incubator-ranger git commit: RANGER-882 Scrub received policies before policy engine uses it to guard against inadvertant data corruption: remove null policy resource values

Fri, 11 Mar 2016 17:45:07 -0800 

Repository: incubator-ranger
Updated Branches:
  refs/heads/master bda66dd48 -> 880692ae9


RANGER-882 Scrub received policies before policy engine uses it to guard 
against inadvertant data corruption: remove null policy resource values


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/880692ae
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/880692ae
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/880692ae

Branch: refs/heads/master
Commit: 880692ae98f7008ec5d5bf34a029cc461dbb0318
Parents: bda66dd
Author: Alok Lal <[email protected]>
Authored: Fri Mar 11 16:50:50 2016 -0800
Committer: Alok Lal <[email protected]>
Committed: Fri Mar 11 17:40:30 2016 -0800

----------------------------------------------------------------------
 .../policyengine/RangerPolicyRepository.java    | 32 ++++++++++++++++++++
 1 file changed, 32 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/880692ae/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index e79b5cd..d39dd52 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -402,6 +402,7 @@ public class RangerPolicyRepository {
             LOG.debug("==> RangerPolicyRepository.buildPolicyEvaluator(" + 
policy + "," + serviceDef + ", " + options + ")");
         }
 
+        scrubPolicy(policy);
         RangerPolicyEvaluator ret;
 
         if(StringUtils.equalsIgnoreCase(options.evaluatorType, 
RangerPolicyEvaluator.EVALUATOR_TYPE_CACHED)) {
@@ -461,6 +462,37 @@ public class RangerPolicyRepository {
         }
     }
 
+    /**
+     * Remove nulls from policy resource values
+     * @param policy
+     */
+    boolean scrubPolicy(RangerPolicy policy) {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("==> RangerPolicyRepository.scrubPolicy(" + policy + 
")");
+        }
+        boolean altered = false;
+        Long policyId = policy.getId();
+        Map<String, RangerPolicy.RangerPolicyResource> resourceMap = 
policy.getResources();
+        for (Map.Entry<String, RangerPolicy.RangerPolicyResource> entry : 
resourceMap.entrySet()) {
+            String resourceName = entry.getKey();
+            RangerPolicy.RangerPolicyResource resource = entry.getValue();
+            Iterator<String> iterator = resource.getValues().iterator();
+            while (iterator.hasNext()) {
+                String value = iterator.next();
+                if (value == null) {
+                    LOG.warn("RangerPolicyRepository.scrubPolicyResource: 
found null resource value for " + resourceName + " in policy " + policyId + "!  
Removing...");
+                    iterator.remove();
+                    altered = true;
+                }
+            }
+        }
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerPolicyRepository.scrubPolicy(" + policy + "): 
" + altered);
+        }
+        return altered;
+    }
+
     @Override
     public String toString( ) {
         StringBuilder sb = new StringBuilder();

Reply via email to