Uploaded image for project: 'ACE'
  1. ACE
  2. ACE-460

Provide a way to automate client access to an ACE server using a script

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • 2.0.1
    • Client Repository
    • None

    Description

      In our use case (automatic deployment of bundles and ACE configuration settings from Bndtools), we would benefit from a way to automate client access to an ACE server using a (Gogo) script.

      The attached patch provides a GogoServlet, intended to be used as part of an ACE client, that accepts Gogo scripts as input (in a "script" parameter) an executes them.

      Note that while the commands in the script are subject to normal ACE server authentication when they are executed, the ScriptServlet itself is NOT secured in any way as of yet. Client security will need to be addressed more broadly, as the RESTServlet has the same problem. While there does not seem to be an immediate risk to ACE servers and targets, it leaves longer running ACE clients vulnerable.

      Attachments

        1. ACE-460.patch
          10 kB
          Herko ter Horst

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. ACE-511 ScriptServlet does not apply security

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              marrs Marcel Offermans
              herko_ter_horst Herko ter Horst
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: