Repository: incubator-ranger Updated Branches: refs/heads/master 0ea6b16a2 -> b73b29042
RANGER-344: fix for issues found by static analyzer Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b73b2904 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b73b2904 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b73b2904 Branch: refs/heads/master Commit: b73b2904251a6b99556fe0c8a6e67ea77f226053 Parents: 0ea6b16 Author: Abhay Kulkarni <[email protected]> Authored: Tue Apr 7 00:36:01 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Apr 7 00:36:01 2015 -0700 ---------------------------------------------------------------------- .../model/validation/RangerPolicyValidator.java | 2 +- .../RangerDefaultPolicyEvaluator.java | 37 +++++++++------- .../services/hbase/client/HBaseClient.java | 12 ++++-- .../hadoop/RangerHdfsAuthorizer.java | 10 +++-- .../hive/authorizer/RangerHiveAuthorizer.java | 32 ++++++++------ .../ranger/services/yarn/client/YarnClient.java | 2 +- .../java/org/apache/ranger/biz/ServiceMgr.java | 45 ++++++++++++-------- 7 files changed, 84 insertions(+), 56 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b73b2904/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java index 36fc550..63bcdda 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java @@ -168,7 +168,7 @@ public class RangerPolicyValidator extends RangerValidator { .becauseOf("policy already exists with name[" + policyName + "]; its id is[" + policies.iterator().next().getId() + "]") .build()); valid = false; - } else if (policies.iterator().next().getId() != id) { // size == 1 && action == UPDATE + } else if (!policies.iterator().next().getId().equals(id)) { // size == 1 && action == UPDATE failures.add(new ValidationFailureDetailsBuilder() .field("id/name") .isSemanticallyIncorrect() http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b73b2904/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index fb80675..3cdc5ea 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -604,26 +604,31 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator RangerResourceMatcher ret = null; - String resName = resourceDef != null ? resourceDef.getName() : null; - String clsName = resourceDef != null ? resourceDef.getMatcher() : null; + if (resourceDef != null) { + String resName = resourceDef.getName(); + String clsName = resourceDef.getMatcher(); + + if (!StringUtils.isEmpty(clsName)) { + try { + @SuppressWarnings("unchecked") + Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>) Class.forName(clsName); + + ret = matcherClass.newInstance(); + } catch (Exception excp) { + LOG.error("failed to instantiate resource matcher '" + clsName + "' for '" + resName + "'. Default resource matcher will be used", excp); + } + } - if(! StringUtils.isEmpty(clsName)) { - try { - @SuppressWarnings("unchecked") - Class<RangerResourceMatcher> matcherClass = (Class<RangerResourceMatcher>)Class.forName(clsName); - ret = matcherClass.newInstance(); - } catch(Exception excp) { - LOG.error("failed to instantiate resource matcher '" + clsName + "' for '" + resName + "'. Default resource matcher will be used", excp); + if (ret == null) { + ret = new RangerDefaultResourceMatcher(); } - } - if(ret == null) { - ret = new RangerDefaultResourceMatcher(); - } - - if(ret != null) { - ret.init(resourceDef, resource); + if (ret != null) { + ret.init(resourceDef, resource); + } + } else { + LOG.error("RangerDefaultPolicyEvaluator: RangerResourceDef is null"); } if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b73b2904/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java b/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java index e051bb9..e9bc684 100644 --- a/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java +++ b/hbase-agent/src/main/java/org/apache/ranger/services/hbase/client/HBaseClient.java @@ -245,11 +245,15 @@ public class HBaseClient extends BaseClient { LOG.info("getTableList: no exception: HbaseAvailability true"); admin = new HBaseAdmin(conf) ; for (HTableDescriptor htd : admin.listTables(tableNameMatching)) { - String tableName = htd.getNameAsString(); - if ( existingTableList != null && existingTableList.contains(tableName)) { - continue; + if (htd == null) { + LOG.error("getTableList: null HTableDescription received from HBaseAdmin.listTables"); } else { - tableList.add(htd.getNameAsString()); + String tableName = htd.getNameAsString(); + if (existingTableList != null && existingTableList.contains(tableName)) { + continue; + } else { + tableList.add(htd.getNameAsString()); + } } } } catch (ZooKeeperConnectionException zce) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b73b2904/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java index 8a73d4d..61a95d2 100644 --- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java +++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java @@ -335,10 +335,14 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider { RangerAccessResult result = plugin.isAccessAllowed(request, auditHandler); - ret = result.getIsAllowed(); + if (result == null) { + LOG.error("RangerAccessControlEnforcer: Internal error: null RangerAccessResult object received back from isAccessAllowed()!"); + } else { + ret = result.getIsAllowed(); - if(! ret) { - break; + if (!ret) { + break; + } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b73b2904/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index bca8858..9dcc33d 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -317,7 +317,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { if (column != null) { column = column.trim(); } - if(StringUtils.isEmpty(column.trim())) { + if(StringUtils.isEmpty(column)) { continue; } @@ -345,7 +345,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { } if(result != null && !result.getIsAllowed()) { - String path = resource != null ? resource.getAsString(result.getServiceDef()) : null; + String path = resource.getAsString(result.getServiceDef()); throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", user, request.getHiveAccessType().name(), path)); @@ -443,20 +443,24 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { } RangerHiveResource resource = createHiveResource(privilegeObject); - RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, context, sessionContext); - RangerAccessResult result = hivePlugin.isAccessAllowed(request); - if (result == null) { - LOG.error("filterListCmdObjects: Internal error: null RangerAccessResult object received back from isAccessAllowed()!"); - } else if (!result.getIsAllowed()) { - if (!LOG.isDebugEnabled()) { - String path = resource.getAsString(result.getServiceDef()); - LOG.debug(String.format("filterListCmdObjects: Permission denied: user [%s] does not have [%s] privilege on [%s]", user, request.getHiveAccessType().name(), path)); - } + if (resource == null) { + LOG.error("filterListCmdObjects: RangerHiveResource returned by createHiveResource is null"); } else { - if (LOG.isDebugEnabled()) { - LOG.debug(String.format("filterListCmdObjects: resource[%s]: allowed!: request[%s], result[%s]", resource, request, result)); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, context, sessionContext); + RangerAccessResult result = hivePlugin.isAccessAllowed(request); + if (result == null) { + LOG.error("filterListCmdObjects: Internal error: null RangerAccessResult object received back from isAccessAllowed()!"); + } else if (!result.getIsAllowed()) { + if (!LOG.isDebugEnabled()) { + String path = resource.getAsString(result.getServiceDef()); + LOG.debug(String.format("filterListCmdObjects: Permission denied: user [%s] does not have [%s] privilege on [%s]", user, request.getHiveAccessType().name(), path)); + } + } else { + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("filterListCmdObjects: resource[%s]: allowed!: request[%s], result[%s]", resource, request, result)); + } + ret.add(privilegeObject); } - ret.add(privilegeObject); } } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b73b2904/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java ---------------------------------------------------------------------- diff --git a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java index 34c8b61..fc07760 100644 --- a/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java +++ b/plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java @@ -76,7 +76,7 @@ public class YarnClient { } final String errMsg = errMessage; - List<String> ret = new ArrayList<String>(); + List<String> ret = null; Callable<List<String>> yarnQueueListGetter = new Callable<List<String>>() { @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b73b2904/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java index 13756c5..b5ca24e 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java @@ -98,13 +98,10 @@ public class ServiceMgr { String msg = "Unable to connect repository with given config for " + svc.getServiceName(); HashMap<String, Object> respData = new HashMap<String, Object>(); - String message = ""; if (e instanceof HadoopException) { respData = ((HadoopException) e).responseData; - message = (respData != null && respData.get("message") != null) ? respData.get( - "message").toString() : msg; } - ret = generateResponseForTestConn(respData, message); + ret = generateResponseForTestConn(respData, msg); LOG.error("==> ServiceMgr.validateConfig Error:" + e); } finally { Thread.currentThread().setContextClassLoader(clsLoader); @@ -290,19 +287,33 @@ public class ServiceMgr { HashMap<String, Object> responseData, String msg) { VXResponse vXResponse = new VXResponse(); - Long objId = (responseData.get("objectId") != null) ? Long - .parseLong(responseData.get("objectId").toString()) : null; - boolean connectivityStatus = (responseData.get("connectivityStatus") != null) ? Boolean - .parseBoolean(responseData.get("connectivityStatus").toString()) - : false; - int statusCode = (connectivityStatus) ? VXResponse.STATUS_SUCCESS - : VXResponse.STATUS_ERROR; - String message = (responseData.get("message") != null) ? responseData - .get("message").toString() : msg; - String description = (responseData.get("description") != null) ? responseData - .get("description").toString() : msg; - String fieldName = (responseData.get("fieldName") != null) ? responseData - .get("fieldName").toString() : null; + Long objId = null; + boolean connectivityStatus = false; + int statusCode = VXResponse.STATUS_ERROR; + String message = msg; + String description = msg; + String fieldName = null; + + if (responseData != null) { + if (responseData.get("objectId") != null) { + objId = Long.parseLong(responseData.get("objectId").toString()); + } + if (responseData.get("connectivityStatus") != null) { + connectivityStatus = Boolean.parseBoolean(responseData.get("connectivityStatus").toString()); + } + if (connectivityStatus) { + statusCode = VXResponse.STATUS_SUCCESS; + } + if (responseData.get("message") != null) { + message = responseData.get("message").toString(); + } + if (responseData.get("description") != null) { + description = responseData.get("description").toString(); + } + if (responseData.get("fieldName") != null) { + fieldName = responseData.get("fieldName").toString(); + } + } VXMessage vXMsg = new VXMessage(); List<VXMessage> vXMsgList = new ArrayList<VXMessage>();
