Merge pull request #113 from GridProtectionAlliance/DataHubUpdate

StephenCWills · web-flow · commit 995d65a1eee4 · 2025-04-04T12:33:05.000-04:00
Updated system to set initial value of 'EnableSecureOrderBy' to true
diff --git a/Source/Applications/openHistorian/openHistorian/App.config b/Source/Applications/openHistorian/openHistorian/App.config
@@ -63,6 +63,7 @@
       <add name="eDNAGrafanaControllerEnabled" value="true" description="Defines flag that determines if the eDNA Grafana controller is enabled." encrypted="false"/>
       <add name="eDNAMetaData" value="*.*" description="Comma separated search string for the eDNA metadata search command." encrypted="false"/>
       <add name="TrenDAPControllerEnabled" value="true" description="Defines flag that determines if the TrenDAP controller is enabled." encrypted="false"/>
+      <add name="EnableSecureOrderBy" value="True" description="Enables validated security in 'ORDER BY' expressions used by table operations." encrypted="false" />
     </systemSettings>
     <serviceHelper>
       <add name="MonitorServiceHealth" value="True" description="True if the service health is to be monitored; otherwise False." encrypted="false"/>
diff --git a/Source/Applications/openHistorian/openHistorian/AppDebug.config b/Source/Applications/openHistorian/openHistorian/AppDebug.config
@@ -63,6 +63,7 @@
       <add name="eDNAGrafanaControllerEnabled" value="true" description="Defines flag that determines if the eDNA Grafana controller is enabled." encrypted="false"/>
       <add name="eDNAMetaData" value="TP.CALC,TP.MAIN" description="Comma separated search string for the eDNA metadata search command." encrypted="false"/>
       <add name="TrenDAPControllerEnabled" value="true" description="Defines flag that determines if the TrenDAP controller is enabled." encrypted="false"/>
+      <add name="EnableSecureOrderBy" value="True" description="Enables validated security in 'ORDER BY' expressions used by table operations." encrypted="false" />
     </systemSettings>
     <serviceHelper>
       <add name="MonitorServiceHealth" value="True" description="True if the service health is to be monitored; otherwise False." encrypted="false"/>
diff --git a/Source/Applications/openHistorian/openHistorian/ServiceHost.cs b/Source/Applications/openHistorian/openHistorian/ServiceHost.cs
@@ -135,6 +135,10 @@ public ServiceHost()
                 
                 if (string.IsNullOrWhiteSpace(systemSettings["MinifyJavascriptExclusionExpression"].Value))
                     systemSettings["MinifyJavascriptExclusionExpression"].Value = DefaultMinifyJavascriptExclusionExpression;
+
+                // Ensure setting exists that will allow for secure order by expressions
+                systemSettings.Add("EnableSecureOrderBy", true, "Enables validated security in 'ORDER BY' expressions used by table operations.");
+                ConfigurationFile.Current.Save();
             }
             catch (Exception ex)
             {

Original file line number	Diff line number	Diff line change
`@@ -135,6 +135,10 @@ public ServiceHost()`
`135`	`135`
`136`	`136`	`if (string.IsNullOrWhiteSpace(systemSettings["MinifyJavascriptExclusionExpression"].Value))`
`137`	`137`	`systemSettings["MinifyJavascriptExclusionExpression"].Value = DefaultMinifyJavascriptExclusionExpression;`
	`138`	`+`
	`139`	`+ // Ensure setting exists that will allow for secure order by expressions`
	`140`	`+ systemSettings.Add("EnableSecureOrderBy", true, "Enables validated security in 'ORDER BY' expressions used by table operations.");`
	`141`	`+ ConfigurationFile.Current.Save();`
`138`	`142`	`}`
`139`	`143`	`catch (Exception ex)`
`140`	`144`	`{`