webMethods OneData 10.11 | Managing Master Data with webMethods OneData | Administering webMethods OneData | Configuring Security | Protecting Against Cross-Site Scripting | Enforcing Data Validation | Enforcing Validation of Input Data
 
Enforcing Validation of Input Data
Use this procedure to customize the default Python script for data validation at the global and repository levels.
The validateParameter method in the Python script validates data coming into webMethods OneData through any point of entry, including the interface, import functions, HTTP channels, and REST-based service calls. This method only validates data requests that are not encrypted. You can define the pattern of characters to validate by using this method.
For detailed information on protection against cross-site scripting and enforcing of data validation, see Protecting Against Cross-Site Scripting and Enforcing Data Validation, respectively.
1. Navigate to the webMethods OneData installation directory Software AG_directory/profiles/ODE/bin/onedata/config.
2. Open the onedata.properties file in a text editor, and set the property onedata.service.XSSValidationEnabled to true in order to enable XSS validation at the repository level for all data imported or sent to through the webMethods OneData service layer.
For details of onedata.service.XSSValidationEnabled, see webMethods OneData Configuration Properties.
3. Navigate to the following directory at the global or repository level as required:
Software AG_directory /profiles/ODE/bin/onedata/config/security
4. Open the appropriate Python script file:
*Global script file. validate_input.py
*Repository script file. Repository Name_validate_input.py
5. Add the required data validations methods to the validateParameter method:
Example for restricting & and # characters in input data:
def validateParameter(value):
def hex(match):
text = match.group();
if text[:2] == "&#":
try:
text = unichr(int(getTextCode(text, 2)));
except:
pass;
return text;
obj=ValidationResponseObject();
invalidParameters = util.ArrayList();
for parametervalue in value:
formattedvalue = urllib.unquote(parametervalue);
formattedvalue = re.sub(hexpattern, hex, formattedvalue);
formattedvalue = ''.join(formattedvalue.split());
if len(formattedvalue) > 0:
patternObj = re.compile(pattern, re.IGNORECASE);
match = re.search(patternObj, formattedvalue);
if match:
invalidParameters.add(parametervalue);
obj.setInvalidParameterValues(invalidParameters);
return obj;

def getTextCode(text, idx):
if (text[len(text)-1]) == ';':
return text[idx:-1];
else:
return text[idx:];
6. Save and close the script file.
webMethods OneData immediately applies the data validation script.