Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@cap-js/attachments
Advanced tools
CAP cds-plugin providing image and attachment storing out-of-the-box.
The @cap-js/attachments
package is a CDS plugin that provides out-of-the box asset storage and handling by using an aspect Attachments
. It also provides a CAP-level, easy to use integration of the SAP Object Store.
Attachments
To enable attachments, simply add this self-configuring plugin package to your project:
npm add @cap-js/attachments
In this guide, we use the Incidents Management reference sample app as the base application, to add Attachments
type to the CDS model.
[!Note] To be able to use the Fiori uploadTable feature, you must ensure 1.121.0/ 1.122.0/ ^1.125.0 SAPUI5 version is updated in the application's index.html
To use Attachments, simply add an element referring to the pre-defined Attachments
type as follows:
using { Attachments } from '@cap-js/attachments';
entity Incidents {
// ...
attachments: Composition of many Attachments;
}
With the steps above, we have successfully set up asset handling for our reference application. Let's see that in action. We can try out the scenarios where the attachments contents are stored locally in the database.
cds watch
Navigate to the object page of the incident Solar panel broken
:
The Attachments
type has generated an out-of-the-box Attachments table (see 1) at the bottom of the Object page:
Upload a file by going into Edit mode and either using the Upload button on the Attachments table or by drag/drop. Then click the Save button to have that file stored that file in the dedicated resource (database, S3 bucket, etc.). We demonstrate this by uploading the PDF file from xmpl/db/content/Solar Panel Report.pdf:
Delete a file by going into Edit mode and selecting the file(s) and by using the Delete button on the Attachments table. Then click the Save button to have that file deleted from the resource (database, S3 bucket, etc.). We demonstrate this by deleting the previously uploaded PDF file: Solar Panel Report.pdf
For using SAP Object Store, you must already have a SAP Object Store service instance with a bucket which you can access. To connect it, follow this setup.
Log in to Cloud Foundry:
cf login -a <CF-API> -o <ORG-NAME> -s <SPACE-NAME>
To bind to the service continue with the steps below.
In the project directory, you can generate a new file _.cdsrc-private.json by running:
cds bind objectstore -2 <INSTANCE>:<SERVICE-KEY> --kind s3
For using SAP Malware Scanning Service, you must already have a service instance which you can access.
To bind to the service continue with the steps below.
cds bind malware-scanner -2 <INSTANCE>:<SERVICE-KEY>
By default, malware scanning is enabled for all profiles except development profile. You can configure malware scanning by setting:
"attachments": {
"scan": true
}
This project is open to feature requests/suggestions, bug reports etc. via GitHub issues. Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines.
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its Code of Conduct at all times.
Copyright 2024 SAP SE or an SAP affiliate company and contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.
FAQs
CAP cds-plugin providing image and attachment storing out-of-the-box.
The npm package @cap-js/attachments receives a total of 383 weekly downloads. As such, @cap-js/attachments popularity was classified as not popular.
We found that @cap-js/attachments demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.