You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/11/22 11:47:41 UTC

[GitHub] [dolphinscheduler] github-code-scanning[bot] commented on a diff in pull request #12969: [Feature][Api] Refactor org.apache.dolphinscheduler.api.controller.DataAnalysisController

github-code-scanning[bot] commented on code in PR #12969:
URL: https://github.com/apache/dolphinscheduler/pull/12969#discussion_r1029230433


##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java:
##########
@@ -153,13 +154,16 @@
      * @param startDate   start date
      * @param endDate     end date
      */
-    private Map<String, Object> countStateByProject(User loginUser, long projectCode, String startDate, String endDate,
-                                                    TriFunction<Date, Date, Long[], List<ExecuteStatusCount>> instanceStateCounter) {
-        Map<String, Object> result = new HashMap<>();
+    private Result countStateByProject(User loginUser, long projectCode, String startDate, String endDate,
+                                       TriFunction<Date, Date, Long[], List<ExecuteStatusCount>> instanceStateCounter) {
+        Result result = new Result();
         if (projectCode != 0) {
             Project project = projectMapper.queryByCode(projectCode);
-            result = projectService.checkProjectAndAuth(loginUser, project, projectCode, PROJECT_OVERVIEW);
-            if (result.get(Constants.STATUS) != Status.SUCCESS) {
+            Map<String, Object> checkResult =
+                    projectService.checkProjectAndAuth(loginUser, project, projectCode, PROJECT_OVERVIEW);

Review Comment:
   ## User-controlled bypass of sensitive method
   
   Sensitive method may not be executed depending on a [this condition](1), which flows from [user-controlled value](2).
   Sensitive method may not be executed depending on a [this condition](1), which flows from [user-controlled value](3).
   
   [Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/2342)



##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataAnalysisService.java:
##########
@@ -63,23 +62,23 @@
      * @param projectCode project code
      * @return definition count data
      */
-    Map<String, Object> countDefinitionByUser(User loginUser, long projectCode);
+    Result countDefinitionByUser(User loginUser, long projectCode);
 
     /**
      * statistical command status data
      *
      * @param loginUser login user
      * @return command state count data
      */
-    Map<String, Object> countCommandState(User loginUser);
+    Result countCommandState(User loginUser);
 
     /**
      * count queue state
      *
      * @param loginUser login user
      * @return queue state count data
      */
-    Map<String, Object> countQueueState(User loginUser);
+    Result countQueueState(User loginUser);

Review Comment:
   ## Useless parameter
   
   The parameter 'loginUser' is never used.
   
   [Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/2341)



##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataAnalysisServiceImpl.java:
##########
@@ -205,22 +209,25 @@
      * @return definition count data
      */
     @Override
-    public Map<String, Object> countDefinitionByUser(User loginUser, long projectCode) {
-        Map<String, Object> result = new HashMap<>();
+    public Result countDefinitionByUser(User loginUser, long projectCode) {
+        Result result = new Result();
         if (projectCode != 0) {
             Project project = projectMapper.queryByCode(projectCode);
-            result = projectService.checkProjectAndAuth(loginUser, project, projectCode, PROJECT_OVERVIEW);
-            if (result.get(Constants.STATUS) != Status.SUCCESS) {
+            Map<String, Object> checkResult =
+                    projectService.checkProjectAndAuth(loginUser, project, projectCode, PROJECT_OVERVIEW);

Review Comment:
   ## User-controlled bypass of sensitive method
   
   Sensitive method may not be executed depending on a [this condition](1), which flows from [user-controlled value](2).
   
   [Show more details](https://github.com/apache/dolphinscheduler/security/code-scanning/2343)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org