YD

Hello Community,

I would like to write a report which can check if the links given in the model are still valid. If the link is not valid any more and the report should get a corresponding error code, for example 404 not found.

Is it possible to trigger/open an external website link in the Aris report?

Thank you in advance!

Best

by Kay Fischbach
Posted on Mon, 08/12/2019 - 09:19

Hi

as far as I can tell, SoftwareAG disabled things like the Javascript XMLHttpRequest object because of security concerns.

Imagine someone somehow executes a malicious report that can send http post requests - the malicious script could transfer a lot of process data out of your company to some third party.

Web-Browsers load content in a sandbox environment - websites usually can't access system resources without user interaction (built-in browser dialog that allows the user to choose a file/ drag-and-drop file into browser window/...). That's why companies can allow employees to access the web with a browser, because the browser acts as a barrier in between company resources and the scary and potentially dangerous internet.

With ARIS reports there is no user-interaction barrier in between the valuable company process data, and the internet. Because of this I advise against interacting with the internet with a report.

Another thing to consider of why it may not even be worth to try it:

ARIS Reports are executed on the ARIS server, not on your ARIS client. I don't know your particular ARIS setup, but for bigger organizations the servers with company internal data usually stand in some sort of protected zone (protected zone as in "shielded with a firewall" - obviously also protected from physical access but it's more about the network traffic being restricted). Therefore it would be reasonable to assume that the ARIS server executing the script can't even resolve the URL to an IP, because it shouldn't have access to DNS servers other than those that manage company internal traffic. Furthermore (putting URL to IP resolve aside) the ARIS server should not be allowed to establish a connection to resolved IP addresses outside of the company network.

 

0

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock