Repository: ranger
Updated Branches:
  refs/heads/ranger-1.0 36b1286e8 -> 024a3e392


RANGER-2006: Fix problems detected by static code analysis in ranger usersync 
for ldap sync source - ranger-1.0 branch


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/024a3e39
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/024a3e39
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/024a3e39

Branch: refs/heads/ranger-1.0
Commit: 024a3e392ba23b6d3a13f64b8159d54d062e4478
Parents: 36b1286
Author: Sailaja Polavarapu <spolavar...@hortonworks.com>
Authored: Tue Mar 6 11:12:21 2018 -0800
Committer: Sailaja Polavarapu <spolavar...@hortonworks.com>
Committed: Tue Mar 6 11:12:21 2018 -0800

----------------------------------------------------------------------
 .../process/LdapDeltaUserGroupBuilder.java      |  2 +-
 .../process/LdapUserGroupBuilder.java           |  3 +--
 .../config/UserGroupSyncConfig.java             | 27 ++++++++++++++++++++
 3 files changed, 29 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/024a3e39/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
----------------------------------------------------------------------
diff --git 
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
 
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
index 2852b32..c297f68 100644
--- 
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
+++ 
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
@@ -901,7 +901,7 @@ public class LdapDeltaUserGroupBuilder extends 
AbstractUserGroupSource {
                                                .append(groupDN).append(")");
                        }
                        filter.append("))");
-                       groupFilter += filter;
+                       groupFilter += 
config.escapeSearchFilter(filter.toString());
 
                        LOG.info("extendedAllGroupsSearchFilter = " + 
groupFilter);
                        for (int ou=0; ou<groupSearchBase.length; ou++) {

http://git-wip-us.apache.org/repos/asf/ranger/blob/024a3e39/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
----------------------------------------------------------------------
diff --git 
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
 
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 6b2648d..488aa76a 100644
--- 
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ 
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -277,7 +277,6 @@ public class LdapUserGroupBuilder extends 
AbstractUserGroupSource {
                                        + ",  ldapReferral: " + ldapReferral
                                        );
                }
-
        }
 
        private void closeLdapContext() throws Throwable {
@@ -810,7 +809,7 @@ public class LdapUserGroupBuilder extends 
AbstractUserGroupSource {
                                                .append(groupDN).append(")");
                        }
                        filter.append("))");
-            groupFilter += filter;
+            groupFilter += config.escapeSearchFilter(filter.toString());
 
                        LOG.debug("extendedAllGroupsSearchFilter = " + 
groupFilter);
                        for (String ou : groupSearchBase) {

http://git-wip-us.apache.org/repos/asf/ranger/blob/024a3e39/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git 
a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
 
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 45eeb1b..ed07696 100644
--- 
a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ 
b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -960,6 +960,33 @@ public class UserGroupSyncConfig  {
                return deltaSyncEnabled;
        }
 
+       public String escapeSearchFilter(String searchFilter) {
+               StringBuilder sb = new StringBuilder();
+               for (int i = 0; i < searchFilter.length(); i++) {
+                       char ch = searchFilter.charAt(i);
+                       switch (ch) {
+                               case '\\':
+                                       sb.append("\\5c");
+                                       break;
+                               case '*':
+                                       sb.append("\\2a");
+                                       break;
+                               case '(':
+                                       sb.append("\\28");
+                                       break;
+                               case ')':
+                                       sb.append("\\29");
+                                       break;
+                               case '\u0000':
+                                       sb.append("\\00");
+                                       break;
+                               default:
+                                       sb.append(ch);
+                       }
+               }
+               return sb.toString();
+       }
+
        /* Used only for unit testing */
        public void setUserSearchFilter(String filter) {
                prop.setProperty(LGSYNC_USER_SEARCH_FILTER, filter);

Reply via email to