Fix: Only return error info in invalid URI case

Collection schemas return some valuable parameter information values
on get query, even when the URI is invalid and 404/400 error code
is returned.
Fix for the same is provided by packing the json response at proper
places and returning only the required error info, for security reasons.

Tested:
Verified by redfish GET query for invalid uri cases.
Only error msg and info is returned.

Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>
Change-Id: Iae45da86c2d2adbc39d78f7c267d551d4e6525f2

2 files changed, 17 insertions, 16 deletions

diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 16c8731..f1a83a9 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -1173,14 +1173,6 @@ class ManagerAccount : public Node
     void doGet(crow::Response& res, const crow::Request& req,
                const std::vector<std::string>& params) override
     {
-        res.jsonValue = {
-            {"@odata.context",
-             "/redfish/v1/$metadata#ManagerAccount.ManagerAccount"},
-            {"@odata.type", "#ManagerAccount.v1_0_3.ManagerAccount"},
-            {"Name", "User Account"},
-            {"Description", "User Account"},
-            {"Password", nullptr},
-            {"RoleId", "Administrator"}};
 
         auto asyncResp = std::make_shared<AsyncResp>(res);
 
@@ -1214,6 +1206,15 @@ class ManagerAccount : public Node
                                                accountName);
                     return;
                 }
+
+                asyncResp->res.jsonValue = {
+                    {"@odata.context",
+                     "/redfish/v1/$metadata#ManagerAccount.ManagerAccount"},
+                    {"@odata.type", "#ManagerAccount.v1_0_3.ManagerAccount"},
+                    {"Name", "User Account"},
+                    {"Description", "User Account"},
+                    {"Password", nullptr}};
+
                 for (const auto& interface : userIt->second)
                 {
                     if (interface.first ==
diff --git a/redfish-core/lib/update_service.hpp b/redfish-core/lib/update_service.hpp
index 7220b43..93be08c 100644
--- a/redfish-core/lib/update_service.hpp
+++ b/redfish-core/lib/update_service.hpp
@@ -565,14 +565,6 @@ class SoftwareInventory : public Node
                const std::vector<std::string> &params) override
     {
         std::shared_ptr<AsyncResp> asyncResp = std::make_shared<AsyncResp>(res);
-        res.jsonValue["@odata.type"] =
-            "#SoftwareInventory.v1_1_0.SoftwareInventory";
-        res.jsonValue["@odata.context"] =
-            "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory";
-        res.jsonValue["Name"] = "Software Inventory";
-        res.jsonValue["Updateable"] = false;
-        res.jsonValue["Status"]["Health"] = "OK";
-        res.jsonValue["Status"]["HealthRollup"] = "OK";
 
         if (params.size() != 1)
         {
@@ -717,6 +709,14 @@ class SoftwareInventory : public Node
                         "/redfish/v1/UpdateService/FirmwareInventory/" + *swId);
                     return;
                 }
+                asyncResp->res.jsonValue["@odata.type"] =
+                    "#SoftwareInventory.v1_1_0.SoftwareInventory";
+                asyncResp->res.jsonValue["@odata.context"] =
+                    "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory";
+                asyncResp->res.jsonValue["Name"] = "Software Inventory";
+                asyncResp->res.jsonValue["Updateable"] = false;
+                asyncResp->res.jsonValue["Status"]["Health"] = "OK";
+                asyncResp->res.jsonValue["Status"]["HealthRollup"] = "OK";
             },
             "xyz.openbmc_project.ObjectMapper",
             "/xyz/openbmc_project/object_mapper",