Skip to Content
Author's profile photo Eddy De Clercq

O Brother, Where Art Thou?

In my I am what I am web log I elaborated on a piece of code from the Honeypot Project that I demonstrated at Teched. In this web log we will go a bit further and look at another piece of essential code that assures the Honeypot server that the honeypot is valid and has not been tampered with.

         

This is done by sending the requested URL (back) to the server where it can be validated. Again, this looks easier than it actually is. First of all, we need to give the complete URL, which means with the host included. As described in the previous web log, no hard coding is allowed. But that isn’t the biggest issue. As you know, a BSP URL also has this infamous mangle. This cryptic part of the URL contains information about the user environment. See this excellent web log for additional info. on this matter.

         

The first thing that we need to tackle is the mangle. The most basic data that it should contain are the mandant and the language.

         

First we set the mandant

         

l_field-name = 'c'. 

         

l_field-value = sy-mandt. 

         

APPEND l_field TO l_fields. 

         

l_field has the type ihttpnvp, l_fields has the type tihttpnvp 

         

 

         

Then we need to set the language

         

l_field-name = 'l'. 

         

 

         

We determine the ISO value of the language. Again it can’t be hard coded since it can be determined by several factors. E.g. one can set the language in the BSP application via the node in SICF.

         

 

         

call function 'LANGUAGE_CODE_SAP_TO_ISO' 

         

EXPORTING sap_code = sy-langu 

         

IMPORTING iso_code = lang 

         

EXCEPTIONS others = 1. 

         

 

         

If, for some reason, we don’t find any ISO variant, we need to set it to a default.

         

if sy-subrc = 0. 

         

translate lang to lower case. 

         

l_field-value = lang. 

         

else. 

         

l_field-value = 'en'. 

         

endif. 

         

APPEND l_field TO l_fields. 

         

 

         

If you want to know what the mangle will look like you can encode the table l_fields

         

 

         

CALL METHOD cl_http_utility=>if_http_utility~fields_to_string 

         

EXPORTING 

         

fields = l_fields 

         

encode = 1 

         

RECEIVING 

         

string = encoded. 

         

 

         

Now, we need to create the URL, based on the application name and namespace …

         

 

         

CALL METHOD runtime->construct_bsp_url 

         

EXPORTING 

         

in_application = runtime->application_name 

         

in_application_ns = runtime->application_namespace 

         

IMPORTING 

         

out_local_url = url. 

         

 

         

and the BSP page name

         

concatenate url '/' runtime->page_name into url. 

         

 

         

The final uri is the above url combined with the mangle info.

         

uri = CL_BSP_UTILITY=>CREATE_REWRITE_URL( in_url = url in_uri_tab = l_fields ). 

         

 

         

All that remains to be done is to retrieve the server name…

         

sname = request->get_header_field( '~server_name' ). 

         

 

         

and the port

         

sport = request->get_header_field( '~server_port' ). 

         

 

         

 

         

Conclusion

         

As you can see, from both this and my previous web log, one can achieve similar things as that from within classic environments like PHP. Maybe a bit more code is needed in order to achieve the same results, but in the end we can conclude that BSP doesn’t have limitations when it comes to more system specific functionalities.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.