ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dillido...@apache.org
Subject git commit: ARGUS-24: Ignore case while comparing request IP and policy IP during policy evaluation
Date Tue, 26 Aug 2014 23:49:29 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 42748388d -> 3aaaf186e


ARGUS-24: Ignore case while comparing request IP and policy IP during policy evaluation


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/3aaaf186
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/3aaaf186
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/3aaaf186

Branch: refs/heads/master
Commit: 3aaaf186e93500bcfc3e589f5348c7d3ac343ba4
Parents: 4274838
Author: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Authored: Mon Aug 25 16:08:18 2014 -0700
Committer: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Committed: Tue Aug 26 16:48:13 2014 -0700

----------------------------------------------------------------------
 .../com/xasecure/pdp/knox/URLBasedAuthDB.java   |  4 +--
 .../xasecure/pdp/knox/URLBasedAuthDBTest.java   | 27 ++++++++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3aaaf186/agents-impl/src/main/java/com/xasecure/pdp/knox/URLBasedAuthDB.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/knox/URLBasedAuthDB.java b/agents-impl/src/main/java/com/xasecure/pdp/knox/URLBasedAuthDB.java
index 59e10b2..fb147b3 100644
--- a/agents-impl/src/main/java/com/xasecure/pdp/knox/URLBasedAuthDB.java
+++ b/agents-impl/src/main/java/com/xasecure/pdp/knox/URLBasedAuthDB.java
@@ -442,9 +442,9 @@ public class URLBasedAuthDB implements PolicyChangeListener {
 				policyIp = policyIp + ":";
 			}
 		}
-		if (wildEnd && requestIp.startsWith(policyIp)) {
+		if (wildEnd && requestIp.toLowerCase().startsWith(policyIp.toLowerCase())) {
 			ipMatched = true;
-		} else if (policyIp.equals(requestIp)) {
+		} else if (policyIp.equalsIgnoreCase(requestIp)) {
 			ipMatched = true;
 		}
 		return ipMatched;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3aaaf186/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java b/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java
index dc784c2..e835347 100644
--- a/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java
+++ b/agents-impl/src/test/java/com/xasecure/pdp/knox/URLBasedAuthDBTest.java
@@ -786,6 +786,33 @@ public class URLBasedAuthDBTest {
 
 	}
 	
+    @Test
+	public void testWildIP6AllowedMixedCase() {
+		
+		URLBasedAuthDB pdp = URLBasedAuthDB.getInstanceWithBackEndMocked();
+		
+		PolicyContainer policyContainer = buildPolicyContainer(
+				"xa", 
+				"WEBHDFS",
+				asList("allow"), 
+				asList("guest"), 
+				asList("sales"),
+				asList("132:133:Db8:*"));
+		pdp.setPolicyContainer(policyContainer);
+		
+		
+		boolean allowed = pdp.isAccessGranted(
+				"xa", 
+				"WEBHDFS", 
+				"allow",
+				"guest", 
+				asSet("sales"), 
+				"132:133:dB8:135");
+		System.out.println("testWildIP6AllowedMixedCase: " + allowed);
+		Assert.assertTrue("Access denied for a request ip matching wild IP6 with mixed case", allowed);
+
+	}
+	
 	@Test
 	public void testWildIP6Denied() {
 		


Mime
View raw message