RS03464: INCORRECT BEHAVIOR OF THE ADDLIBRARY METHOD

Operational Decision Manager V8.10.2.0: Interim Fix 3
IBM Operational Decision Manager V8.10.3 Download Document
IBM Operational Decision Manager V8.10.3 Mod Pack
Operational Decision Manager for z/OS 8.10.3 Mod Pack
Operational Decision Manager V8.10.2.0: Interim Fix 14
IBM Operational Decision Manager V8.10.4 Mod Pack
Operational Decision Manager V8.9.2.2: Interim Fix 11 for Decision Server

APAR status

• Closed as program error.

Error description

• The addLibrary method of the RES' management REST API has an
  inappropriate and/or dangerous behaviour in the following cases:
  - the content of the library that is intended to be added is
  invalid (spaces, special characters, ...)
  - the content of the library that is intended to be added
  references the same element multiple times
  To check the behaviour, one can call the REST API in the RES
  console , and head to use the addLibrary method (defined as a
  POST method to the /libraries/{libraryname}/{libraryversion}
  enpoint).
  What needs to be corrected ?
  [1] passing an invalid uris list in the Request Body, such as '
  ' (only spaces) or '$$$$', or 'abc'.   -> the response has a
  body containing only 'null' and an exception is logged in the
  server log.
  => We should make a proper REST API error response.
  [2] passing a list of uris that contain duplicate entries (with
  or without same version) -> the library is never created and all
  existing referenced XOM resources are deleted from the RES (but
  it doesn't affect referenced libraries).   For example, if you
  put
  'resuri://myXom.jar/1.0,resuri://myXom.jar/2.0,resuri://otherXom
  .jar/1.0'. , it wil delete resource myXom.jar/1.0 if it exists
  and delete resource myXom.jar/2.0 if it exists and delete
  resource otherXom.jar/1.0 if it exists.
  Behaviour should change to:
  - we stop deleting any resources, we never delete anything when
  trying to create a library
  - in case we're having a duplicate :
    * if both are unversioned, we do as if there was only one, we
  create the library, and raise no error
    *  if both are versioned:
       -> if they have the same version, we do as if there was
  only one, we create the library, and raise no error
       -> if they don't have the same version, we do not create
  the library , and raise an error  (we cannot pick one up
  arbitrarily)
     * if one is versioned and not the other: we do not create the
  library , and raise an error  (we cannot pick one up arbitrarily
  - at some point in time, both can be equivalent, but it can
  change anytime)
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED:                                              *
  * Users using Rule Execution Server management REST API.       *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  * The addLibrary method of the RES' management REST API has an *
  * inappropriate and/or dangerous behaviour in the following    *
  * cases:                                                       *
  * - the content of the library that is intended to be added is *
  * invalid (spaces, special characters, ...)                    *
  * - the content of the library that is intended to be added    *
  * references the same element multiple times                   *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  

Problem conclusion

• The code is fixed.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  WDS FOR RULES

• Fixed component ID

  5725B6903

Applicable component levels

• R8A0 PSY

     UP