You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2016/08/08 04:40:12 UTC
incubator-ranger git commit: RANGER-1124 Good coding practices in
Ranger recommended by static code analysis
Repository: incubator-ranger
Updated Branches:
refs/heads/master 578b4ed2f -> d87ecce14
RANGER-1124 Good coding practices in Ranger recommended by static code analysis
-UI
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d87ecce1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d87ecce1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d87ecce1
Branch: refs/heads/master
Commit: d87ecce141f5f4d36b8490d017ead1c9a4b4aa81
Parents: 578b4ed
Author: Gautam Borad <ga...@apache.org>
Authored: Mon Aug 8 08:25:30 2016 +0530
Committer: sneethiraj <sn...@apache.org>
Committed: Mon Aug 8 00:33:55 2016 -0400
----------------------------------------------------------------------
.../main/webapp/scripts/modules/XAOverrides.js | 1 +
.../src/main/webapp/scripts/utils/XAUtils.js | 12 ++++++------
.../main/webapp/scripts/views/common/AddGroup.js | 8 ++++----
.../views/permissions/ModulePermissionForm.js | 10 +++++-----
.../scripts/views/policies/PermissionList.js | 14 ++++++++------
.../scripts/views/reports/UserAccessLayout.js | 18 +++++++++---------
.../webapp/scripts/views/users/UserTableLayout.js | 2 +-
7 files changed, 34 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d87ecce1/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
index a316c30..8122ae1 100644
--- a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
+++ b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
@@ -407,6 +407,7 @@
renderResource : function() {
var that = this;
if(!_.isNull(this.value) && !_.isEmpty(this.value)){
+ this.value.values = _.map(this.value.values, function(val){ return _.escape(val); });
this.$resource.val(this.value.values.toString())
//to preserve resources values to text field
if(!_.isUndefined(this.value.resourceType)){
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d87ecce1/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 1cae3ed..a1915cf 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -430,7 +430,7 @@ define(function(require) {
var groupArr = _.uniq(_.compact(_.map(rawValue.models, function(m,
i) {
if (m.has('groupName'))
- return m.get('groupName');
+ return _.escape(m.get('groupName'));
})));
if (groupArr.length > 0) {
if (rawValue.first().has('resourceId'))
@@ -492,14 +492,14 @@ define(function(require) {
if (i >= 4) {
return '<span class="label label-info float-left-margin-2" policy-' + type
+ '-id="' + model.id + '" style="display:none;">'
- + name + '</span>';
+ + _.escape(name) + '</span>';
} else if (i == 3 && groupArr.length > 4) {
showMoreLess = true;
return '<span class="label label-info float-left-margin-2" policy-' + type
- + '-id="' + model.id + '">' + name + '</span>';
+ + '-id="' + model.id + '">' + _.escape(name) + '</span>';
} else {
return '<span class="label label-info float-left-margin-2" policy-' + type
- + '-id="' + model.id + '">' + name + '</span>';
+ + '-id="' + model.id + '">' + _.escape(name) + '</span>';
}
});
if (showMoreLess) {
@@ -526,11 +526,11 @@ define(function(require) {
return '--';
if (userOrGroups == 'groups') {
_.each(rawValue, function(perm) {
- objArr = _.union(objArr, perm.groupName)
+ objArr = _.union(objArr, _.escape(perm.groupName))
});
} else if (userOrGroups == 'users') {
_.each(rawValue, function(perm) {
- objArr = _.union(objArr, perm.userName)
+ objArr = _.union(objArr, _.escape(perm.userName))
});
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d87ecce1/security-admin/src/main/webapp/scripts/views/common/AddGroup.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/common/AddGroup.js b/security-admin/src/main/webapp/scripts/views/common/AddGroup.js
index 1246e57..81fd901 100644
--- a/security-admin/src/main/webapp/scripts/views/common/AddGroup.js
+++ b/security-admin/src/main/webapp/scripts/views/common/AddGroup.js
@@ -101,7 +101,7 @@ define(function(require){
values = $(that.el).find('.select2-container-multi').select2('data')
} else {
var groupNameList = that.model.get('groupNameList');
- values = _.map(that.model.get('groupIdList'),function(id,i){ return {'id': id, 'text': groupNameList[i]};});
+ values = _.map(that.model.get('groupIdList'),function(id,i){ return {'id': id, 'text': _.escape(groupNameList[i]) };});
}
valArr = _.map(values,function(val,i){
@@ -138,7 +138,7 @@ define(function(require){
},
getSelect2Options :function(){
var that = this,groupCnt = 0;
- var tags = _.map(that.model.get('groupIdList'),function(id,i){ return {'id': id, 'text': that.model.get('groupNameList')[i]};});
+ var tags = _.map(that.model.get('groupIdList'),function(id,i){ return {'id': id, 'text': _.escape(that.model.get('groupNameList')[i]) };});
return{
closeOnSelect : true,
placeholder : 'Select Group',
@@ -171,7 +171,7 @@ define(function(require){
selectedVals = that.$('.tags').data('editable').input.$input.val().split(',');
}
if(data.resultSize != "0"){
- results = data.vXGroups.map(function(m, i){ return {id : (m.id).toString(), text: m.name}; });
+ results = data.vXGroups.map(function(m, i){ return {id : (m.id).toString(), text: _.escape(m.name) }; });
if(!_.isEmpty(selectedVals)) {
results = XAUtil.filterResultByIds(results, selectedVals);
}
@@ -211,4 +211,4 @@ define(function(require){
});
return AddGroup;
-});
\ No newline at end of file
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d87ecce1/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
index 9a97dc1..1756955 100644
--- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
@@ -105,12 +105,12 @@ define(function(require) {
setupFieldsforEditModule : function(){
var groupsNVList=[],usersNVList =[];
groupsNVList = _.map(this.model.get('groupPermList'),function(gPerm){
- return {'id': Number(gPerm.groupId), 'text':gPerm.groupName};
+ return {'id': Number(gPerm.groupId), 'text':_.escape(gPerm.groupName)};
});
this.model.set('selectGroups', groupsNVList);
usersNVList = _.map(this.model.get('userPermList'),function(uPerm){
- return {'id': Number(uPerm.userId), 'text':uPerm.userName};
+ return {'id': Number(uPerm.userId), 'text':_.escape(uPerm.userName)};
});
this.model.set('selectUsers', usersNVList);
@@ -136,7 +136,7 @@ define(function(require) {
initSelection : function (element, callback) {
var data = [];
_.each(options.permList,function (elem) {
- data.push({id: elem[options.idKey], text: elem[options.textKey]});
+ data.push({id: elem[options.idKey], text: _.escape(elem[options.textKey])});
});
callback(data);
},
@@ -169,9 +169,9 @@ define(function(require) {
selectedVals = that.getSelectedValues(options);
if(data.resultSize != "0"){
if(!_.isUndefined(data.vXGroups)){
- results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: m.name}; });
+ results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: _.escape(m.name) }; });
} else if(!_.isUndefined(data.vXUsers)){
- results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: m.name}; });
+ results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: _.escape(m.name) }; });
if(!_.isEmpty(selectedVals)){
results = XAUtil.filterResultByText(results, selectedVals);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d87ecce1/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
index cfde90a..80ff1f3 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
@@ -115,10 +115,10 @@ define(function(require) {
});
if(this.model.has('editMode') && this.model.get('editMode')){
if(!_.isUndefined(this.model.get('groupName')) && !_.isNull(this.model.get('groupName'))){
- this.ui.selectGroups.val(this.model.get('groupName'));
+ this.ui.selectGroups.val(_.map(this.model.get('groupName'), function(name){ return _.escape(name); }));
}
if(!_.isUndefined(this.model.get('userName')) && !_.isNull(this.model.get('userName'))){
- this.ui.selectUsers.val(this.model.get('userName'));
+ this.ui.selectUsers.val(_.map(this.model.get('userName'), function(name){ return _.escape(name); }));
}
if(!_.isUndefined(this.model.get('conditions'))){
@@ -200,6 +200,7 @@ define(function(require) {
});
}
var tags = list.map(function(m){
+// return { id : m.id+"" , text : _.escape(m.get('name'))};
return { id : m.id+"" , text : m.get('name')};
});
@@ -213,6 +214,7 @@ define(function(require) {
initSelection : function (element, callback) {
var data = [], names = (typeGroup) ? that.model.get('groupName') : that.model.get('userName');
_.each(names, function (name) {
+// name = _.escape(name);
var obj = _.findWhere(tags, {text: name });
data.push({ id : obj.id, text : name })
});
@@ -230,9 +232,9 @@ define(function(require) {
selectedVals = that.getSelectedValues($select, typeGroup);
if(data.resultSize != "0"){
if(typeGroup){
- results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: m.name}; });
+ results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: _.escape(m.name) }; });
} else {
- results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: m.name}; });
+ results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: _.escape(m.name) }; });
}
if(!_.isEmpty(selectedVals)){
results = XAUtil.filterResultByText(results, selectedVals);
@@ -653,7 +655,7 @@ define(function(require) {
return;
}
that.model.set('rowFilterInfo', {'filterExpr': value });
- $(this).html("<span class='label label-info'>" + value + "</span>");
+ $(this).html("<span class='label label-info'>" + _.escape(value) + "</span>");
that.ui.addRowFilterSpan.find('i').attr('class', 'icon-pencil');
that.ui.addRowFilterSpan.attr('title','edit');
},
@@ -776,4 +778,4 @@ define(function(require) {
}
});
-});
\ No newline at end of file
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d87ecce1/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
index 159d18a..3535173 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
@@ -214,9 +214,9 @@ define(function(require) {'use strict';
} else {
_.each(model.get('groups'),function(group,index){
if(index < 4) {
- group_str += '<span class="label label-info cellWidth-1 float-left-margin-2" group-policy-id="'+model.cid+'" style="">' + group + endSpanEle + " ";
+ group_str += '<span class="label label-info cellWidth-1 float-left-margin-2" group-policy-id="'+model.cid+'" style="">' + _.escape(group) + endSpanEle + " ";
} else {
- group_str += '<span class="label label-info cellWidth-1 float-left-margin-2" group-policy-id="'+model.cid+'" style="display:none">' + group+ endSpanEle + " ";
+ group_str += '<span class="label label-info cellWidth-1 float-left-margin-2" group-policy-id="'+model.cid+'" style="display:none">' + _.escape(group) + endSpanEle + " ";
}
});
if(model.get('groups').length > 4) {
@@ -246,9 +246,9 @@ define(function(require) {'use strict';
} else {
_.each(model.get('users'),function(user,index){
if(index < 4) {
- user_str += '<span class="label label-info cellWidth-1 float-left-margin-2" user-policy-id="'+model.cid+'" style="">' + user + endSpanEle + " ";
+ user_str += '<span class="label label-info cellWidth-1 float-left-margin-2" user-policy-id="'+model.cid+'" style="">' + _.escape(user) + endSpanEle + " ";
} else {
- user_str += '<span class="label label-info cellWidth-1 float-left-margin-2" user-policy-id="'+model.cid+'" style="display:none">' + user+ endSpanEle + " ";
+ user_str += '<span class="label label-info cellWidth-1 float-left-margin-2" user-policy-id="'+model.cid+'" style="display:none">' + _.escape(user) + endSpanEle + " ";
}
});
if(model.get('users').length > 4) {
@@ -327,7 +327,7 @@ define(function(require) {'use strict';
strVal += "<span title='";
names = '';
_.map(resourceObj.values,function(resourceVal){
- names += resourceVal+",";
+ names += _.escape(resourceVal)+",";
});
names = names.slice(0,-1);
strVal += names + "'>"+names +"</span>";
@@ -513,7 +513,7 @@ define(function(require) {'use strict';
/** on render callback */
setupGroupAutoComplete : function(){
this.groupArr = this.groupList.map(function(m){
- return { id : m.get('name') , text : m.get('name')};
+ return { id : m.get('name') , text : _.escape(m.get('name'))};
});
var that = this, arr = [];
this.ui.userGroup.select2({
@@ -543,7 +543,7 @@ define(function(require) {'use strict';
if(!_.isEmpty(that.ui.userGroup.val()))
selectedVals = that.ui.userGroup.val().split(',');
if(data.resultSize != "0"){
- results = data.vXGroups.map(function(m, i){ return {id : m.name, text: m.name}; });
+ results = data.vXGroups.map(function(m, i){ return {id : m.name, text: _.escape(m.name) }; });
if(!_.isEmpty(selectedVals))
results = XAUtil.filterResultByIds(results, selectedVals);
return {results : results};
@@ -566,7 +566,7 @@ define(function(require) {'use strict';
var that = this;
var arr = [];
this.userArr = this.userList.map(function(m){
- return { id : m.get('name') , text : m.get('name')};
+ return { id : m.get('name') , text : _.escape(m.get('name')) };
});
this.ui.userName.select2({
// multiple: true,
@@ -597,7 +597,7 @@ define(function(require) {'use strict';
if(!_.isEmpty(that.ui.userName.select2('val')))
selectedVals = that.ui.userName.select2('val');
if(data.resultSize != "0"){
- results = data.vXUsers.map(function(m, i){ return {id : m.name, text: m.name}; });
+ results = data.vXUsers.map(function(m, i){ return {id : m.name, text: _.escape(m.name) }; });
if(!_.isEmpty(selectedVals))
results = XAUtil.filterResultByIds(results, selectedVals);
return {results : results};
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d87ecce1/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
index 1a5e8c6..e8e434b 100644
--- a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
@@ -456,7 +456,7 @@ define(function(require){
var selArr = [];
var message = '';
_.each(collection.selected,function(obj){
- selArr.push(obj.get('name'));
+ selArr.push(_.escape(obj.get('name')));
});
var vXStrings = [];
var jsonUsers = {};