ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ab...@apache.org
Subject ranger git commit: RANGER-2247: RangerRANGER-2247 Ranger Plugin for HDFS throws StringIndexOutOfBounds exception when policy resource is \
Date Thu, 18 Oct 2018 01:23:53 GMT
Repository: ranger
Updated Branches:
  refs/heads/ranger-1.1 634999e52 -> 03b6c6aad


RANGER-2247:
RangerRANGER-2247
Ranger Plugin for HDFS throws StringIndexOutOfBounds exception when policy resource is \


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/03b6c6aa
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/03b6c6aa
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/03b6c6aa

Branch: refs/heads/ranger-1.1
Commit: 03b6c6aad3cc7100281c31a3069fd7ea33135c45
Parents: 634999e
Author: Abhay Kulkarni <akulkarni@hortonworks.com>
Authored: Wed Oct 17 14:54:33 2018 -0700
Committer: Abhay Kulkarni <akulkarni@hortonworks.com>
Committed: Wed Oct 17 18:23:47 2018 -0700

----------------------------------------------------------------------
 .../resourcematcher/RangerPathResourceMatcher.java  |  4 ++--
 .../ranger/plugin/util/StringTokenReplacer.java     | 16 +++++++++++++++-
 .../policyengine/test_policyengine_hdfs.json        |  6 ++++++
 .../test_resourcematcher_dynamic.json               |  2 +-
 ...est_resourcematcher_wildcards_as_delimiters.json |  2 +-
 5 files changed, 25 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/03b6c6aa/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
index 78a3b8a..9cf31a2 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
@@ -227,8 +227,8 @@ abstract class RecursiveMatcher extends ResourceMatcher {
 	}
 
 	String getStringToCompare(String policyValue) {
-		if (policyValue == null) {
-			return null;
+		if (StringUtils.isEmpty(policyValue)) {
+			return policyValue;
 		}
 		return (policyValue.lastIndexOf(levelSeparatorChar) == policyValue.length()-1) ?
 			policyValue.substring(0, policyValue.length()-1) : policyValue;

http://git-wip-us.apache.org/repos/asf/ranger/blob/03b6c6aa/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
index ace04d6..2d09d44 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java
@@ -50,11 +50,25 @@ public class StringTokenReplacer {
                 i++;
                 if(i < value.length()) {
                     c = value.charAt(i);
-                    if(token != null) {
+                    if (token != null) {
+                        // if next char is not the escape char or endChar, retain the escapeChar
+                        if (c != escapeChar && c != endChar) {
+                            token.append(escapeChar);
+                        }
                         token.append(c);
                     } else {
+                        // if next char is not the escape char or startChar, retain the escapeChar
+                        if (c != escapeChar && c != startChar) {
+                            ret.append(escapeChar);
+                        }
                         ret.append(c);
                     }
+                } else {
+                    if (token != null) {
+                        token.append(escapeChar);
+                    } else {
+                        ret.append(escapeChar);
+                    }
                 }
                 continue;
             }

http://git-wip-us.apache.org/repos/asf/ranger/blob/03b6c6aa/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
index ea167f4..3833ba1 100644
--- a/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
+++ b/agents-common/src/test/resources/policyengine/test_policyengine_hdfs.json
@@ -60,6 +60,12 @@
            "values":["var country_code = ctx.getRequestContextAttribute('LOCATION_TEST_COUNTRY_CODE');
ctx.result = !!country_code;"]
          }]}
      ]
+    },
+    {"id":4,"name":"invalid policy with a single backslash","isEnabled":true,"isAuditEnabled":true,
+      "resources":{"path":{"values":["\\"],"isRecursive":true}},
+      "policyItems":[
+        {"accesses":[{"type":"read","isAllowed":true}],"users":[],"groups":["public"],"delegateAdmin":false}
+      ]
     }
   ],
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/03b6c6aa/agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json
b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json
index db19f76..6a2119d 100644
--- a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json
+++ b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json
@@ -25,7 +25,7 @@
 			  ,
 			  { "name":"exact-path","input":"/abc@%xyz@w", "evalContext": {"token:somestuff": "somethingelse"},
"result":false}
 			  ,
-			  { "name":"exact-path","input":"/abc%xyzw", "evalContext": {"token:somestuff": "somethingelse"},
"result":true}
+			  { "name":"exact-path","input":"/abc%xyz@w", "evalContext": {"token:somestuff": "somethingelse"},
"result":true}
 			  ,
 			  { "name":"exact-path","input":"/abcabcdw", "evalContext": {"token:somestuff": "somethingelse",
"xyz":"abcd"}, "result":false}
 			  ,

http://git-wip-us.apache.org/repos/asf/ranger/blob/03b6c6aa/agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json
----------------------------------------------------------------------
diff --git a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json
b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json
index 8e791d6..c1432d0 100644
--- a/agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json
+++ b/agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json
@@ -23,7 +23,7 @@
 			  ,
 			  { "name":"exact-path","input":"/xyzsomethingelsez", "evalContext": {"token:somestuff":
"somethingelse"}, "result":true}
 			  ,
-			  { "name":"exact-path","input":"/abc*xyzw", "evalContext": {"token:somestuff": "somethingelse"},
"result":true}
+			  { "name":"exact-path","input":"/abc*xyz@w", "evalContext": {"token:somestuff": "somethingelse"},
"result":true}
 		  ]
 	  }
   ]


Mime
View raw message