Data Source REST Import not working because of File Extension Restriction

Go to solution
Sebastian R_
Kilo Sage

‎01-14-2021 02:00 AM

We are using a data source with Type REST (IntegrationHub) which retrieves the data via xml.

During our setup for the Instance Hardening (Instance Security Center) we modified the allowed extensions for attachments (glide.attachment.extensions).

Now the data source is not working anymore and the IH Step returns the following error:

find_real_file.png

Error encountered while creating Attachment. Error creating Attachment rest_action_response_body : Method failed: (/api/now/hub/temporaryattachment) with code: 400
Operation(Test Action Get.d61f2c951b10a0106da0bb31dd4bcbfc) failed with error: com.snc.process_flow.exception.OpException: Error encountered while creating Attachment. Error creating Attachment rest_action_response_body : Method failed: (/api/now/hub/temporaryattachment) with code: 400
at com.snc.process_flow.operation.AbstractHttpOperation.getOpExceptionWithMessage(AbstractHttpOperation.java:462)
at com.snc.process_flow.operation.AbstractHttpOperation.processResponseAttachment(AbstractHttpOperation.java:394)
at com.snc.process_flow.operation.HttpOperation.processResponse(HttpOperation.java:287)
at com.snc.process_flow.operation.AbstractHttpOperation.requestAndProcessResponse(AbstractHttpOperation.java:131)
at com.snc.process_flow.operation.AbstractHttpOperation.invoke(AbstractHttpOperation.java:111)
at com.snc.process_flow.operation.RetryableIntegrationOperation.run(RetryableIntegrationOperation.java:46)
at com.snc.process_flow.engine.Operation.execute(Operation.java:165)
at com.snc.process_flow.engine.ProcessEngine.executeOps(ProcessEngine.java:496)
at com.snc.process_flow.engine.ProcessEngine.run(ProcessEngine.java:412)
at com.snc.process_flow.engine.ProcessAutomation.run(ProcessAutomation.java:66)
at com.snc.process_flow.engine.MidProcessAutomation.messageFlow(MidProcessAutomation.java:55)
at com.service_now.mid.probe.IPaaSActionProbe.probe(IPaaSActionProbe.java:72)
at com.service_now.mid.probe.AProbe.process(AProbe.java:104)
at com.service_now.mid.queue_worker.AWorker.runWorker(AWorker.java:122)
at com.service_now.mid.queue_worker.AWorkerThread.run(AWorkerThread.java:20)
at com.service_now.mid.threadpool.ResourceUserQueue$RunnableProxy.run(ResourceUserQueue.java:647)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

The problem is obviously because the tempory file is called "rest_action_response_body" without an extension.

Has anyone faced the same problem and got a solutions for it? (Except clearing the property)

Labels:
Preview file
33 KB
0 Helpfuls
  • 2,523 Views
1 ACCEPTED SOLUTION

Go to solution
Robert Abordo
ServiceNow Employee
ServiceNow Employee

‎01-20-2021 03:59 PM

This problem has been fixed in KB0866858.

  1. If you are able to upgrade, review the Fixed In section (within KB0866858) to determine the latest version with a permanent fix your instance can be upgraded to.
  2. The workaround is to add a valid extension to the attachment_name from system property "glide.attachment.extensions", ie "rest_action_response_boy.json"
  3. Alternatively, set the system property "glide.attachment.extensions" to null/empty.

View solution in original post

13 REPLIES 13

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Sebastian R_

‎01-14-2021 05:46 AM

As a workaround you could secure attachment storing with an additional Business Rule on sys_attachment.

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Maik Skoddow

‎01-18-2021 04:25 AM

Hi Sebastian,

any news here? I am very interested to know if the tips I provided worked for you.

Kind regards
Maik

If my answer replied your question please mark appropriate response as correct so that the question will appear as resolved for other users who may have a similar question in the future.

0 Helpfuls

Go to solution
Sebastian R_
Kilo Sage
In response to Maik Skoddow

‎01-18-2021 05:06 AM

Hi Maik,

I will create a HI Case for our customer for it.

Your workaround would probably work but this would include changing the OOTB functionality. Nevertheless thanks for your help!

If I get a sufficient solution from HI, I will post it here.

Go to solution
Boyd
Giga Contributor

‎01-19-2021 02:09 PM

We are seeing the same issue. This could be a major issue as people use the REST API method to pull in data and then perform a transform map when they are trying to harden their site by restricting file extensions.

Go to solution
Robert Abordo
ServiceNow Employee
ServiceNow Employee

‎01-20-2021 03:59 PM

This problem has been fixed in KB0866858.

  1. If you are able to upgrade, review the Fixed In section (within KB0866858) to determine the latest version with a permanent fix your instance can be upgraded to.
  2. The workaround is to add a valid extension to the attachment_name from system property "glide.attachment.extensions", ie "rest_action_response_boy.json"
  3. Alternatively, set the system property "glide.attachment.extensions" to null/empty.