Skip to Content
Technical Articles

Exploring CPI’s filesystem’s content

While I was doing more in-depth research on how CPI works, I became curious about the content of its own filesystem. In this post, I’ll tell you a little about its content and how you can explore it yourself.

One of the peculiarities of CPI, is that it is very flexible when it comes to establishing an HTTP communication. In this way, it is possible to imitate a web server by modifying some headers and the body of an “exchange”. Ultimately, a web server mainly serves GETs and POSTs requests. Using this technique, and including a couple of lines of groovy script, you can create a file explorer emulator. Logically, due to access privileges, it is not possible to browse all directories. Still, it is possible to get very interesting information and files of CPI. A lot of low hanging fruits.

As a word of warning, check first that you are not breaking any rules and keep in mind that there could be risks involved. I cannot be held responsible for how you use the information offered in this post. Also, beware that the explorer I am presenting is basic, rustic and buggy. Feel free to improve it and share your snippets. 🙂

Creating the Iflow

Short way: you can download the example from this url.
Normal way: we need to create a very simple iflow, with two independent communication channels and running groovy scripts. One channel will be in charge of reviewing the contents of the directories and the other will be responsible for downloading the files.
In my own iflow I have used the following configurations:

Iflow

Channels

Script

import com.sap.gateway.ip.core.customdev.util.Message
import java.util.HashMap

def Message browse(Message message) {
    def mapHeaders = message.getHeaders()
    
    String mainDir = mapHeaders.get("CamelHttpPath") 
    String mainUrl = mapHeaders.get("CamelHttpUrl") 
    String mainSrv = mapHeaders.get("CamelServletContextPath")
    String srvUrl  = mainUrl.minus(mainDir)
    String urlDown = srvUrl.minus(mainSrv)+"/amba/cpifilesystemdownload"
    
    File dir = new File(mainDir)
    StringBuilder strBuilder = new StringBuilder()
    strBuilder << '<meta charset="UTF-8"></br>'
    if (dir.parent != null){strBuilder << "<a href='${srvUrl}${dir.parent}'>&#x1F4C1 ..</a></br>"}
    dir.eachDir {strBuilder << "<a href='${mainUrl}/${it.name}'>&#x1F4C1 ${it.name}</a></br>"}
    dir.eachFile {if (it.isFile()) {strBuilder << "<a href='${urlDown}/${mainDir}/${it.name}'>${it.name}</a></br>" }}
    message.setBody(strBuilder.toString())
    
    mapHeaders = ['content-type':'text/html']
    message.setHeaders(mapHeaders)
    return message
}

def Message download(Message message) {
    def mapHeaders = message.getHeaders()
    
    String filePath = mapHeaders.get("CamelHttpPath") 
    StringBuilder strBuilder = new StringBuilder()
    
    File file = new File(filePath);byte[] fileContent = file.bytes
    strBuilder << fileContent.encodeBase64().toString()    
    message.setBody(strBuilder.toString());
    
    mapHeaders = ['Content-Transfer-Encoding':'base64',
                  'Content-Disposition':'attachment; filename=${file.getName()}']
                  
                  
    return message
}

What directories can you explore?

It’s hard to give an answer, as I haven’t found a way to get available folders to explore. However, by analysing CPÎ’s environment variables, I have found the following directories with interesting information. Please, share your findings!

Folder Comments
/usr/sap/ljs/ CPI’s home?
/usr/lib/jvm SAP’s Java Virtual Machine
/usr/sap/ljs/configuration OSGI configuration area
/usr/sap/ljs/configuration/org.eclipse.osgi/bundles  Iflows Contents
/usr/sap/ljs/plugins CPI’s jar files
/tmp Standard Linux temporary folder
/proc       🤯 (not ‘real’ files) Process Information

 

How to use

Once you load the iflow, copy the endpoint that will give you the channel that scans the directories. Paste that address into your internet browser. At the end of the url, include the folder you want to explore. (Not all routes can be explored as already mentioned)

Example:

 

Please share your findings!

 

Ariel Bravo Ayala

 

10 Comments
You must be Logged on to comment or reply to a post.
  • That is pretty cool and useful. You can even find the error logs that way.

    Just a small modification to make it a little easier to navigate so you can get a table view and get size and last modified of the files.

    import java.text.SimpleDateFormat
    
    // and then this method. 
      SimpleDateFormat sdf= new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
        File dir = new File(mainDir)
        StringBuilder strBuilder = new StringBuilder()
        strBuilder << '<meta charset="UTF-8"></br><table>'
        if (dir.parent != null){strBuilder << "<tr><td><a href='${srvUrl}${dir.parent}'>&#x1F4C1 ..</a></br></td></tr>"}
        dir.eachDir {strBuilder << "<tr><td><a href='${mainUrl}/${it.name}'>&#x1F4C1 ${it.name}</a></td></tr>"}
        dir.eachFile {if (it.isFile()) {strBuilder << "<tr><td><a href='${urlDown}/${mainDir}/${it.name}'>${it.name}</a></td><td> ${it.length()}</td><td> ${sdf.format(new java.util.Date(it.lastModified()))}</td></tr>" }}
        message.setBody(strBuilder.toString())
    • You can find many things. Even some leftovers from the SAP developers :-S

      Have you find something useful for daily usage?

      Thanks for the snippet improvement!

       

      Ariel

  • I am getting the following error

     

    An internal server error occured: java.io.FileNotFoundException: /opt/karaf/*@ line 34 in script1.groovy.
    The MPL ID for the failed message is : AF4w4-UkDJKVIUIm7TF6QTNhMje4
    For more details please check tail log.
    
    
    
    i am accessing in browser https://<cpihost>/http/amba/cpifilesystem/*
    
    error in groovy at line  "dir.eachDir {strBuilder << "<a href='${mainUrl}/${it.name}'>&#x1F4C1 ${it.name}</a></br>"}"
    
    please let me know how to fix?