Sap Integration

#

Introduction #

This document provides instructions on creating the SAP function module ZRFC_DOCEXPLOIT_CODE_EXPORTER, setting up the necessary structure, assigning permissions, and running script to export ABAP program code.


Step 1: Creating the Function Module ZRFC_DOCEXPLOIT_CODE_EXPORTER #

1.1 Access the Function Builder #

  1. Log in to the SAP GUI.
  2. Navigate to Transaction Code SE37.

1.2 Create a New Function Module #

  1. Enter the name ZRFC_DOCEXPLOIT_CODE_EXPORTER and click Create.
  2. Provide the following details:
    • Function Group: (Create a new one or use an existing group)
    • Short Text: “Export ABAP Program Source Code”
  3. Click Save and assign it to a transport request.

1.3 Define Import Parameters #

  1. Go to the Import tab.
  2. Add the following parameter:
    • Parameter Name: PROGRAM_NAME
    • Type: TYPE CHAR
    • Length: 40

1.4 Define Export Parameters #

  1. Go to the Export tab.
  2. Add the following parameter:
    • Parameter Name: SOURCE_CODE
    • Type: Custom table type for CHAR255 (see next section).

1.5 Create Custom Table Type for CHAR255 #

  1. Navigate to Transaction Code SE11.
  2. Choose “Data Type” and click Create.
  3. Enter a name, e.g., Z_DOCEXPLOIT_TABLE_TYPE.
  4. Select “Table Type” and click Continue.
  5. Define the following details:
    • Line Type: CHAR
    • Length: 255
    • Access Mode: “Standard Table”
    • Key Fields: Leave empty.
  6. Save and activate the table type.

1.6 Implement the Code #

  1. Go to the Source Code tab.
  2. Add the following code:
FUNCTION ZRFC_DOCEXPLOIT_CODE_EXPORTER.

  READ REPORT program_name INTO source_code.

ENDFUNCTION.
  1. Save and activate the function module.

Step 2: Setting Up Permissions #

2.1 Required Authorizations #

Ensure the user executing the Python script has the following permissions:

  1. Authorization to Read Tables:
    • Table: TRDIR
    • Table: REPOSRC
  2. RFC Authorization:
    • Assign authorization object S_RFC.
    • Ensure the function module ZRFC_DOCEXPLOIT_CODE_EXPORTER is accessible.

Contact your SAP Basis team to verify and assign these permissions.


Step 3: Running the Extractor #

3.1 Download the Executable #

Obtain the precompiled executable file, e.g., export_sap_programs_windows.exe (Windows) or export_sap_programs_linux (Linux).

Netweaver RFC SDK is needed in Linux machines. You can download it from SAP page: SAP NetWeaver Remote Function Call (RFC) Software Development Kit (SDK).

In the case of Windows, is needed to install the Business Client included in the SAPGUI installer.

3.2 Command-Line Usage #

Run the executable with the following syntax:

export_sap_programs -u USER -p PASSWORD -a HOST -s SYSNR -c CLIENT -l EN

Replace the placeholders with your SAP system details:

  • USER: SAP username
  • PASSWORD: SAP password
  • HOST: Application server hostname
  • SYSNR: System number
  • CLIENT: SAP client
  • EN: Language (default: EN)

Example:

./export_sap_programs_linux -u DEVELOPER -p ABAPtr2022#01 -host localhost -s 00 -c 001 -l EN

You can try it by connecting to official trial image: sapse/abap-cloud-developer-trial – Docker Image | Docker Hub

3.3 Output #

The program will:

  1. Connect to the SAP system and retrieve a list of custom programs (Z* and Y*).
  2. Export the source code of each program to text files.
  3. Save the files in the ./sap_programs directory (relative to where the executable is run).

Step 4: Running the DocExploitCli #

The last step is to run the cli client of DocExploit in a normal way, using sap as the language.

Example: ./docexploit-cli docspot analyze $PROJECTID sap $PATH $APIKEY

Audit mode


Troubleshooting #

Common Issues #

  1. Missing Permissions:
    • Verify that the required table and RFC authorizations are assigned.
  2. Connection Errors:
    • Ensure the SAP NW RFC Library is correctly configured.
  3. Function Module Errors:
    • Double-check the implementation of ZRFC_DOCEXPLOIT_CODE_EXPORTER.

Debugging #

Check the script logs and the SAP system’s logs (e.g., Transaction Code ST22) for more details.