From d09e78b2ff8f0da2ccbf35837394d008b15f7128 Mon Sep 17 00:00:00 2001 From: Madhan Neethiraj Date: Thu, 30 Nov 2023 21:41:40 -0800 Subject: [PATCH] RANGER-4571: update handling of expressions that evaluate to null --- .../ranger/plugin/util/RangerRequestExprResolver.java | 6 ++++-- .../plugin/util/RangerRequestExprResolverTest.java | 9 +++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java index 0caa4f0e04..acf606aca5 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java @@ -70,7 +70,8 @@ public String resolveExpressions(Map exprValues) { while (matcher.find()) { String expr = matcher.group(REGEX_GROUP_EXPR); - String val = Objects.toString(exprValues.get(expr)); + Object oVal = exprValues.get(expr); + String val = oVal == null ? "" : Objects.toString(oVal); matcher.appendReplacement(sb, val); } @@ -105,7 +106,8 @@ public String resolveExpressions(RangerAccessRequest request) { while (matcher.find()) { String expr = matcher.group(REGEX_GROUP_EXPR); - String val = Objects.toString(scriptEvaluator.evaluateScript(expr)); + Object oVal = scriptEvaluator.evaluateScript(expr); + String val = oVal == null ? "" : Objects.toString(oVal); matcher.appendReplacement(sb, val); } diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java b/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java index a062f0e9b6..e0e593be25 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/util/RangerRequestExprResolverTest.java @@ -57,8 +57,8 @@ public void testRequestAttributes() { exprValue.put("${{UG['test-group1'].site}}", "10"); exprValue.put("${{UG['test-group2'].dept}}", "PROD"); exprValue.put("${{UG['test-group2'].site}}", "20"); - exprValue.put("${{UG['test-group3']}}", "null"); - exprValue.put("${{UG['test-group1'].notExists}}", "null"); + exprValue.put("${{UG['test-group3']}}", ""); + exprValue.put("${{UG['test-group1'].notExists}}", ""); exprValue.put("${{URNAMES.indexOf('test-role1') != -1}}", "true"); exprValue.put("${{URNAMES.indexOf('test-role2') != -1}}", "true"); @@ -66,10 +66,10 @@ public void testRequestAttributes() { exprValue.put("${{UGA.sVal.dept}}", "ENGG"); exprValue.put("${{UGA.sVal.site}}", "10"); - exprValue.put("${{UGA.sVal.notExists}}", "null"); + exprValue.put("${{UGA.sVal.notExists}}", ""); exprValue.put("${{J(UGA.mVal.dept)}}", "[\"ENGG\",\"PROD\"]"); exprValue.put("${{J(UGA.mVal.site)}}", "[\"10\",\"20\"]"); - exprValue.put("${{J(UGA.mVal.notExists)}}", "null"); + exprValue.put("${{J(UGA.mVal.notExists)}}", ""); exprValue.put("${{UGA.mVal['dept'].indexOf('ENGG') != -1}}", "true"); exprValue.put("${{UGA.mVal['dept'].indexOf('PROD') != -1}}", "true"); exprValue.put("${{UGA.mVal['dept'].indexOf('EXEC') == -1}}", "true"); @@ -93,6 +93,7 @@ public void testRequestAttributes() { exprValue.put("${{TAGNAMES.length}}", "2"); exprValue.put("${{TAGNAMES.indexOf('PII') != -1}}", "true"); exprValue.put("${{TAGNAMES.indexOf('PCI') != -1}}", "true"); + exprValue.put("${{var s=USER['state'];}}state == '${{s}}'", "state == 'CA'"); for (Map.Entry entry : exprValue.entrySet()) { String expr = entry.getKey();