Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 a8d5eac12 -> 9a0614b28
RANGER-882 Scrub received policies before policy engine uses it to guard against inadvertant data corruption: remove null policy resource values Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9a0614b2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9a0614b2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9a0614b2 Branch: refs/heads/ranger-0.5 Commit: 9a0614b28642acc8523ea95f77b38fdc2aca694e Parents: a8d5eac Author: Alok Lal <[email protected]> Authored: Fri Mar 11 18:02:41 2016 -0800 Committer: Alok Lal <[email protected]> Committed: Fri Mar 11 18:02:41 2016 -0800 ---------------------------------------------------------------------- .../policyengine/RangerPolicyRepository.java | 33 ++++++++++++++++++++ 1 file changed, 33 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9a0614b2/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java index c063b94..45bc792 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java @@ -35,6 +35,7 @@ import org.apache.ranger.plugin.util.ServicePolicies; import java.util.ArrayList; import java.util.Collections; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -162,6 +163,7 @@ public class RangerPolicyRepository { LOG.debug("==> RangerPolicyRepository.buildPolicyEvaluator(" + policy + "," + serviceDef + ", " + options + ")"); } + scrubPolicy(policy); RangerPolicyEvaluator ret = null; if(StringUtils.equalsIgnoreCase(options.evaluatorType, RangerPolicyEvaluator.EVALUATOR_TYPE_DEFAULT)) { @@ -225,6 +227,37 @@ public class RangerPolicyRepository { } } + /** + * Remove nulls from policy resource values + * @param policy + */ + boolean scrubPolicy(RangerPolicy policy) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyRepository.scrubPolicy(" + policy + ")"); + } + boolean altered = false; + Long policyId = policy.getId(); + Map<String, RangerPolicy.RangerPolicyResource> resourceMap = policy.getResources(); + for (Map.Entry<String, RangerPolicy.RangerPolicyResource> entry : resourceMap.entrySet()) { + String resourceName = entry.getKey(); + RangerPolicy.RangerPolicyResource resource = entry.getValue(); + Iterator<String> iterator = resource.getValues().iterator(); + while (iterator.hasNext()) { + String value = iterator.next(); + if (value == null) { + LOG.warn("RangerPolicyRepository.scrubPolicyResource: found null resource value for " + resourceName + " in policy " + policyId + "! Removing..."); + iterator.remove(); + altered = true; + } + } + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyRepository.scrubPolicy(" + policy + "): " + altered); + } + return altered; + } + @Override public String toString( ) { StringBuilder sb = new StringBuilder();
