Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Keys of user supplied input objects should keep character casing
See original GitHub issueCommunity Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave “+1” or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
cdktf & Language Versions
Typescript 0.0.12
Affected Resource(s)
ApiGatewayMethodConfig.requestParameters
Debug Output
https://gist.github.com/exocom/611c59e13542b90fa378eccd5647b121
Expected Behavior
The prop name should not have been modified resulting in a plan with "method.request.header.x-api-key" = true
+ request_parameters = {
+ "method.request.header.x-api-key" = true
}
Actual Behavior
The prop name is lowercase with “.” & “-” replaced with “_”. IE it has been normalized. "method_request_header_x_api_key"
+ request_parameters = {
+ "method_request_header_x_api_key" = true
}
Steps to Reproduce
new ApiGatewayMethod(this, `${id}_agm`, {
...
requestParameters: {'method.request.header.x-api-key': true}
});
Important Factoids
Having dots/periods (.) in prop name works in plain .tf files. See example on official docs
request_parameters = {
"method.request.path.proxy" = true
}
References
Issue Analytics
- State:
- Created 3 years ago
- Reactions:9
- Comments:7 (5 by maintainers)
Top Results From Across the Web
SQL Injection Prevention - OWASP Cheat Sheet Series
Each DBMS supports one or more character escaping schemes specific to certain kinds of queries. If you then escape all user supplied input...
Read more >Creating object key names - Amazon Simple Storage Service
Object keys (object key names) uniquely identify Amazon S3 objects.
Read more >How to prevent SQL injection attacks - Positive Technologies
Always use character-escaping functions for user-supplied input provided by each database management system (DBMS ). This is done to make sure ...
Read more ><input>: The Input (Form Input) element - HTML
The HTML element is used to create interactive controls for web-based forms in order to accept data from the user; a wide variety...
Read more >CWE-20: Improper Input Validation (4.9) - MITRE
Caution must be used when referencing this CWE entry or mapping to it. ... a user-supplied value to allocate an array of objects...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@exocom FYI: You can workaround this with escape hatches for now.
This would look like this:
and synthesizes to this:
@skorfmann Nice workaround. I’m back on track thank you!