[OpenSIPS-Users] URL encoding for rest_client

Callum Guy callum.guy at x-on.co.uk
Mon Jul 1 10:42:11 EDT 2019 

Hi All,

My config integrates with an external routing API such that the call ID,
source and URI data (etc) are all provided to a service in URL parameters
via rest_get. The service returns some routing information such as revised
target URI and other options.

To improve this service and protect against injection attacks I wish to URL
encode the individual parameters in accordance with
https://www.ietf.org/rfc/rfc3986.txt

I'm sure this question will have been asked before but I can't find a
relevant discussion. The core OpenSIPs transformations
(i.e. {s.escape.user}) performs SIP specific replacements which is not
suitable. Specifically I'd like to see & and + being replaced.

My current approach will be to perform a series of specific replacements
using transformation {re.subst,reg_exp} however this seems overkill for
this purpose as multiple replacements will be required for each parameter.

So, before I get too far into this is anyone able to offer an alternative
approach? We have considered using JSON POST requests to circumvent the
issue however we'd like to keep the changes to the OpenSIPs side if
possible. I suppose it would be convenient to have an exported "encode()"
function in the rest_client module however this might be a longer term
option.

Many thanks,

Callum

-- 


 <https://www.generalpracticeawards.com/supplier-awards-voting>


*0333 
332 0000  |  www.x-on.co.uk <http://www.x-on.co.uk>  |   ** 
<https://www.linkedin.com/company/x-on>   <https://www.facebook.com/XonTel> 
  <https://twitter.com/xonuk> *


X-on
is a trading name of Storacall 
Technology Ltd a limited company registered in
England and Wales.


Registered Office : Avaland House, 110 London Road, Apsley, Hemel 
Hempstead,
Herts, HP3 9SD. Company Registration No. 2578478.

The 
information in this e-mail is confidential and for use by the addressee(s)

only. If you are not the intended recipient, please notify X-on immediately 
on +44(0)333 332 0000 and delete the
message from your computer. If you are 
not a named addressee you must not use,
disclose, disseminate, distribute, 
copy, print or reply to this email. Views
or opinions expressed by an 
individual
within this email may not necessarily
reflect the views of X-on 
or its associated companies. Although X-on routinely
screens for viruses, 
addressees should scan this email and any attachments
for
viruses. X-on 
makes no representation or warranty as to the absence of viruses
in this 
email or any attachments.










-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20190701/3ba3a887/attachment.html>

More information about the Users mailing list