This offer is only addressed to commercial customers including freelancers and entrepreneurs. All prices are exclusive of value added tax (VAT).
  • Share via email
  • Subscribe to blog alert

Bosch IoT Insights: improvements for the query templates, device creation and calendar feature & prevention of CSV injection

Rollout of custom endpoints

It is now possible to configure custom endpoints in query templates. Custom endpoints are user-defined REST endpoint URL paths that can directly trigger the execution of a query template.

Example of usage:
A query template must normally be called using a specific ID and the corresponding body with the required parameters. With a custom endpoint definition for the same query template, a user can now access the same template directly via a URL.

Using this feature, a user is also able to transform data into any specific format, so it can be accessed with a simple rest request.

  • Therefore, it is much easier to connect third-party tools, which can be seen in one of our newest YouTube tutorial
  • Or you can design the data access to meet the ISO standards of the domain-specific Rest API

In addition, the user can also retrieve the data in CSV format if required.

For further instructions, please have a look at our user guide.

Custom role-based access rights for query templates

Often, query templates contain logic and access to various types of data and thus to know-how and knowledge,
that should not be accessible to everyone. They are also the basis for most reports, dashboards and visualizations.

We now provide a possibility to define who can access and edit which type of query template. This can be defined in such detail that only a single user has access to a specific template.

For further instructions, please have a look at our user guide.

Configurable device creation

Until now, our device creation dialog was a static dialog consisting of two mandatory input fields to create a device.
Depending on the device type a user wants to create, this dialog was too generic and there was no way to change this.

We have now added the possibility to define which properties are mandatory for a device type. So the device creation dialog adapts to it.

Example:

For further instructions, please have a look at our user guide.

Calendar widget with timeline view mode

We have added a new view mode to our existing calendar widget, which allows to hide booking events in a time line.
The user can now decide with one click if they want to see the calendar in normal or timeline mode.

Example:

Changing the booking behavior

We changed the behavior for  bookings. When a booking gets overwritten, the booking owner will now be informed.

If an existing booking is changed or if another booking for the same device overlaps the existing booking, the booking owner will be informed by email. This shall help the booking owner to clarify the booking event and to resolve conflicts if necessary.

Prevention of CSV injection

Using a query template it is possible to download the result in CSV format.

To reduce the risk of CSV injection, where formulas are injected into a generated file, the CSV download now provides basic countermeasures against it.

At the beginning of a line, the following characters are prepended with a single quote (‘):

Equals(=), Plus(+), Minus(-), At(@), Tab, Carriage return, Comma (,), and Semicolon (;)

We would like to point out that this is not a Bosch IoT Insights vulnerability, but an issue with the application that opens the CSV file.
And it cannot be ensured that any possible CSV injection of any application will not mitigated by this.

For further information on CSV injection, please see the OWSAP guidelines: https://owasp.org/www-community/attacks/CSV_Injection

Further improvements

INS-2061: Improved usability of the command bar of the calendar view
INS-2124: Fixed issue with too many redirects again

Bugfixes

INS-490: Fix sorting in Swagger UI
INS-1786: Fix in Views configuration: wrong translation in tab label
INS-2203: Fix in Conditional Actions: Email/ SMS Action is not saved correctly
INS-2253: Fix in Views: Translation is not removed correctly
INS-492: Fix: Opening a dialog changes the background layout
INS-1303: Fix in Device History: Replacing a link with backdating enabled causes 2 ‘linked’ history entries
INS-2351: Fix in Conditional Actions: HTTP-Method field too small
INS-2296: Fix outdated docu regarding SMS and Email in Conditional Actions tab