Skip to content

Commit

Permalink
RANGER-4356: Ranger CSV Report extract may fail with Null pointer exc…
Browse files Browse the repository at this point in the history
…eption

Signed-off-by: Mehul Parikh <[email protected]>
  • Loading branch information
pradeepagrawal8184 authored and mehulbparikh committed Aug 28, 2023
1 parent ab3805f commit 2cc56e1
Show file tree
Hide file tree
Showing 3 changed files with 100 additions and 49 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,9 @@ public enum ValidationErrorCode {
POLICY_VALIDATION_ERR_NONEXISTANT_ZONE_NAME(3033, "Non-existent Zone name={0} in policy create"),
POLICY_VALIDATION_ERR_SERVICE_NOT_ASSOCIATED_TO_ZONE(3048, "Service name = {0} is not associated to Zone name = {1}"),
POLICY_VALIDATION_ERR_UNSUPPORTED_POLICY_ITEM_TYPE(3049, "Deny or deny-exceptions are not supported if policy has isDenyAllElse flag set to true"),
POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_USER(3053, "policy items user was null"),
POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_GROUP(3054, "policy items group was null"),
POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ROLE(3055, "policy items role was null"),
POLICY_VALIDATION_ERR_INVALID_SERVICE_TYPE(4009," Invalid service type [{0}] provided for service [{1}]"),

// SECURITY_ZONE Validations
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -947,7 +947,9 @@ boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDet
if(LOG.isDebugEnabled()) {
LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", policyItem, failures, serviceDef));
}


List<String> invalidItems = new ArrayList<String>(Arrays.asList("null", "NULL", "Null", null));

boolean valid = true;
if (policyItem == null) {
LOG.debug("policy item was null!");
Expand All @@ -973,12 +975,43 @@ boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDet
if (CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups()) && CollectionUtils.isEmpty(policyItem.getRoles())) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
failures.add(new ValidationFailureDetailsBuilder()
.field("policy item users/user-groups/roles")
.isMissing()
.becauseOf(error.getMessage())
.errorCode(error.getErrorCode())
.build());
.field("policy item users/user-groups/roles")
.isMissing()
.becauseOf(error.getMessage())
.errorCode(error.getErrorCode())
.build());
valid = false;
} else {
if (CollectionUtils.isNotEmpty(policyItem.getUsers()) && CollectionUtils.containsAny(policyItem.getUsers(), invalidItems)) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_USER;
failures.add(new ValidationFailureDetailsBuilder()
.field("policy item users")
.isMissing()
.becauseOf(error.getMessage())
.errorCode(error.getErrorCode())
.build());
valid = false;
}
if (CollectionUtils.isNotEmpty(policyItem.getGroups()) && CollectionUtils.containsAny(policyItem.getGroups(), invalidItems)) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_GROUP;
failures.add(new ValidationFailureDetailsBuilder()
.field("policy item groups")
.isMissing()
.becauseOf(error.getMessage())
.errorCode(error.getErrorCode())
.build());
valid = false;
}
if (CollectionUtils.isNotEmpty(policyItem.getRoles()) && CollectionUtils.containsAny(policyItem.getRoles(), invalidItems)) {
ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ROLE;
failures.add(new ValidationFailureDetailsBuilder()
.field("policy item roles")
.isMissing()
.becauseOf(error.getMessage())
.errorCode(error.getErrorCode())
.build());
valid = false;
}
}
}

Expand Down
101 changes: 58 additions & 43 deletions security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Original file line number Diff line number Diff line change
Expand Up @@ -4401,40 +4401,52 @@ private void writeCSVForPolicyItems(RangerPolicy policy,
filterInfo = rowFilterPolicyItem.getRowFilterInfo();
filterExpr = filterInfo.getFilterExpr();
}
if (CollectionUtils.isNotEmpty(accesses)) {
for (RangerPolicyItemAccess access : accesses) {
accessType = accessType
+ access.getType().replace("#", "")
.replace("|", "") + "#";
}
accessType = accessType.substring(0,
accessType.lastIndexOf("#"));
}
if (CollectionUtils.isNotEmpty(roles)) {
for (String role : roles) {
role = role.replace("|", "");
role = role.replace("#", "");
roleNames = roleNames + role + "#";
}
roleNames = roleNames.substring(0, roleNames.lastIndexOf("#"));
}
if (CollectionUtils.isNotEmpty(groups)) {
for (String group : groups) {
group = group.replace("|", "");
group = group.replace("#", "");
groupNames = groupNames + group + "#";
}
groupNames = groupNames.substring(0,
groupNames.lastIndexOf("#"));
}
if (CollectionUtils.isNotEmpty(users)) {
for (String user : users) {
user = user.replace("|", "");
user = user.replace("#", "");
userNames = userNames + user + "#";
}
userNames = userNames.substring(0, userNames.lastIndexOf("#"));
}
if (CollectionUtils.isNotEmpty(accesses)) {
for (RangerPolicyItemAccess access : accesses) {
if (access != null) {
accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#";
}
}
if (accessType.length() > 0) {
accessType = accessType.substring(0, accessType.lastIndexOf("#"));
}
}
if (CollectionUtils.isNotEmpty(roles)) {
for (String role : roles) {
if (StringUtils.isNotBlank(role)) {
role = role.replace("|", "");
role = role.replace("#", "");
roleNames = roleNames + role + "#";
}
}
if (roleNames.length() > 0) {
roleNames = roleNames.substring(0, roleNames.lastIndexOf("#"));
}
}
if (CollectionUtils.isNotEmpty(groups)) {
for (String group : groups) {
if (StringUtils.isNotBlank(group)) {
group = group.replace("|", "");
group = group.replace("#", "");
groupNames = groupNames + group + "#";
}
}
if (groupNames.length() > 0) {
groupNames = groupNames.substring(0, groupNames.lastIndexOf("#"));
}
}
if (CollectionUtils.isNotEmpty(users)) {
for (String user : users) {
if (StringUtils.isNotBlank(user)) {
user = user.replace("|", "");
user = user.replace("#", "");
userNames = userNames + user + "#";
}
}
if (userNames.length() > 0) {
userNames = userNames.substring(0, userNames.lastIndexOf("#"));
}
}
String conditionValue = "";
for (RangerPolicyItemCondition conditions : conditionsList) {
String conditionType = conditions.getType();
Expand Down Expand Up @@ -4478,15 +4490,18 @@ private void writeCSVForPolicyItems(RangerPolicy policy,
policyType = POLICY_TYPE_ROWFILTER;
break;
}
if (CollectionUtils.isNotEmpty(policyLabels)) {
for (String policyLabel : policyLabels) {
policyLabel = policyLabel.replace("|", "");
policyLabel = policyLabel.replace("#", "");
policyLabelName = policyLabelName + policyLabel + "#";
}
policyLabelName = policyLabelName.substring(0,
policyLabelName.lastIndexOf("#"));
}
if (CollectionUtils.isNotEmpty(policyLabels)) {
for (String policyLabel : policyLabels) {
if (StringUtils.isNotBlank(policyLabel)) {
policyLabel = policyLabel.replace("|", "");
policyLabel = policyLabel.replace("#", "");
policyLabelName = policyLabelName + policyLabel + "#";
}
}
if (policyLabelName.length() > 0) {
policyLabelName = policyLabelName.substring(0, policyLabelName.lastIndexOf("#"));
}
}

csvBuffer.append(policy.getId());
csvBuffer.append(COMMA_DELIMITER);
Expand Down

0 comments on commit 2cc56e1

Please sign in to comment.