24.2.7

miklpotter · miklpotter · commit 7edb0e3e1841 · 2025-04-30T10:03:57.000+10:00
seperate AOP objects for easier maintenance
remove hard-coded workspaceID from install
sert_core.extension_xapi.grant_extension_workspace fails when installing with ADMIN
Uniqueness violation on new SERT exception on Breadcrumb Authz Inconsistency
update sert.properties to make more readable for installers
diff --git a/product/sert/apex/application/f2100/application/pages/page_00220.sql b/product/sert/apex/application/f2100/application/pages/page_00220.sql
@@ -1,4 +1,4 @@
--- file_checksum: 886DE5203FA70D5B3AAD5E623DF5BA2231A374DF136D6BF0DCBBDC26C43312A3
+-- file_checksum: A2B6E827E8FEB3E95C11828EA7DFCA3A8C1ED77920015203C9C037585E2C96E2
 -------------------------------------------------------------------------------
 -- Copyright (c) 2024,2025 Oracle and/or its affiliates.
 -- Licensed under the Universal Permissive License v 1.0 as shown
@@ -51,7 +51,7 @@ wwv_flow_imp_page.create_page_plug(
 ,p_plug_template=>wwv_flow_imp.id(468194028275671212)
 ,p_plug_display_sequence=>30
 ,p_location=>null
-,p_plug_source=>'Report is generating and will automictically download when completed.  Please check your inbox for the password.'
+,p_plug_source=>'Report is generating and will automatically download when completed.  Please check your inbox for the password.'
 ,p_ai_enabled=>false
 ,p_attributes=>wwv_flow_t_plugin_attributes(wwv_flow_t_varchar2(
   'expand_shortcuts', 'N',
diff --git a/product/sert/apex/application/f2100/application/pages/page_00240.sql b/product/sert/apex/application/f2100/application/pages/page_00240.sql
@@ -1,4 +1,4 @@
--- file_checksum: C46ADA36ACCD159CEE73D5E18A5BC9A7C0E26073B6FFC165A44970E0F156E0C7
+-- file_checksum: 0E8FBC4FD6D14EE5243B6FD11186E09B557A071BB3C2BA504B5242B4441AF44F
 -------------------------------------------------------------------------------
 -- Copyright (c) 2024,2025 Oracle and/or its affiliates.
 -- Licensed under the Universal Permissive License v 1.0 as shown
@@ -51,7 +51,7 @@ wwv_flow_imp_page.create_page_plug(
 ,p_plug_template=>wwv_flow_imp.id(468194028275671212)
 ,p_plug_display_sequence=>40
 ,p_location=>null
-,p_plug_source=>'Report is generating and will automictically download when completed.  Please check your inbox for the password.'
+,p_plug_source=>'Report is generating and will automatically download when completed.  Please check your inbox for the password.'
 ,p_ai_enabled=>false
 ,p_attributes=>wwv_flow_t_plugin_attributes(wwv_flow_t_varchar2(
   'expand_shortcuts', 'N',
diff --git a/product/sert/apex/application/f2100/application/pages/page_00302.sql b/product/sert/apex/application/f2100/application/pages/page_00302.sql
@@ -1,4 +1,4 @@
--- file_checksum: 692DD2C15E0498A1A9A07B297833468EB69203A696A204C2D698224FE105D0DC
+-- file_checksum: 8ED1F5363E240D08511892F5E47627F9FA259F9D209F5F140DDBEE6AB7347445
 -------------------------------------------------------------------------------
 -- Copyright (c) 2024,2025 Oracle and/or its affiliates.
 -- Licensed under the Universal Permissive License v 1.0 as shown
@@ -26,7 +26,7 @@ wwv_flow_imp_page.create_page(
 ,p_reload_on_submit=>'A'
 ,p_autocomplete_on_off=>'OFF'
 ,p_step_template=>wwv_flow_imp.id(468163289284671148)
-,p_page_template_options=>'#DEFAULT#:js-dialog-class-t-Drawer--pullOutEnd:js-dialog-class-t-Drawer--xl:t-PageBody--noContentPadding'
+,p_page_template_options=>'#DEFAULT#:js-dialog-class-t-Drawer--pullOutEnd:js-dialog-class-t-Drawer--md:t-PageBody--noContentPadding'
 ,p_required_role=>'MUST_NOT_BE_PUBLIC_USER'
 ,p_required_patch=>wwv_flow_imp.id(54926183278448596)
 ,p_protection_level=>'C'
diff --git a/product/sert/apex/application/f2100/application/shared_components/logic/build_options.sql b/product/sert/apex/application/f2100/application/shared_components/logic/build_options.sql
@@ -1,4 +1,4 @@
--- file_checksum: 2B4E7DB90347A9C978CF1BDFD7D1D4C6C9EA3902FF551FC9F04BF49AE9C6AA3B
+-- file_checksum: 6A492B0C3CA4612E995AB1A4A293288458F3031701707DED84091ADCEF9754A9
 -------------------------------------------------------------------------------
 -- Copyright (c) 2024,2025 Oracle and/or its affiliates.
 -- Licensed under the Universal Permissive License v 1.0 as shown
@@ -28,7 +28,7 @@ wwv_flow_imp_shared.create_build_option(
  p_id=>wwv_flow_imp.id(54925859627450308)
 ,p_build_option_name=>'AOP'
 ,p_build_option_status=>'INCLUDE'
-,p_version_scn=>44595640091786
+,p_version_scn=>44624300241151
 ,p_default_on_export=>'INCLUDE'
 ,p_on_upgrade_keep_status=>true
 );
diff --git a/product/sert/apex/application/f2100/install.sql b/product/sert/apex/application/f2100/install.sql
@@ -1,4 +1,4 @@
-prompt app_checksum: 86F1945335267E9F0D7E6DA88119A23CC54E913630F010C30AE63140F34FEB5B
+prompt app_checksum: 9DBE56965E8E6520BCF939EC4005C1BCC5F3216B8D997E31EC9EC8F6EA7C7643
 -------------------------------------------------------------------------------
 -- Copyright (c) 2024,2025 Oracle and/or its affiliates.
 -- Licensed under the Universal Permissive License v 1.0 as shown
diff --git a/product/sert/apex/workspace/add_workspace.sql b/product/sert/apex/workspace/add_workspace.sql
@@ -1,9 +1,9 @@
 --liquibase formatted sql
--------------------------------------------------------------------------------
--- Copyright (c) 2024 Oracle and/or its affiliates.
--- Licensed under the Universal Permissive License v 1.0 as shown
--- at https://oss.oracle.com/licenses/upl/
---------------------------------------------------------------------------------
+-------------------------------------------------------------------------------
+-- Copyright (c) 2024 Oracle and/or its affiliates.
+-- Licensed under the Universal Permissive License v 1.0 as shown
+-- at https://oss.oracle.com/licenses/upl/
+--------------------------------------------------------------------------------
 --changeset SERT:create-apex-workspace stripComments:false runOnChange:true endDelimiter:/
 --preconditions onFail:MARK_RAN onError:HALT
 --precondition-sql-check expectedResult:0 select count(*) from APEX_WORKSPACES where workspace = upper('${sert_apex_workspace}');
@@ -42,8 +42,9 @@ null;
   wwv_flow_api.set_security_group_id(10);
 
   -- Create the workspace
+  -- default workspace_id for development is 32049826282261068
   APEX_INSTANCE_ADMIN.ADD_WORKSPACE(
-      p_workspace_id        => 32049826282261068,
+      p_workspace_id        => to_number('${sert_apex_workspace_id}'),
       p_workspace           => l_workspace,
       p_primary_schema      => 'sert_pub'
       );
diff --git a/product/sert/post_install/2000_upgrade_sert_apex_version.sql b/product/sert/post_install/2000_upgrade_sert_apex_version.sql
diff --git a/product/sert/post_install/setup_builder_menu_entries.sql b/product/sert/post_install/setup_builder_menu_entries.sql
@@ -33,8 +33,35 @@ end;
 
 --changeset mipotter:post_install_setup_builder_extension_grants endDelimiter:/ runOnChange:true runAlways:true rollbackEndDelimiter:/
 -- this can be enabled AFTER workspace parameter ALLOW_HOSTING_EXTENSIONS is set ( no automated until patch 24.1.2)
-BEGIN
-  sert_core.extension_xapi.grant_extension_workspace ( p_to_workspace =>'${sert_apex_workspace}' );
+-- BEGIN
+--   sert_core.extension_xapi.grant_extension_workspace ( p_to_workspace =>'${sert_apex_workspace}' );
+-- end;
+declare
+    l_sql varchar2(4000);
+    l_to_workspace varchar2(255) := 'SERT';
+begin
+  -- verify the to_workspace exists
+  if (apex_util.find_security_group_id(l_to_workspace) is null ) then
+  raise NO_DATA_FOUND;
+  end if;
+
+  for rec in
+    (select workspace from apex_workspaces aw
+      where aw.workspace <> upper(l_to_workspace)
+      and   not exists ( select workspace_name from apex_workspace_schemas ws
+                          where ws.workspace_name = aw.workspace and schema = apex_application.g_flow_schema_owner)
+      minus
+      select grantor_workspace workspace
+      from apex_workspace_extension_grant
+      where grantee_workspace = upper(l_to_workspace )
+    )
+  loop
+    --
+    -- apex_instance_admin.grant_extension_workspace ( p_from_workspace => rec.workspace,
+    --   p_to_workspace => upper(p_to_workspace),p_read_access => true, p_menu_label => 'APEX SERT');
+    apex_instance_admin.grant_extension_workspace ( p_from_workspace => rec.workspace,
+    p_to_workspace => upper(l_to_workspace),p_read_access => true, p_menu_label => 'APEX SERT');
+  end loop;
 end;
 /
 --rollback not required
diff --git a/product/sert/sert_core/json_data/APEX-SERT Rules.json b/product/sert/sert_core/json_data/APEX-SERT Rules.json
@@ -222,8 +222,8 @@
     "ruleCriteriaTypeKey": null,
     "additionalWhere": null,
     "customQuery": "with b as\n(\nselect\n   application_id\n  ,page_id\n  ,button_name\n  ,region_id\n  ,redirect_url\n  ,REGEXP_SUBSTR(redirect_url, '[^:]+', 1, 2) as target_page_id\n  ,(select authorization_scheme\n    from apex_application_pages \n    where to_char(page_id) = REGEXP_SUBSTR(redirect_url, '[^:]+', 1, 2) \n    and REGEXP_LIKE(REGEXP_SUBSTR(redirect_url, '[^:]+', 1, 2), '^[[:digit:]]+$') \n    and application_id = #APP_ID#\n  ) target_authorization_scheme\n  ,(select authorization_scheme_id\n    from apex_application_pages \n    where to_char(page_id) = REGEXP_SUBSTR(redirect_url, '[^:]+', 1, 2) \n    and REGEXP_LIKE(REGEXP_SUBSTR(redirect_url, '[^:]+', 1, 2), '^[[:digit:]]+$') \n    and application_id = #APP_ID#\n  ) target_authorization_scheme_id\n  ,authorization_scheme\n  ,authorization_scheme_id\nfrom\n  apex_application_page_buttons\nwhere\n  redirect_url is not null\n  and application_id = #APP_ID#\n)\nselect\n   #EVAL_ID# as eval_id\n  ,#RULE_ID# as rule_id \n  ,b.application_id as application_id\n  ,b.page_id page_id \n  ,b.region_id as component_id \n  ,b.button_name as component_name\n  ,null as column_name \n  ,null as item_name\n  ,null as shared_comp_name\n  ,'Button: ' || nvl(authorization_scheme, 'None') || ' / Page: ' || nvl(target_authorization_scheme, 'None') as current_value\n  ,'AuthZ Schemes Match' as valid_values\n    ,case when NOT regexp_like(target_page_id, '^[[:digit:]]+$') then '{ \"reasons\":[ {\"reason\":\"target page is not a literal\"} ] ,\"result\":\"FAIL\" }'\n        when nvl(target_authorization_scheme_id,0) = nvl(authorization_scheme_id,0) then '{ \"reasons\":[ ] ,\"result\":\"PASS\" }' else '{ \"reasons\":[ ] ,\"result\":\"FAIL\" }' \n    end as result\nfrom b\nwhere 1=1\n  and application_id = #APP_ID#",
-    "info": "The execution of a **Page Process**  can be linked to the click of a specific _button_ on the same page. When the **Authorization Scheme** of the Process and the Button do not match it might be possible for the user to have access to the Button and not the Process or vice versa.\n\nAPEX-SERT flags Page Processes where the execution is tied to a Button, but where the Button's Authorization scheme doesn't match the Authorization Scheme for the Process.",
-    "fix": "Check the **Authorization Schemes** on both the driving **Button** and the **Page Process** for compatibility. Although they are not required to be the same, developers need to make sure that the Authorization Schemes are compatible and will provide the desired result.",
+    "info": "When a **Button** is used to redirect to a **Page** within an application, the **Authorization Scheme** needs to match on both occasions. When the Authorization Scheme of the Page and the Button do not match, it might be possible for the user to have access to the Button and not the Page or vice versa.\r\n\r\nAPEX-SERT flags when the Button's Authorization scheme doesn't match the Authorization Scheme for the target Page redirection.",
+    "fix": "Check the **Authorization Schemes** on both the driving **Button** and the target **Page** redirect for compatibility. Although they are not required to be the same, developers need to make sure that the Authorization Schemes are compatible and will provide the desired result.",
     "timeToFix": null,
     "ruleSeverityName": "Medium",
     "ruleSeverityKey": "MEDIUM",
diff --git a/product/sert/sert_core/package_body/is_reports_api.pkb.sql b/product/sert/sert_core/package_body/is_reports_api.pkb.sql
@@ -70,7 +70,6 @@ as
   end report_generate;
 
 
-
   ------------------------------------------------------------------------------
   function evaluation_summary_report_json (
     p_eval_id NUMBER,
@@ -104,7 +103,8 @@ as
                                                   'current_value'  value ers1.current_value,
                                                   'region_name'  value ers1.region_name,
                                                   'column_name'  value ers1.column_name                                                
-                                                 ) order by ers1.rule_name, ers1.page_id, ers1.result
+                                                  returning clob) 
+                                                  order by ers1.rule_name, ers1.page_id, ers1.result
                                         returning clob)
                                        from 
                                          sert_core.eval_results_pub_v ers1,
@@ -167,7 +167,8 @@ as
                                                   'current_value'  value ers1.current_value,
                                                   'region_name'  value ers1.region_name,
                                                   'column_name'  value ers1.column_name                                                
-                                                 ) order by ers1.page_id, ers1.result
+                                                  returning clob) 
+                                                  order by ers1.page_id, ers1.result
                                         returning clob) 
                                        from 
                                          sert_core.eval_results_pub_v ers1
@@ -237,7 +238,8 @@ as
                                                   'column_name'  value ers1.column_name,
                                                   'result' value ers1.result,
                                                   'current_value' value ers1.current_value
-                                                 )  order by ers1.page_id
+                                                  returning clob)  
+                                                  order by ers1.page_id
                                         returning clob
                                         )
                                        from 
@@ -299,7 +301,8 @@ end evaluation_exception_report_json;
                                       json_object('rule_id'   value rul1.rule_id,
                                                   'rule_name' value rul1.rule_name,
                                                   'rule_count' value count(*)
-                                                 ) order by rul1.rule_name
+                                                 returning clob) 
+                                                 order by rul1.rule_name
                                         returning clob)
                                        from 
                                          sert_core.rules rul1
@@ -322,7 +325,7 @@ end evaluation_exception_report_json;
     return l_json;
     
   end attributes_master_report_json;
-
+  
 
 end is_reports_api;
 /
diff --git a/product/sert/sert_core/seed_data/055_prefs_internal_merge.sql b/product/sert/sert_core/seed_data/055_prefs_internal_merge.sql
@@ -61,7 +61,7 @@ begin
     merge into sert_core.prefs dst
     using ( select 'Release Version' as pref_name
                   , 'RELEASE_VERSION' as pref_key
-                  , '24.2.6' as pref_value
+                  , '24.2.7' as pref_value
                   , 'Y' as internal_yn from dual ) src
     on ( src.pref_key = dst.pref_key)
       when matched then
diff --git a/product/sert/sert_core/seed_data/110_rule_import.sql b/product/sert/sert_core/seed_data/110_rule_import.sql
@@ -1367,6 +1367,7 @@ begin
             '  ,be.authorization_scheme',
             '  ,be.authorization_scheme_id',
             '  ,b.breadcrumb_id',
+            '  ,be.breadcrumb_entry_id',
             '  ,(select authorization_scheme',
             '    from apex_application_pages ',
             '    where to_char(page_id) = REGEXP_SUBSTR(be.url, ''[^:]+'', 1, 2) ',
@@ -1392,7 +1393,7 @@ begin
             '  ,#RULE_ID# as rule_id ',
             '  ,b.application_id as application_id',
             '  ,null as page_id ',
-            '  ,breadcrumb_id as component_id ',
+            '  ,breadcrumb_entry_id as component_id ',
             '  ,b.entry_label as component_name',
             '  ,null as column_name ',
             '  ,null as item_name',
@@ -1612,10 +1613,10 @@ begin
             'where 1=1',
             '  and application_id = #APP_ID#')),
         p_info                   => apex_string.join(apex_t_varchar2(
-            'The execution of a **Page Process**  can be linked to the click of a specific _button_ on the same page. When the **Authorization Scheme** of the Process and the Button do not match it might be possible for the user to have access to the Button and not the Process or vice versa.',
+            'When a **Button** is used to redirect to a **Page** within an application, the **Authorization Scheme** needs to match on both occasions. When the Authorization Scheme of the Page and the Button do not match, it might be possible for the user to have access to the Button and not the Page or vice versa.',
             '',
-            'APEX-SERT flags Page Processes where the execution is tied to a Button, but where the Button''s Authorization scheme doesn''t match the Authorization Scheme for the Process.')),
-        p_fix                    => 'Check the **Authorization Schemes** on both the driving **Button** and the **Page Process** for compatibility. Although they are not required to be the same, developers need to make sure that the Authorization Schemes are compatible and will provide the desired result.',
+            'APEX-SERT flags when the Button''s Authorization scheme doesn''t match the Authorization Scheme for the target Page redirection.')),
+        p_fix                    => 'Check the **Authorization Schemes** on both the driving **Button** and the target **Page** redirect for compatibility. Although they are not required to be the same, developers need to make sure that the Authorization Schemes are compatible and will provide the desired result.',
         p_time_to_fix            => null,
         p_rule_severity_name     => 'Medium',
         p_rule_severity_key      => 'MEDIUM',
@@ -10594,6 +10595,7 @@ begin
             '  ,be.authorization_scheme',
             '  ,be.authorization_scheme_id',
             '  ,b.breadcrumb_id',
+            '  ,be.breadcrumb_entry_id',
             '  ,(select authorization_scheme',
             '    from apex_application_pages ',
             '    where to_char(page_id) = REGEXP_SUBSTR(be.url, ''[^:]+'', 1, 2) ',
@@ -10619,7 +10621,7 @@ begin
             '  ,#RULE_ID# as rule_id ',
             '  ,b.application_id as application_id',
             '  ,null as page_id ',
-            '  ,breadcrumb_id as component_id ',
+            '  ,breadcrumb_entry_id as component_id ',
             '  ,b.entry_label as component_name',
             '  ,null as column_name ',
             '  ,null as item_name',
@@ -10839,10 +10841,10 @@ begin
             'where 1=1',
             '  and application_id = #APP_ID#')),
         p_info                   => apex_string.join(apex_t_varchar2(
-            'The execution of a **Page Process**  can be linked to the click of a specific _button_ on the same page. When the **Authorization Scheme** of the Process and the Button do not match it might be possible for the user to have access to the Button and not the Process or vice versa.',
+            'When a **Button** is used to redirect to a **Page** within an application, the **Authorization Scheme** needs to match on both occasions. When the Authorization Scheme of the Page and the Button do not match, it might be possible for the user to have access to the Button and not the Page or vice versa.',
             '',
-            'APEX-SERT flags Page Processes where the execution is tied to a Button, but where the Button''s Authorization scheme doesn''t match the Authorization Scheme for the Process.')),
-        p_fix                    => 'Check the **Authorization Schemes** on both the driving **Button** and the **Page Process** for compatibility. Although they are not required to be the same, developers need to make sure that the Authorization Schemes are compatible and will provide the desired result.',
+            'APEX-SERT flags when the Button''s Authorization scheme doesn''t match the Authorization Scheme for the target Page redirection.')),
+        p_fix                    => 'Check the **Authorization Schemes** on both the driving **Button** and the target **Page** redirect for compatibility. Although they are not required to be the same, developers need to make sure that the Authorization Schemes are compatible and will provide the desired result.',
         p_time_to_fix            => null,
         p_rule_severity_name     => 'Medium',
         p_rule_severity_key      => 'MEDIUM',
diff --git a/product/sert/sert_core/seed_data/115_import_sert_rules_hex_24_1.sql.txt b/product/sert/sert_core/seed_data/115_import_sert_rules_hex_24_1.sql.txt
diff --git a/sert.properties b/sert.properties

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-prompt app_checksum: 86F1945335267E9F0D7E6DA88119A23CC54E913630F010C30AE63140F34FEB5B`
	`1`	`+prompt app_checksum: 9DBE56965E8E6520BCF939EC4005C1BCC5F3216B8D997E31EC9EC8F6EA7C7643`
`2`	`2`	`-------------------------------------------------------------------------------`
`3`	`3`	`-- Copyright (c) 2024,2025 Oracle and/or its affiliates.`
`4`	`4`	`-- Licensed under the Universal Permissive License v 1.0 as shown`