Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

need help with correct import parameters for testing OSS note 1298160

Former Member
0 Kudos

Note 1298160: Before applying this note you should be able to call any routine (IV_COMMAND) from any program (IV_CONTEXT) using FM TMS_CI_START_SERVICE. I haven't tested it so I don't know values from for other parameters. After applying this note you should not be able to use this gap.

When I execute TMS_CI_START_SERVICE, what is the correct import parameters for testing each of the following:

IV_SRCSYSTEM

IV_SRCDOMAIN

IV_SRCVERSION

IV_TARSYSTEM

IV_CONTEXT

IV_ACCESS

IV_EXECMODE

IV_SERVICE

IV_COMMAND

IV_SUPER

IV_TARCLIENT

IV_CALLER

I would like to execute this program and verify that the fix works.

3 REPLIES 3

Frank_Buchholz
Advisor
Advisor
0 Kudos

It is sufficant to check if the note is appliend correctly:

Transaction SNOTE

-> Goto -> SAP Note Browser

Enter the note numbers as a selection for SAP Note Number:

1298160

Execute the report and check if you get the status "Completly implemented" for the note.

In addition you can check using SE37 if the code of the function module TMS_CI_START_SERVICE now contains the code which is shown in the correction instruction (it's somewhere at the beginning).

If you see the line

perform log_command tables tt_table using iv_command iv_context. exit.

than it's ok.

Kind regards

Frank Buchholz

Active Global Support - Security Services

Former Member
0 Kudos

This is a function module in a function group used by a SAP standard application, which contained coding which is not foreseen to be used externally.

To test it, just make sure that your usage of standard SAP STMS works as before. As SAP is indicating that no standard scenario was forseen for these parameters, so your customer testing risk is very low. Important is to apply the corrections.

My understanding of this note and the message with it is that SAP has tested their own scenarios and there is no use-case for them... so it is only misuse of the program code in the "illegal" parameters which would be blocked. That is what the patch intends to stop, and write syslog messages of attempts for - anticipating that it will become a popular "fun" parameter for "script kiddies"...

I recommend implementing these notes (and checking for similar coding techniques in your customer programs...).

Cheers,

Julius

Edited by: Julius Bussche on Apr 27, 2009 8:16 PM

Former Member
0 Kudos

Thanks Frank!