[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[
https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16759923#comment-16759923
]
ASF subversion and git services commented on DISPATCH-1011:
---
Commit 0f7ab6d623b90cc57d99c1a4b42090c48cd4ac28 in qpid-dispatch's branch
refs/heads/master from Jiri Danek
[ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=0f7ab6d ]
NO-JIRA: remove unused declaration of _qd_policy_link_user_name_subst
Relates to DISPATCH-1009, DISPATCH-1011 which removed the implementation.
> Policy username substitution fails to match certain user names
> --
>
> Key: DISPATCH-1011
> URL: https://issues.apache.org/jira/browse/DISPATCH-1011
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Policy Engine
>Affects Versions: 1.0.1
>Reporter: Chuck Rolke
>Assignee: Chuck Rolke
>Priority: Major
> Fix For: 1.2.0
>
>
> If a username is a substring of a policy rule's static text then the username
> substitution fails. For example:
> {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}}
> {{ return "proposed link 'temp-em' should match allowed links with
> ${user} but does not";}}
> Since the username *em* is found in the fixed text of *temp-* then the
> substitution logic goes awry and the match fails. Thanks to aconway for
> making this observation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[
https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498533#comment-16498533
]
ASF subversion and git services commented on DISPATCH-1011:
---
Commit 3803dc8cbd722847bbfd7238cd0dcd5d2728cb0b in qpid-dispatch's branch
refs/heads/master from [~chug]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=3803dc8 ]
DISPATCH-1011: Improve user name substitution token logic and code
Remove code flagged by Coverity.
Add scheme that specifies precisely where user name substitution goes.
> Policy username substitution fails to match certain user names
> --
>
> Key: DISPATCH-1011
> URL: https://issues.apache.org/jira/browse/DISPATCH-1011
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Policy Engine
>Affects Versions: 1.0.1
>Reporter: Chuck Rolke
>Assignee: Chuck Rolke
>Priority: Major
>
> If a username is a substring of a policy rule's static text then the username
> substitution fails. For example:
> {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}}
> {{ return "proposed link 'temp-em' should match allowed links with
> ${user} but does not";}}
> Since the username *em* is found in the fixed text of *temp-* then the
> substitution logic goes awry and the match fails. Thanks to aconway for
> making this observation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[
https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498536#comment-16498536
]
ASF subversion and git services commented on DISPATCH-1011:
---
Commit c38f99e2aa9836b326cc8d1e66048281e0ef0829 in qpid-dispatch's branch
refs/heads/master from [~chug]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=c38f99e ]
DISPATCH-1011: Fix merge errors found by tox; delete usused defs
This closes #311
> Policy username substitution fails to match certain user names
> --
>
> Key: DISPATCH-1011
> URL: https://issues.apache.org/jira/browse/DISPATCH-1011
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Policy Engine
>Affects Versions: 1.0.1
>Reporter: Chuck Rolke
>Assignee: Chuck Rolke
>Priority: Major
>
> If a username is a substring of a policy rule's static text then the username
> substitution fails. For example:
> {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}}
> {{ return "proposed link 'temp-em' should match allowed links with
> ${user} but does not";}}
> Since the username *em* is found in the fixed text of *temp-* then the
> substitution logic goes awry and the match fails. Thanks to aconway for
> making this observation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[
https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498538#comment-16498538
]
ASF GitHub Bot commented on DISPATCH-1011:
--
Github user asfgit closed the pull request at:
https://github.com/apache/qpid-dispatch/pull/311
> Policy username substitution fails to match certain user names
> --
>
> Key: DISPATCH-1011
> URL: https://issues.apache.org/jira/browse/DISPATCH-1011
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Policy Engine
>Affects Versions: 1.0.1
>Reporter: Chuck Rolke
>Assignee: Chuck Rolke
>Priority: Major
>
> If a username is a substring of a policy rule's static text then the username
> substitution fails. For example:
> {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}}
> {{ return "proposed link 'temp-em' should match allowed links with
> ${user} but does not";}}
> Since the username *em* is found in the fixed text of *temp-* then the
> substitution logic goes awry and the match fails. Thanks to aconway for
> making this observation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[
https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498535#comment-16498535
]
ASF subversion and git services commented on DISPATCH-1011:
---
Commit 729ada00b00de840935ffd35efa55e61f11b4a39 in qpid-dispatch's branch
refs/heads/master from [~chug]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=729ada0 ]
DISPATCH-1011: Parse tree exports separators. Improve self tests.
Test sourcePattern suffixes found latent paste error in code.
More through test cases to hit more conditional code paths.
> Policy username substitution fails to match certain user names
> --
>
> Key: DISPATCH-1011
> URL: https://issues.apache.org/jira/browse/DISPATCH-1011
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Policy Engine
>Affects Versions: 1.0.1
>Reporter: Chuck Rolke
>Assignee: Chuck Rolke
>Priority: Major
>
> If a username is a substring of a policy rule's static text then the username
> substitution fails. For example:
> {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}}
> {{ return "proposed link 'temp-em' should match allowed links with
> ${user} but does not";}}
> Since the username *em* is found in the fixed text of *temp-* then the
> substitution logic goes awry and the match fails. Thanks to aconway for
> making this observation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[
https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16498534#comment-16498534
]
ASF subversion and git services commented on DISPATCH-1011:
---
Commit 2ccb9e7e0095e92ef09540577c4bf1a5fb7c4622 in qpid-dispatch's branch
refs/heads/master from [~chug]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=2ccb9e7 ]
DISPATCH-1011: Describe user name substitution changes in doc
> Policy username substitution fails to match certain user names
> --
>
> Key: DISPATCH-1011
> URL: https://issues.apache.org/jira/browse/DISPATCH-1011
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Policy Engine
>Affects Versions: 1.0.1
>Reporter: Chuck Rolke
>Assignee: Chuck Rolke
>Priority: Major
>
> If a username is a substring of a policy rule's static text then the username
> substitution fails. For example:
> {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}}
> {{ return "proposed link 'temp-em' should match allowed links with
> ${user} but does not";}}
> Since the username *em* is found in the fixed text of *temp-* then the
> substitution logic goes awry and the match fails. Thanks to aconway for
> making this observation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (DISPATCH-1011) Policy username substitution fails to match certain user names
[
https://issues.apache.org/jira/browse/DISPATCH-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16497998#comment-16497998
]
ASF GitHub Bot commented on DISPATCH-1011:
--
GitHub user ChugR opened a pull request:
https://github.com/apache/qpid-dispatch/pull/311
Dispatch 1011- Policy username substition failures; Coverity issues
## Problem statement
* The defect is described in
[DISPATCH-1011](https://issues.apache.org/jira/browse/DISPATCH-1011)
* Coverity pointed out the possibility of an unterminated string.
## Resolution
Both issues are addressed with this PR.
* Username substitutions are processed at creation time to divide the
policy rule into a prefix before the username and a suffix after the user name.
Now there is no ambiguity about where the username substitution goes during
policy application to proposed link source or target addresses.
* Username substitution tokens in match patterns are limited in form and
placement to eliminate ambiguity in conjunction with address match wildcards.
* The code Coverity observed is replaced wholesale.
## Restrictions
This PR adds some restrictions to the use of username substitutions in
source and target address patterns.
* The username substitution token must stand alone as a delimited search
token. It may not be concatenated with fixed text strings. Example: token forms
_abc-${user}_ and _${user}-xyz_ are not allowed.
* The username substitution token may only be specified as the first or the
last token in a rule clause. It may not be embedded somewhere in the middle of
a rule. Example: match patterns _#.${user}.*_ and
_fa.#.la.lala.${user}.la.#.la.lalala_ are not allowed.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ChugR/qpid-dispatch DISPATCH-1011
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/qpid-dispatch/pull/311.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #311
commit 864ed3af3d0c69a1f62444a7cd056db137841a77
Author: Chuck Rolke
Date: 2018-05-31T17:35:49Z
DISPATCH-1011: Improve user name substitution token logic and code
Remove code flagged by Coverity.
Add scheme that specifies precisely where user name substitution goes.
commit 74251cd14a5e5ee8163dd2796f6516afca76ed96
Author: Chuck Rolke
Date: 2018-05-31T18:02:18Z
DISPATCH-1011: Describe user name substitution changes in doc
commit 7c9798135e728143377be54ce18313bf2c60894c
Author: Chuck Rolke
Date: 2018-05-31T19:52:39Z
DISPATCH-1011: Parse tree exports separators. Improve self tests.
Test sourcePattern suffixes found latent paste error in code.
More through test cases to hit more conditional code paths.
> Policy username substitution fails to match certain user names
> --
>
> Key: DISPATCH-1011
> URL: https://issues.apache.org/jira/browse/DISPATCH-1011
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Policy Engine
>Affects Versions: 1.0.1
>Reporter: Chuck Rolke
>Assignee: Chuck Rolke
>Priority: Major
>
> If a username is a substring of a policy rule's static text then the username
> substitution fails. For example:
> {{ if (!_qd_policy_approve_link_name("em", "temp-${user}", "temp-em"))}}
> {{ return "proposed link 'temp-em' should match allowed links with
> ${user} but does not";}}
> Since the username *em* is found in the fixed text of *temp-* then the
> substitution logic goes awry and the match fails. Thanks to aconway for
> making this observation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
