github-advanced-security[bot] commented on code in PR #981:
URL: https://github.com/apache/syncope/pull/981#discussion_r1950470431
##########
core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/repo/PlainSchemaRepoExt.java:
##########
@@ -20,22 +20,20 @@
import java.util.Collection;
import java.util.List;
-import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.core.persistence.api.entity.AnyTypeClass;
+import org.apache.syncope.core.persistence.api.entity.AnyUtils;
import org.apache.syncope.core.persistence.api.entity.PlainAttr;
import org.apache.syncope.core.persistence.api.entity.PlainSchema;
public interface PlainSchemaRepoExt {
List<? extends PlainSchema> findByAnyTypeClasses(Collection<AnyTypeClass>
anyTypeClasses);
- <T extends PlainAttr<?>> boolean hasAttrs(PlainSchema schema, Class<T>
reference);
+ boolean hasAttrs(PlainSchema schema);
- boolean existsPlainAttrUniqueValue(AnyTypeKind anyTypeKind, String anyKey,
PlainAttr<?> attr);
+ boolean existsPlainAttrUniqueValue(AnyUtils anyUtils, String anyKey,
PlainSchema schema, PlainAttr attr);
Review Comment:
## Useless parameter
The parameter 'schema' is never used.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1899)
##########
core/persistence-common/src/main/java/org/apache/syncope/core/persistence/common/dao/AbstractAnyMatchDAO.java:
##########
@@ -399,7 +399,7 @@
protected abstract void relationshipFieldMatches(PropertyDescriptor pd,
AnyCond cond, PlainSchema schema);
- protected boolean matches(final Any<?> any, final AnyCond cond, final
boolean not) {
+ protected boolean matches(final Any any, final AnyCond cond, final boolean
not) {
Review Comment:
## Confusing overloading of methods
Method AbstractAnyMatchDAO.matches(..) could be confused with overloaded
method [matches](1), since dispatch depends on static types.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1896)
##########
core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/notification/RecipientsProvider.java:
##########
@@ -26,5 +26,5 @@
@FunctionalInterface
public interface RecipientsProvider {
- Set<String> provideRecipients(Notification notification, Any<?> any,
Map<String, Object> jexlVars);
+ Set<String> provideRecipients(Notification notification, Any any,
Map<String, Object> jexlVars);
Review Comment:
## Useless parameter
The parameter 'jexlVars' is never used.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1903)
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SchemaDataBinderImpl.java:
##########
@@ -116,7 +114,7 @@
implementationDAO.findById(schemaTO.getDropdownValueProvider()).ifPresentOrElse(
schema::setDropdownValueProvider,
() -> LOG.debug("Invalid {} {}, ignoring...",
- Implementation.class.getSimpleName(),
schemaTO.getDropdownValueProvider()));
+ Implementation.class.getSimpleName(),
schemaTO.getDropdownValueProvider()));
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1907)
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SchemaDataBinderImpl.java:
##########
@@ -353,7 +345,7 @@
atc.set(anyTypeClass);
},
() -> LOG.debug("Invalid {}{}, ignoring...",
- AnyTypeClass.class.getSimpleName(),
schemaTO.getAnyTypeClass()));
+ AnyTypeClass.class.getSimpleName(),
schemaTO.getAnyTypeClass()));
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1911)
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SchemaDataBinderImpl.java:
##########
@@ -153,7 +151,7 @@
atc.set(anyTypeClass);
},
() -> LOG.debug("Invalid {}{}, ignoring...",
- AnyTypeClass.class.getSimpleName(),
schemaTO.getAnyTypeClass()));
+ AnyTypeClass.class.getSimpleName(),
schemaTO.getAnyTypeClass()));
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1909)
##########
core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/PlainAttr.java:
##########
@@ -18,32 +18,178 @@
*/
package org.apache.syncope.core.persistence.api.entity;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import jakarta.validation.constraints.NotNull;
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.commons.lang3.builder.ToStringBuilder;
+import org.apache.syncope.core.persistence.api.ApplicationContextProvider;
import
org.apache.syncope.core.persistence.api.attrvalue.PlainAttrValidationManager;
+import org.apache.syncope.core.persistence.api.dao.NotFoundException;
+import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO;
-public interface PlainAttr<A extends Any<?>> extends Entity {
+@JsonInclude(JsonInclude.Include.NON_EMPTY)
+public class PlainAttr implements Serializable {
- A getOwner();
+ private static final long serialVersionUID = -9115431608821806124L;
- void setOwner(A owner);
+ @NotNull
+ private String schema;
- String getSchemaKey();
+ @JsonIgnore
+ private PlainSchema plainSchema;
- PlainSchema getSchema();
+ /**
+ * Values of this attribute (if schema is not UNIQUE).
+ */
+ private final List<PlainAttrValue> values = new ArrayList<>();
- void setSchema(PlainSchema schema);
+ /**
+ * Value of this attribute (if schema is UNIQUE).
+ */
+ private PlainAttrValue uniqueValue;
- void add(PlainAttrValue attrValue);
+ /**
+ * The membership of this attribute; might be {@code NULL} if this
attribute is not related to a membership.
+ */
+ private String membership;
- void add(PlainAttrValidationManager validator, String value, AnyUtils
anyUtils);
+ public String getSchema() {
+ return schema;
+ }
- void add(PlainAttrValidationManager validator, String value,
PlainAttrValue attrValue);
+ public void setSchema(final String schema) {
+ this.schema = schema;
+ }
- PlainAttrUniqueValue getUniqueValue();
+ @JsonIgnore
+ public void setPlainSchema(final PlainSchema plainSchema) {
+ this.plainSchema = plainSchema;
+ this.schema = plainSchema.getKey();
+ }
- void setUniqueValue(PlainAttrUniqueValue uniqueValue);
+ public void add(final PlainAttrValue attrValue) {
+ values.add(attrValue);
+ }
- List<? extends PlainAttrValue> getValues();
+ public List<PlainAttrValue> getValues() {
Review Comment:
## Exposing internal representation
getValues exposes the internal representation stored in field values. The
value may be modified [after this call to getValues](1).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1894)
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SchemaDataBinderImpl.java:
##########
@@ -273,7 +265,7 @@
atc.set(anyTypeClass);
},
() -> LOG.debug("Invalid {}{}, ignoring...",
- AnyTypeClass.class.getSimpleName(),
schemaTO.getAnyTypeClass()));
+ AnyTypeClass.class.getSimpleName(),
schemaTO.getAnyTypeClass()));
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1910)
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SchemaDataBinderImpl.java:
##########
@@ -135,7 +133,7 @@
implementationDAO.findById(schemaTO.getValidator()).ifPresentOrElse(
schema::setValidator,
() -> LOG.debug("Invalid {} {}, ignoring...",
- Implementation.class.getSimpleName(),
schemaTO.getValidator()));
+ Implementation.class.getSimpleName(),
schemaTO.getValidator()));
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1908)
##########
core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/notification/RecipientsProvider.java:
##########
@@ -26,5 +26,5 @@
@FunctionalInterface
public interface RecipientsProvider {
- Set<String> provideRecipients(Notification notification, Any<?> any,
Map<String, Object> jexlVars);
+ Set<String> provideRecipients(Notification notification, Any any,
Map<String, Object> jexlVars);
Review Comment:
## Useless parameter
The parameter 'any' is never used.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1902)
##########
core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/JexlUtilsTest.java:
##########
@@ -146,9 +146,9 @@
@Test
public void evaluateMandatoryCondition(
final @Mock DerAttrHandler derAttrHandler,
- final @Mock Any<?> any,
+ final @Mock Any any,
final @Mock DerSchema derSchema,
- final @Mock Collection<? extends PlainAttr<?>> plainAttrs) {
+ final @Mock Collection<PlainAttr> plainAttrs) {
Review Comment:
## Useless parameter
The parameter 'plainAttrs' is never used.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1900)
##########
core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/notification/RecipientsProvider.java:
##########
@@ -26,5 +26,5 @@
@FunctionalInterface
public interface RecipientsProvider {
- Set<String> provideRecipients(Notification notification, Any<?> any,
Map<String, Object> jexlVars);
+ Set<String> provideRecipients(Notification notification, Any any,
Map<String, Object> jexlVars);
Review Comment:
## Useless parameter
The parameter 'notification' is never used.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1901)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
