[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[ https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16759923#comment-16759923 ] ASF subversion and git services commented on DISPATCH-1011: --- Commit 0f7ab6d623b90cc57d99c1a4b42090c48cd4ac28 in qpid-dispatch's branch refs/heads/master from Jiri Danek [ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=0f7ab6d ] NO-JIRA: remove unused declaration of _qd_policy_link_user_name_subst Relates to DISPATCH-1009, DISPATCH-1011 which removed the implementation. > Policy username substitution fails to match certain user names > -- > > Key: DISPATCH-1011 > URL: https://issues.apache.org/jira/browse/DISPATCH-1011 > Project: Qpid Dispatch > Issue Type: Bug > Components: Policy Engine >Affects Versions: 1.0.1 >Reporter: Chuck Rolke >Assignee: Chuck Rolke >Priority: Major > Fix For: 1.2.0 > > > If a username is a substring of a policy rule's static text then the username > substitution fails. For example: > {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}} > {{ return "proposed link 'temp-em' should match allowed links with > ${user} but does not";}} > Since the username *em* is found in the fixed text of *temp-* then the > substitution logic goes awry and the match fails. Thanks to aconway for > making this observation. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[ https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498533#comment-16498533 ] ASF subversion and git services commented on DISPATCH-1011: --- Commit 3803dc8cbd722847bbfd7238cd0dcd5d2728cb0b in qpid-dispatch's branch refs/heads/master from [~chug] [ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=3803dc8 ] DISPATCH-1011: Improve user name substitution token logic and code Remove code flagged by Coverity. Add scheme that specifies precisely where user name substitution goes. > Policy username substitution fails to match certain user names > -- > > Key: DISPATCH-1011 > URL: https://issues.apache.org/jira/browse/DISPATCH-1011 > Project: Qpid Dispatch > Issue Type: Bug > Components: Policy Engine >Affects Versions: 1.0.1 >Reporter: Chuck Rolke >Assignee: Chuck Rolke >Priority: Major > > If a username is a substring of a policy rule's static text then the username > substitution fails. For example: > {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}} > {{ return "proposed link 'temp-em' should match allowed links with > ${user} but does not";}} > Since the username *em* is found in the fixed text of *temp-* then the > substitution logic goes awry and the match fails. Thanks to aconway for > making this observation. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[ https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498536#comment-16498536 ] ASF subversion and git services commented on DISPATCH-1011: --- Commit c38f99e2aa9836b326cc8d1e66048281e0ef0829 in qpid-dispatch's branch refs/heads/master from [~chug] [ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=c38f99e ] DISPATCH-1011: Fix merge errors found by tox; delete usused defs This closes #311 > Policy username substitution fails to match certain user names > -- > > Key: DISPATCH-1011 > URL: https://issues.apache.org/jira/browse/DISPATCH-1011 > Project: Qpid Dispatch > Issue Type: Bug > Components: Policy Engine >Affects Versions: 1.0.1 >Reporter: Chuck Rolke >Assignee: Chuck Rolke >Priority: Major > > If a username is a substring of a policy rule's static text then the username > substitution fails. For example: > {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}} > {{ return "proposed link 'temp-em' should match allowed links with > ${user} but does not";}} > Since the username *em* is found in the fixed text of *temp-* then the > substitution logic goes awry and the match fails. Thanks to aconway for > making this observation. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[ https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498538#comment-16498538 ] ASF GitHub Bot commented on DISPATCH-1011: -- Github user asfgit closed the pull request at: https://github.com/apache/qpid-dispatch/pull/311 > Policy username substitution fails to match certain user names > -- > > Key: DISPATCH-1011 > URL: https://issues.apache.org/jira/browse/DISPATCH-1011 > Project: Qpid Dispatch > Issue Type: Bug > Components: Policy Engine >Affects Versions: 1.0.1 >Reporter: Chuck Rolke >Assignee: Chuck Rolke >Priority: Major > > If a username is a substring of a policy rule's static text then the username > substitution fails. For example: > {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}} > {{ return "proposed link 'temp-em' should match allowed links with > ${user} but does not";}} > Since the username *em* is found in the fixed text of *temp-* then the > substitution logic goes awry and the match fails. Thanks to aconway for > making this observation. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[ https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498535#comment-16498535 ] ASF subversion and git services commented on DISPATCH-1011: --- Commit 729ada00b00de840935ffd35efa55e61f11b4a39 in qpid-dispatch's branch refs/heads/master from [~chug] [ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=729ada0 ] DISPATCH-1011: Parse tree exports separators. Improve self tests. Test sourcePattern suffixes found latent paste error in code. More through test cases to hit more conditional code paths. > Policy username substitution fails to match certain user names > -- > > Key: DISPATCH-1011 > URL: https://issues.apache.org/jira/browse/DISPATCH-1011 > Project: Qpid Dispatch > Issue Type: Bug > Components: Policy Engine >Affects Versions: 1.0.1 >Reporter: Chuck Rolke >Assignee: Chuck Rolke >Priority: Major > > If a username is a substring of a policy rule's static text then the username > substitution fails. For example: > {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}} > {{ return "proposed link 'temp-em' should match allowed links with > ${user} but does not";}} > Since the username *em* is found in the fixed text of *temp-* then the > substitution logic goes awry and the match fails. Thanks to aconway for > making this observation. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[ https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498534#comment-16498534 ] ASF subversion and git services commented on DISPATCH-1011: --- Commit 2ccb9e7e0095e92ef09540577c4bf1a5fb7c4622 in qpid-dispatch's branch refs/heads/master from [~chug] [ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=2ccb9e7 ] DISPATCH-1011: Describe user name substitution changes in doc > Policy username substitution fails to match certain user names > -- > > Key: DISPATCH-1011 > URL: https://issues.apache.org/jira/browse/DISPATCH-1011 > Project: Qpid Dispatch > Issue Type: Bug > Components: Policy Engine >Affects Versions: 1.0.1 >Reporter: Chuck Rolke >Assignee: Chuck Rolke >Priority: Major > > If a username is a substring of a policy rule's static text then the username > substitution fails. For example: > {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}} > {{ return "proposed link 'temp-em' should match allowed links with > ${user} but does not";}} > Since the username *em* is found in the fixed text of *temp-* then the > substitution logic goes awry and the match fails. Thanks to aconway for > making this observation. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[ https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16497998#comment-16497998 ] ASF GitHub Bot commented on DISPATCH-1011: -- GitHub user ChugR opened a pull request: https://github.com/apache/qpid-dispatch/pull/311 Dispatch 1011- Policy username substition failures; Coverity issues ## Problem statement * The defect is described in [DISPATCH-1011](https://issues.apache.org/jira/browse/DISPATCH-1011) * Coverity pointed out the possibility of an unterminated string. ## Resolution Both issues are addressed with this PR. * Username substitutions are processed at creation time to divide the policy rule into a prefix before the username and a suffix after the user name. Now there is no ambiguity about where the username substitution goes during policy application to proposed link source or target addresses. * Username substitution tokens in match patterns are limited in form and placement to eliminate ambiguity in conjunction with address match wildcards. * The code Coverity observed is replaced wholesale. ## Restrictions This PR adds some restrictions to the use of username substitutions in source and target address patterns. * The username substitution token must stand alone as a delimited search token. It may not be concatenated with fixed text strings. Example: token forms _abc-${user}_ and _${user}-xyz_ are not allowed. * The username substitution token may only be specified as the first or the last token in a rule clause. It may not be embedded somewhere in the middle of a rule. Example: match patterns _#.${user}.*_ and _fa.#.la.lala.${user}.la.#.la.lalala_ are not allowed. You can merge this pull request into a Git repository by running: $ git pull https://github.com/ChugR/qpid-dispatch DISPATCH-1011 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/qpid-dispatch/pull/311.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #311 commit 864ed3af3d0c69a1f62444a7cd056db137841a77 Author: Chuck Rolke Date: 2018-05-31T17:35:49Z DISPATCH-1011: Improve user name substitution token logic and code Remove code flagged by Coverity. Add scheme that specifies precisely where user name substitution goes. commit 74251cd14a5e5ee8163dd2796f6516afca76ed96 Author: Chuck Rolke Date: 2018-05-31T18:02:18Z DISPATCH-1011: Describe user name substitution changes in doc commit 7c9798135e728143377be54ce18313bf2c60894c Author: Chuck Rolke Date: 2018-05-31T19:52:39Z DISPATCH-1011: Parse tree exports separators. Improve self tests. Test sourcePattern suffixes found latent paste error in code. More through test cases to hit more conditional code paths. > Policy username substitution fails to match certain user names > -- > > Key: DISPATCH-1011 > URL: https://issues.apache.org/jira/browse/DISPATCH-1011 > Project: Qpid Dispatch > Issue Type: Bug > Components: Policy Engine >Affects Versions: 1.0.1 >Reporter: Chuck Rolke >Assignee: Chuck Rolke >Priority: Major > > If a username is a substring of a policy rule's static text then the username > substitution fails. For example: > {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}} > {{ return "proposed link 'temp-em' should match allowed links with > ${user} but does not";}} > Since the username *em* is found in the fixed text of *temp-* then the > substitution logic goes awry and the match fails. Thanks to aconway for > making this observation. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org