The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. Improper Input Validation.
![]() Summary
This library provides bindings D programming language for the SAP NetWeaver RFC SDK. It allows you to call SAP RFC's using D.
Prerequisite
You need to download and install the SAP NetWeaver RFC SDK for your OS from https://support.sap.com/en/temp/connectors/nwrfcsdk.html. This page contains the links to all relevant SAP notes and documentation.The SAP NetWeaver RFC SDK is copyrighted software and is only available through the official channels mentioned above. It is strongly recommended to download the provided Doxygen documentation, too.
Installation
If you use dub then you only need to add
sapnwrfc-d to the dependencies of your project in the dub.json or dub.sdl file:
dub.json :
dub.sdl :
Otherwise you have to compile all D files in the
source folder into a library named libsapnwrfc-d.a (Linux) or sapnwrfc-d.lib (Windows).You also need to link against the libraries provided by the SAP NetWeaver RFC SDK. (Currently, only libsapnwrfc.a /sapnwrfc.lib is required.)On Windows I recommend that you add the lib folder of the SAP NetWeaver RFC SDK to the LIB and PATH environment variable.
The library supports the SAP NetWeaver RFC SDK releases 7.20 and 7.50. To use the new functions and types of the 7.50 release please define theversion identifier
sapnwrfc_sdk_750 :
dub.json :
dub.sdl :
Examples
Examples are provided in the
examples folder.
Functionality
The functions of the SDK are imported with
import etc.c.sapnwrfc; . This is the C API as documented in the SDK.You get additonally functionality if you use import sapnwrfc; . Each function from the C API is available. All functions which have an ERROR_INFO parameter have an overloaded prototype without this argument. In case of an error these functions throw a SAPException .The use of module sapnwrfc should be preferred because of the much easier error handling.
Limitations
License
This project is distributed under the BSD 3-clause licence.
This library provides a wrapper around the sapnwrfc shared library providedin the SAP Netweaver RFC SDK using Ruby-FFI.
The NW RFC SDK allows you to call remote-enabled function modules on anABAP server (referred to as RFC, which stands for “Remote Function Call”).
To use this library, you must have the nwrfcsdk (libsapnwrfc.so /sapnwrfc.dll) library and related libraries somewhere in your path.
I am developing the library using the 7.20 patch level 2 version of the NWRFC SDK. I have used 7.11, but found for instance that it suffers from thebug described in note 1058327, where RfcGetStringLength() returns theincorrect length of the string if it is longer than 255 characters(supposed to have been fixed in 7.10 patch 2).
Issues
Ruby-FFI does not seem to be able to take string encoding intoconsideration, so for example, calling RfcGetVersion() is problematic,because the returned string pointer has (like all NW RFC SDK functions)UTF-16LE encoding, and FFI does not seem to be able to work with this. Sofar this is not too problematic, but let's see.
Obtaining the Netweaver RFC shared library
The Netweaver RFC SDK libraries are available from SAP. You cannot,unfortunately, obtain these as a public user; you need to have access via acustomer account to download them from SAP Service Marketplace (service.sap.com)
Alternatively, you can download and install one of the Netweaver TrialEditions from SDN (requires signup): www.sdn.sap.com/irj/scn/downloads
After installation, the files are available in /usr/sap/<sysid>/exe
Usage
Connecting to the SAP system:
Calling a function:
Setting and getting parameters and fields:
Installation
In order to install and run nwrfc, you need to install {github.com/ffi/ffi Ruby-FFI} whichrequires compilation. On Windows, you should be running the one-click {rubyinstaller.org/downloads/Ruby Installer} and install the {github.com/oneclick/rubyinstaller/wiki/Development-KitDevKit} which is really the easiest way to compile it on Windows.
Then install the nwrfc gem:
On Linux:
On Windows
Documentation
Documentation is installed locally when you install the gem, but you caninstall it with `rdoc` or `yard` or whatever if you have cloned therepository from GitHub.
Running the tests
The test are located in the tests/ directory. The file `login_params.yaml`contains parameters that you will need to customize to log on to your localsystem that you are testing with. The YAML file contains parameters formultiple systems, so if you want to switch to a different system, changethe following line in `test_nwrfc.rb`:
so that [“system2”] at the end points to whatever label you gave it in theYAML file, then
Release NotesAvailable in 0.0.9
Available in 0.0.8
What's new in 0.0.7
What's new in 0.0.6
What's new in 0.0.5
What's new in 0.0.4
What's new in 0.0.3
What's new in 0.0.2![]()
What's new in 0.0.1
What's new in 0.0.0
Contributing
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |