Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.6 1b2b32be2 -> c202a20c1
RANGER-1124 Good coding practices in Ranger recommended by static code analysis -UI Signed-off-by: sneethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c202a20c Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c202a20c Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c202a20c Branch: refs/heads/ranger-0.6 Commit: c202a20c1a46aa1c120b654c3e53fbd6bef02606 Parents: 1b2b32b Author: Gautam Borad <[email protected]> Authored: Mon Aug 8 08:25:30 2016 +0530 Committer: sneethiraj <[email protected]> Committed: Mon Aug 8 00:43:27 2016 -0400 ---------------------------------------------------------------------- .../main/webapp/scripts/modules/XAOverrides.js | 1 + .../src/main/webapp/scripts/utils/XAUtils.js | 12 ++++++------ .../main/webapp/scripts/views/common/AddGroup.js | 8 ++++---- .../views/permissions/ModulePermissionForm.js | 10 +++++----- .../scripts/views/policies/PermissionList.js | 14 ++++++++------ .../scripts/views/reports/UserAccessLayout.js | 18 +++++++++--------- .../webapp/scripts/views/users/UserTableLayout.js | 2 +- 7 files changed, 34 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c202a20c/security-admin/src/main/webapp/scripts/modules/XAOverrides.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js index 5604237..7d05085 100644 --- a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js +++ b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js @@ -407,6 +407,7 @@ renderResource : function() { var that = this; if(!_.isNull(this.value) && !_.isEmpty(this.value)){ + this.value.values = _.map(this.value.values, function(val){ return _.escape(val); }); this.$resource.val(this.value.values.toString()) //to preserve resources values to text field if(!_.isUndefined(this.value.resourceType)){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c202a20c/security-admin/src/main/webapp/scripts/utils/XAUtils.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js index 7c4e445..05733f8 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js +++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js @@ -430,7 +430,7 @@ define(function(require) { var groupArr = _.uniq(_.compact(_.map(rawValue.models, function(m, i) { if (m.has('groupName')) - return m.get('groupName'); + return _.escape(m.get('groupName')); }))); if (groupArr.length > 0) { if (rawValue.first().has('resourceId')) @@ -492,14 +492,14 @@ define(function(require) { if (i >= 4) { return '<span class="label label-info float-left-margin-2" policy-' + type + '-id="' + model.id + '" style="display:none;">' - + name + '</span>'; + + _.escape(name) + '</span>'; } else if (i == 3 && groupArr.length > 4) { showMoreLess = true; return '<span class="label label-info float-left-margin-2" policy-' + type - + '-id="' + model.id + '">' + name + '</span>'; + + '-id="' + model.id + '">' + _.escape(name) + '</span>'; } else { return '<span class="label label-info float-left-margin-2" policy-' + type - + '-id="' + model.id + '">' + name + '</span>'; + + '-id="' + model.id + '">' + _.escape(name) + '</span>'; } }); if (showMoreLess) { @@ -526,11 +526,11 @@ define(function(require) { return '--'; if (userOrGroups == 'groups') { _.each(rawValue, function(perm) { - objArr = _.union(objArr, perm.groupName) + objArr = _.union(objArr, _.escape(perm.groupName)) }); } else if (userOrGroups == 'users') { _.each(rawValue, function(perm) { - objArr = _.union(objArr, perm.userName) + objArr = _.union(objArr, _.escape(perm.userName)) }); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c202a20c/security-admin/src/main/webapp/scripts/views/common/AddGroup.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/common/AddGroup.js b/security-admin/src/main/webapp/scripts/views/common/AddGroup.js index 1246e57..81fd901 100644 --- a/security-admin/src/main/webapp/scripts/views/common/AddGroup.js +++ b/security-admin/src/main/webapp/scripts/views/common/AddGroup.js @@ -101,7 +101,7 @@ define(function(require){ values = $(that.el).find('.select2-container-multi').select2('data') } else { var groupNameList = that.model.get('groupNameList'); - values = _.map(that.model.get('groupIdList'),function(id,i){ return {'id': id, 'text': groupNameList[i]};}); + values = _.map(that.model.get('groupIdList'),function(id,i){ return {'id': id, 'text': _.escape(groupNameList[i]) };}); } valArr = _.map(values,function(val,i){ @@ -138,7 +138,7 @@ define(function(require){ }, getSelect2Options :function(){ var that = this,groupCnt = 0; - var tags = _.map(that.model.get('groupIdList'),function(id,i){ return {'id': id, 'text': that.model.get('groupNameList')[i]};}); + var tags = _.map(that.model.get('groupIdList'),function(id,i){ return {'id': id, 'text': _.escape(that.model.get('groupNameList')[i]) };}); return{ closeOnSelect : true, placeholder : 'Select Group', @@ -171,7 +171,7 @@ define(function(require){ selectedVals = that.$('.tags').data('editable').input.$input.val().split(','); } if(data.resultSize != "0"){ - results = data.vXGroups.map(function(m, i){ return {id : (m.id).toString(), text: m.name}; }); + results = data.vXGroups.map(function(m, i){ return {id : (m.id).toString(), text: _.escape(m.name) }; }); if(!_.isEmpty(selectedVals)) { results = XAUtil.filterResultByIds(results, selectedVals); } @@ -211,4 +211,4 @@ define(function(require){ }); return AddGroup; -}); \ No newline at end of file +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c202a20c/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js index 9a97dc1..1756955 100644 --- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js +++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js @@ -105,12 +105,12 @@ define(function(require) { setupFieldsforEditModule : function(){ var groupsNVList=[],usersNVList =[]; groupsNVList = _.map(this.model.get('groupPermList'),function(gPerm){ - return {'id': Number(gPerm.groupId), 'text':gPerm.groupName}; + return {'id': Number(gPerm.groupId), 'text':_.escape(gPerm.groupName)}; }); this.model.set('selectGroups', groupsNVList); usersNVList = _.map(this.model.get('userPermList'),function(uPerm){ - return {'id': Number(uPerm.userId), 'text':uPerm.userName}; + return {'id': Number(uPerm.userId), 'text':_.escape(uPerm.userName)}; }); this.model.set('selectUsers', usersNVList); @@ -136,7 +136,7 @@ define(function(require) { initSelection : function (element, callback) { var data = []; _.each(options.permList,function (elem) { - data.push({id: elem[options.idKey], text: elem[options.textKey]}); + data.push({id: elem[options.idKey], text: _.escape(elem[options.textKey])}); }); callback(data); }, @@ -169,9 +169,9 @@ define(function(require) { selectedVals = that.getSelectedValues(options); if(data.resultSize != "0"){ if(!_.isUndefined(data.vXGroups)){ - results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: m.name}; }); + results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: _.escape(m.name) }; }); } else if(!_.isUndefined(data.vXUsers)){ - results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: m.name}; }); + results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: _.escape(m.name) }; }); if(!_.isEmpty(selectedVals)){ results = XAUtil.filterResultByText(results, selectedVals); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c202a20c/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js index b48e306..d5631e0 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js +++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js @@ -115,10 +115,10 @@ define(function(require) { }); if(this.model.has('editMode') && this.model.get('editMode')){ if(!_.isUndefined(this.model.get('groupName')) && !_.isNull(this.model.get('groupName'))){ - this.ui.selectGroups.val(this.model.get('groupName')); + this.ui.selectGroups.val(_.map(this.model.get('groupName'), function(name){ return _.escape(name); })); } if(!_.isUndefined(this.model.get('userName')) && !_.isNull(this.model.get('userName'))){ - this.ui.selectUsers.val(this.model.get('userName')); + this.ui.selectUsers.val(_.map(this.model.get('userName'), function(name){ return _.escape(name); })); } if(!_.isUndefined(this.model.get('conditions'))){ @@ -200,6 +200,7 @@ define(function(require) { }); } var tags = list.map(function(m){ +// return { id : m.id+"" , text : _.escape(m.get('name'))}; return { id : m.id+"" , text : m.get('name')}; }); @@ -213,6 +214,7 @@ define(function(require) { initSelection : function (element, callback) { var data = [], names = (typeGroup) ? that.model.get('groupName') : that.model.get('userName'); _.each(names, function (name) { +// name = _.escape(name); var obj = _.findWhere(tags, {text: name }); data.push({ id : obj.id, text : name }) }); @@ -230,9 +232,9 @@ define(function(require) { selectedVals = that.getSelectedValues($select, typeGroup); if(data.resultSize != "0"){ if(typeGroup){ - results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: m.name}; }); + results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: _.escape(m.name) }; }); } else { - results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: m.name}; }); + results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: _.escape(m.name) }; }); } if(!_.isEmpty(selectedVals)){ results = XAUtil.filterResultByText(results, selectedVals); @@ -653,7 +655,7 @@ define(function(require) { return; } that.model.set('rowFilterInfo', {'filterExpr': value }); - $(this).html("<span class='label label-info'>" + value + "</span>"); + $(this).html("<span class='label label-info'>" + _.escape(value) + "</span>"); that.ui.addRowFilterSpan.find('i').attr('class', 'icon-pencil'); that.ui.addRowFilterSpan.attr('title','edit'); }, @@ -776,4 +778,4 @@ define(function(require) { } }); -}); \ No newline at end of file +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c202a20c/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js index 159d18a..3535173 100644 --- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js +++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js @@ -214,9 +214,9 @@ define(function(require) {'use strict'; } else { _.each(model.get('groups'),function(group,index){ if(index < 4) { - group_str += '<span class="label label-info cellWidth-1 float-left-margin-2" group-policy-id="'+model.cid+'" style="">' + group + endSpanEle + " "; + group_str += '<span class="label label-info cellWidth-1 float-left-margin-2" group-policy-id="'+model.cid+'" style="">' + _.escape(group) + endSpanEle + " "; } else { - group_str += '<span class="label label-info cellWidth-1 float-left-margin-2" group-policy-id="'+model.cid+'" style="display:none">' + group+ endSpanEle + " "; + group_str += '<span class="label label-info cellWidth-1 float-left-margin-2" group-policy-id="'+model.cid+'" style="display:none">' + _.escape(group) + endSpanEle + " "; } }); if(model.get('groups').length > 4) { @@ -246,9 +246,9 @@ define(function(require) {'use strict'; } else { _.each(model.get('users'),function(user,index){ if(index < 4) { - user_str += '<span class="label label-info cellWidth-1 float-left-margin-2" user-policy-id="'+model.cid+'" style="">' + user + endSpanEle + " "; + user_str += '<span class="label label-info cellWidth-1 float-left-margin-2" user-policy-id="'+model.cid+'" style="">' + _.escape(user) + endSpanEle + " "; } else { - user_str += '<span class="label label-info cellWidth-1 float-left-margin-2" user-policy-id="'+model.cid+'" style="display:none">' + user+ endSpanEle + " "; + user_str += '<span class="label label-info cellWidth-1 float-left-margin-2" user-policy-id="'+model.cid+'" style="display:none">' + _.escape(user) + endSpanEle + " "; } }); if(model.get('users').length > 4) { @@ -327,7 +327,7 @@ define(function(require) {'use strict'; strVal += "<span title='"; names = ''; _.map(resourceObj.values,function(resourceVal){ - names += resourceVal+","; + names += _.escape(resourceVal)+","; }); names = names.slice(0,-1); strVal += names + "'>"+names +"</span>"; @@ -513,7 +513,7 @@ define(function(require) {'use strict'; /** on render callback */ setupGroupAutoComplete : function(){ this.groupArr = this.groupList.map(function(m){ - return { id : m.get('name') , text : m.get('name')}; + return { id : m.get('name') , text : _.escape(m.get('name'))}; }); var that = this, arr = []; this.ui.userGroup.select2({ @@ -543,7 +543,7 @@ define(function(require) {'use strict'; if(!_.isEmpty(that.ui.userGroup.val())) selectedVals = that.ui.userGroup.val().split(','); if(data.resultSize != "0"){ - results = data.vXGroups.map(function(m, i){ return {id : m.name, text: m.name}; }); + results = data.vXGroups.map(function(m, i){ return {id : m.name, text: _.escape(m.name) }; }); if(!_.isEmpty(selectedVals)) results = XAUtil.filterResultByIds(results, selectedVals); return {results : results}; @@ -566,7 +566,7 @@ define(function(require) {'use strict'; var that = this; var arr = []; this.userArr = this.userList.map(function(m){ - return { id : m.get('name') , text : m.get('name')}; + return { id : m.get('name') , text : _.escape(m.get('name')) }; }); this.ui.userName.select2({ // multiple: true, @@ -597,7 +597,7 @@ define(function(require) {'use strict'; if(!_.isEmpty(that.ui.userName.select2('val'))) selectedVals = that.ui.userName.select2('val'); if(data.resultSize != "0"){ - results = data.vXUsers.map(function(m, i){ return {id : m.name, text: m.name}; }); + results = data.vXUsers.map(function(m, i){ return {id : m.name, text: _.escape(m.name) }; }); if(!_.isEmpty(selectedVals)) results = XAUtil.filterResultByIds(results, selectedVals); return {results : results}; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c202a20c/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js index 1a5e8c6..e8e434b 100644 --- a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js @@ -456,7 +456,7 @@ define(function(require){ var selArr = []; var message = ''; _.each(collection.selected,function(obj){ - selArr.push(obj.get('name')); + selArr.push(_.escape(obj.get('name'))); }); var vXStrings = []; var jsonUsers = {};
