github-code-scanning[bot] commented on code in PR #12969:
URL:
https://github.com/apache/dolphinscheduler/pull/12969#discussion_r1029230433
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java:
##########
@@ -153,13 +154,16 @@
* @param startDate start date
* @param endDate end date
*/
- private Map<String, Object> countStateByProject(User loginUser, long
projectCode, String startDate, String endDate,
- TriFunction<Date, Date,
Long[], List<ExecuteStatusCount>> instanceStateCounter) {
- Map<String, Object> result = new HashMap<>();
+ private Result countStateByProject(User loginUser, long projectCode,
String startDate, String endDate,
+ TriFunction<Date, Date, Long[],
List<ExecuteStatusCount>> instanceStateCounter) {
+ Result result = new Result();
if (projectCode != 0) {
Project project = projectMapper.queryByCode(projectCode);
- result = projectService.checkProjectAndAuth(loginUser, project,
projectCode, PROJECT_OVERVIEW);
- if (result.get(Constants.STATUS) != Status.SUCCESS) {
+ Map<String, Object> checkResult =
+ projectService.checkProjectAndAuth(loginUser, project,
projectCode, PROJECT_OVERVIEW);
Review Comment:
## User-controlled bypass of sensitive method
Sensitive method may not be executed depending on a [this condition](1),
which flows from [user-controlled value](2).
Sensitive method may not be executed depending on a [this condition](1),
which flows from [user-controlled value](3).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/2342)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataAnalysisService.java:
##########
@@ -63,23 +62,23 @@
* @param projectCode project code
* @return definition count data
*/
- Map<String, Object> countDefinitionByUser(User loginUser, long
projectCode);
+ Result countDefinitionByUser(User loginUser, long projectCode);
/**
* statistical command status data
*
* @param loginUser login user
* @return command state count data
*/
- Map<String, Object> countCommandState(User loginUser);
+ Result countCommandState(User loginUser);
/**
* count queue state
*
* @param loginUser login user
* @return queue state count data
*/
- Map<String, Object> countQueueState(User loginUser);
+ Result countQueueState(User loginUser);
Review Comment:
## Useless parameter
The parameter 'loginUser' is never used.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/2341)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java:
##########
@@ -205,22 +209,25 @@
* @return definition count data
*/
@Override
- public Map<String, Object> countDefinitionByUser(User loginUser, long
projectCode) {
- Map<String, Object> result = new HashMap<>();
+ public Result countDefinitionByUser(User loginUser, long projectCode) {
+ Result result = new Result();
if (projectCode != 0) {
Project project = projectMapper.queryByCode(projectCode);
- result = projectService.checkProjectAndAuth(loginUser, project,
projectCode, PROJECT_OVERVIEW);
- if (result.get(Constants.STATUS) != Status.SUCCESS) {
+ Map<String, Object> checkResult =
+ projectService.checkProjectAndAuth(loginUser, project,
projectCode, PROJECT_OVERVIEW);
Review Comment:
## User-controlled bypass of sensitive method
Sensitive method may not be executed depending on a [this condition](1),
which flows from [user-controlled value](2).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/2343)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]