base64 one too ) 
 
The error that was in the 9.4 startup was clear that it did not understand property : ScriptBase64 
and I expect the null error would because it then did not have script file. 
 
For upgrade I am thinking that we may need to do either some direct manipulation of the policy xml, via db to get these references into loadable form - and then review them for correctness.

 

Environment

Upgrade to Gateway 9.4 
Where the preupgraded version of the Gateway (9.2 or 9.3) has the pre-9.4 Tactical JavaScript Assertion loaded.

Resolution

Problem is older JavaScriptAssertion tactical assertion is not compatable with how it stores its attributes with the assertion released in Gateway 9.4. We used the following to transfer the parameters. Here is first simple approach



3. The FIX (or a Fix :) : 
Here is first simple approach 

1) We change the attribute to 'Script' which is value for new JavaScript option: 
     note: so this change is done directly in the database 


     mysql 
     > use ssg; 
     > update policy set xml = replace(xml, 'ScriptBase64', 'Script') where xml like '%ScriptBase64%';

2) try start ssg process
    service ssg start

     (hopefully this works now and gets past that 'ScriptBase64' issue - it seemed to on my test case) 

3) In policy Manger edit the javascript policy assertions : 
     The data will appear as base64 encoded :

<Please see attached file for image>

User-added image
 
4) Use some decoded 
    cut-and-paste the b64 encoded data into some converter .

5) Paste back javascript code 

<Please see attached file for image>

User-added image
And do "OK" and Save.

This worked for my test case, so keen to see if works for yours as well.


 

Additional Information

1) We change the attribute to 'Script' which is value for new JavaScript option: mysql > use ssg; > update policy set xml = replace(xml, 'ScriptBase64', 'Script') where xml like '%ScriptBase64%';

2) try start ssg process service ssg start (hopefully this works now and gets past that 'ScriptBase64' issue - it seemed to on my test case)

3) In policy Manger edit the javascript policy assertions : The data will appear as base64 encoded :

4) Use some decoded cut-and-paste the b64 encoded data into some converter .

5) Paste back javascript code And do "OK" and Save.

Attachments

1558688442827000130000_sktwi1f5rjvs16flk.png get_app
1558688440087000130000_sktwi1f5rjvs16flj.png get_app