You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/06/27 08:49:33 UTC

[ranger] branch master updated: RANGER-2487-Resource policy names with a characters that are typically HTML escaped mutate and grow as they are saved.

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 74b9bf6  RANGER-2487-Resource policy names with a characters that are typically HTML escaped mutate and grow as they are saved.
74b9bf6 is described below

commit 74b9bf6fe6ae923130635971e374efa0fa0f05b1
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Wed Jun 26 19:22:47 2019 +0530

    RANGER-2487-Resource policy names with a characters that are typically HTML escaped mutate and grow as they are saved.
    
    Signed-off-by: Pradeep <pr...@apache.org>
---
 security-admin/src/main/webapp/scripts/models/RangerPolicy.js |  3 ++-
 .../src/main/webapp/scripts/modules/globalize/message/en.js   |  1 +
 security-admin/src/main/webapp/scripts/utils/XAUtils.js       | 11 ++++++++++-
 .../main/webapp/scripts/views/policies/RangerPolicyForm.js    |  6 +++++-
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/security-admin/src/main/webapp/scripts/models/RangerPolicy.js b/security-admin/src/main/webapp/scripts/models/RangerPolicy.js
index 30e36ac..cd873b3 100644
--- a/security-admin/src/main/webapp/scripts/models/RangerPolicy.js
+++ b/security-admin/src/main/webapp/scripts/models/RangerPolicy.js
@@ -55,10 +55,11 @@ define(function(require){
 			// Overwrite your schema definition here
 			return _.extend(attrs,{
 				name : {
-					type		: 'Text',
+                                        type		: 'TextFieldWithIcon',
 					title		: 'Policy Name *',
 					validators	: ['required'],
 					editorAttrs 	:{ maxlength: 255},
+                                        errorMsg    : localization.tt("validationMessages.policyNameValidationMsg")
 				},
 				description : {
 					type		: 'TextArea',
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 8d921f7..44d7dc7 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -508,6 +508,7 @@ define(function(require) {
 				emailAddressValidationMsg  :'1. Email address should be start with alphabet / numeric / underscore / non-us characters.<br> 2. Allowed special character <b>.-@</b> .<br>3. Email address length should be greater than 9 characters.<br> 4. Email address examples : abc@de.fg, A-C@D-.FG',
                 nameValidationMsg      :'Name should not start with space, it should be less than 256 characters and special characters are not allowed(except _ - and space).',
                 roleNameValidationMsg :'1. Role name should be start with alphabet / numeric / underscore / non-us characters.<br> 2. Allowed special character ,._\-+/@= and space. <br>3. Name length should be greater than one.',
+                policyNameValidationMsg   :'Please avoid these characters (&, <, >, \', ", `) for policy name.',
 			},
 			serverMsg : {
 
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 79f397e..22cdc83 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1700,7 +1700,16 @@ define(function(require) {
             }
 
         }
-        }
+    }
+
+    //string contain escape character or not
+    XAUtils.checkForEscapeCharacter = function(policyName){
+        var escapeCharacter = ["&amp;", "&lt;", "&gt;", "&quot;", "&#96;", "&#x27;"];
+        return _.some(escapeCharacter, function(m){
+            return policyName.includes(m);
+        });
+    }
+
 
 	return XAUtils;
 });
\ No newline at end of file
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
index b82654e..a862dde 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
@@ -584,7 +584,11 @@ define(function(require){
 				this.model.set('denyExceptions', this.setPermissionsToColl(this.formInputDenyExceptionList, new RangerPolicyItem()));
 			}
 			this.model.set('service',this.rangerService.get('name'));
-                        this.model.set('name', _.escape(this.model.get('name')));
+            var policyName = this.model.get('name');
+            if(this.model.has('id') && XAUtil.checkForEscapeCharacter(policyName)){
+                policyName = _.unescape(policyName);
+            }
+            this.model.set('name', _.escape(policyName));
                         if(this.model.has('policyPriority')){
                                 this.model.set('policyPriority', this.model.get('policyPriority') ? 1 : 0);
                         }