Re: [PR] Add logging implementation for AuditManager and audit more endpoints (druid)

via GitHub Mon, 04 Dec 2023 06:40:56 -0800


github-advanced-security[bot] commented on code in PR #15480:
URL: https://github.com/apache/druid/pull/15480#discussion_r1413968702



##########
server/src/test/java/org/apache/druid/server/audit/SQLAuditManagerTest.java:
##########
@@ -390,42 +278,20 @@
           }
         }
     );
-    String entry1Key = "testKey";
-    String entry1Type = "testType";
-    AuditInfo entry1AuditInfo = new AuditInfo("testAuthor", "testComment", 
"127.0.0.1");
-    String entry1Payload = "payload audit to store";
-
-    auditManagerWithMaxPayloadSizeBytes.doAudit(
-        entry1Key,
-        entry1Type,
-        entry1AuditInfo,
-        entry1Payload,
-        stringConfigSerde
-    );
 
-    byte[] payload = connector.lookup(
-        
derbyConnectorRule.metadataTablesConfigSupplier().get().getAuditTable(),
-        "audit_key",
-        "payload",
-        "testKey"
-    );
+    final AuditEvent entry = createAuditEvent("key", "type", 
DateTimes.nowUtc());
+    auditManager.doAudit(entry);
 
-    AuditEntry dbEntry = mapper.readValue(payload, AuditEntry.class);
-    Assert.assertEquals(entry1Key, dbEntry.getKey());
-    Assert.assertEquals(entry1Payload, dbEntry.getPayload());
-    Assert.assertEquals(entry1Type, dbEntry.getType());
-    Assert.assertEquals(entry1AuditInfo, dbEntry.getAuditInfo());
+    // Verify that the actual payload has been persisted
+    AuditEvent dbEntry = lookupAuditEntryForKey(entry.getKey());
+    Assert.assertEquals(entry, dbEntry);
   }
 
   @Test(timeout = 60_000L)
-  public void testCreateAuditEntryWithSkipNullConfigTrue()
+  public void testCreateAuditEntryWithSkipNullsInPayload() throws IOException
   {
-    ConfigSerde<Map<String, String>> mockConfigSerde = 
Mockito.mock(ConfigSerde.class);
-    SQLAuditManager auditManagerWithSkipNull = new SQLAuditManager(
-        connector,
-        derbyConnectorRule.metadataTablesConfigSupplier(),
-        new NoopServiceEmitter(),
-        mapper,
+    final ConfigSerde<Map<String, String>> mockConfigSerde = 
Mockito.mock(ConfigSerde.class);

Review Comment:
   ## Unread local variable
   
   Variable 'ConfigSerde<Map<String,String>> mockConfigSerde' is never read.
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/6020)



##########
extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java:
##########
@@ -315,14 +320,15 @@
   @Test
   public void testUserCredentials()
   {
-    Response response = resource.createUser(req, AUTHENTICATOR_NAME, "druid");
+    Response response = resource.createUser(req, AUTHENTICATOR_NAME, "druid", 
null, null);
     Assert.assertEquals(200, response.getStatus());
 
     response = resource.updateUserCredentials(
         req,
         AUTHENTICATOR_NAME,
         "druid",
-        new BasicAuthenticatorCredentialUpdate("helloworld", null)
+        new BasicAuthenticatorCredentialUpdate("helloworld", null),

Review Comment:
   ## Hard-coded credential in API call
   
   Hard-coded value flows to [sensitive API call](1).
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/6022)



##########
extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java:
##########
@@ -380,7 +386,8 @@
         req,
         AUTHENTICATOR_NAME,
         "druid",
-        new BasicAuthenticatorCredentialUpdate("helloworld", null)
+        new BasicAuthenticatorCredentialUpdate("helloworld", null),

Review Comment:
   ## Hard-coded credential in API call
   
   Hard-coded value flows to [sensitive API call](1).
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/6023)



##########
server/src/test/java/org/apache/druid/server/http/DataSourcesResourceTest.java:
##########
@@ -612,10 +614,10 @@
     OverlordClient overlordClient = 
EasyMock.createStrictMock(OverlordClient.class);
     EasyMock.replay(overlordClient, server);
     DataSourcesResource dataSourcesResource =
-        new DataSourcesResource(inventoryView, null, null, overlordClient, 
null, null);
+        new DataSourcesResource(inventoryView, null, null, overlordClient, 
null, null, null);
     try {
       Response response =
-          
dataSourcesResource.markAsUnusedAllSegmentsOrKillUnusedSegmentsInInterval("datasource",
 "true", "???");
+          
dataSourcesResource.markAsUnusedAllSegmentsOrKillUnusedSegmentsInInterval("datasource",
 "true", "???", request);

Review Comment:
   ## Deprecated method or constructor invocation
   
   Invoking 
[DataSourcesResource.markAsUnusedAllSegmentsOrKillUnusedSegmentsInInterval](1) 
should be avoided because it has been deprecated.
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/6021)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] Add logging implementation for AuditManager and audit more endpoints (druid)

Reply via email to