You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2018/03/06 19:06:32 UTC
ranger git commit: RANGER-2006: Fix problems detected by static code analysis in ranger usersync for ldap sync source

Repository: ranger
Updated Branches:
  refs/heads/master 4319dea61 -> a9fbbcafa


RANGER-2006: Fix problems detected by static code analysis in ranger usersync for ldap sync source


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a9fbbcaf
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a9fbbcaf
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a9fbbcaf

Branch: refs/heads/master
Commit: a9fbbcafa75b48ccfac28544c624bdef7b6ae081
Parents: 4319dea
Author: Sailaja Polavarapu <sp...@hortonworks.com>
Authored: Tue Mar 6 11:05:30 2018 -0800
Committer: Sailaja Polavarapu <sp...@hortonworks.com>
Committed: Tue Mar 6 11:05:30 2018 -0800

----------------------------------------------------------------------
 .../process/LdapDeltaUserGroupBuilder.java      |  2 +-
 .../process/LdapUserGroupBuilder.java           |  3 +--
 .../config/UserGroupSyncConfig.java             | 27 ++++++++++++++++++++
 3 files changed, 29 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/a9fbbcaf/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
index 7d85f33..3cf0240 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
@@ -941,7 +941,7 @@ public class LdapDeltaUserGroupBuilder extends AbstractUserGroupSource {
 						.append(groupDN).append(")");
 			}
 			filter.append("))");
-			groupFilter += filter;
+			groupFilter += config.escapeSearchFilter(filter.toString());
 
 			LOG.info("extendedAllGroupsSearchFilter = " + groupFilter);
 			for (int ou=0; ou<groupSearchBase.length; ou++) {

http://git-wip-us.apache.org/repos/asf/ranger/blob/a9fbbcaf/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 85cba3c..ae5b1ab 100644
--- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -289,7 +289,6 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource {
 					+ ",  ldapReferral: " + ldapReferral
 					);
 		}
-
 	}
 
 	private void closeLdapContext() throws Throwable {
@@ -840,7 +839,7 @@ public class LdapUserGroupBuilder extends AbstractUserGroupSource {
 						.append(groupDN).append(")");
 			}
 			filter.append("))");
-            groupFilter += filter;
+            groupFilter += config.escapeSearchFilter(filter.toString());
 
 			LOG.debug("extendedAllGroupsSearchFilter = " + groupFilter);
 			for (String ou : groupSearchBase) {

http://git-wip-us.apache.org/repos/asf/ranger/blob/a9fbbcaf/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
----------------------------------------------------------------------
diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
index 45eeb1b..ed07696 100644
--- a/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
+++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
@@ -960,6 +960,33 @@ public class UserGroupSyncConfig  {
 		return deltaSyncEnabled;
 	}
 
+	public String escapeSearchFilter(String searchFilter) {
+		StringBuilder sb = new StringBuilder();
+		for (int i = 0; i < searchFilter.length(); i++) {
+			char ch = searchFilter.charAt(i);
+			switch (ch) {
+				case '\\':
+					sb.append("\\5c");
+					break;
+				case '*':
+					sb.append("\\2a");
+					break;
+				case '(':
+					sb.append("\\28");
+					break;
+				case ')':
+					sb.append("\\29");
+					break;
+				case '\u0000':
+					sb.append("\\00");
+					break;
+				default:
+					sb.append(ch);
+			}
+		}
+		return sb.toString();
+	}
+
 	/* Used only for unit testing */
 	public void setUserSearchFilter(String filter) {
 		prop.setProperty(LGSYNC_USER_SEARCH_FILTER, filter);