Skip to content

Commit e35fe23

Browse files
committed
RANGER-3953: fix potential NPE during policy-engine initialization
1 parent cd55d21 commit e35fe23

File tree

5 files changed

+101
-61
lines changed

5 files changed

+101
-61
lines changed

agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -117,25 +117,37 @@ public final class RangerRequestScriptEvaluator {
117117

118118

119119
public static boolean needsJsonCtxEnabled(String script) {
120-
Matcher matcher = JSON_VAR_NAMES_PATTERN.matcher(script);
120+
boolean ret = false;
121+
122+
if (script != null) {
123+
Matcher matcher = JSON_VAR_NAMES_PATTERN.matcher(script);
121124

122-
boolean ret = matcher.find();
125+
ret = matcher.find();
126+
}
123127

124128
return ret;
125129
}
126130

127131
public static boolean hasUserAttributeReference(String script) {
128-
Matcher matcher = USER_ATTRIBUTES_PATTERN.matcher(script);
132+
boolean ret = false;
129133

130-
boolean ret = matcher.find();
134+
if (script != null) {
135+
Matcher matcher = USER_ATTRIBUTES_PATTERN.matcher(script);
136+
137+
ret = matcher.find();
138+
}
131139

132140
return ret;
133141
}
134142

135143
public static boolean hasGroupAttributeReference(String script) {
136-
Matcher matcher = GROUP_ATTRIBUTES_PATTERN.matcher(script);
144+
boolean ret = false;
137145

138-
boolean ret = matcher.find();
146+
if (script != null) {
147+
Matcher matcher = GROUP_ATTRIBUTES_PATTERN.matcher(script);
148+
149+
ret = matcher.find();
150+
}
139151

140152
return ret;
141153
}

agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -209,14 +209,19 @@ public StringBuilder toString(StringBuilder sb) {
209209
}
210210

211211
static boolean isPathURLType(String url) {
212+
boolean ret = false;
213+
214+
if (url != null) {
215+
Pattern p1 = Pattern.compile(":/{2}");
216+
Matcher m1 = p1.matcher(url);
212217

213-
Pattern p1 = Pattern.compile(":/{2}");
214-
Matcher m1 = p1.matcher(url);
218+
Pattern p2 = Pattern.compile(":/{3,}");
219+
Matcher m2 = p2.matcher(url);
215220

216-
Pattern p2 = Pattern.compile(":/{3,}");
217-
Matcher m2 = p2.matcher(url);
221+
ret = (m1.find() && !(m2.find()));
222+
}
218223

219-
return (m1.find() && !(m2.find()));
224+
return ret;
220225
}
221226

222227

agents-common/src/main/java/org/apache/ranger/plugin/util/MacroProcessor.java

Lines changed: 22 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -38,35 +38,36 @@ public MacroProcessor(Map<String, String> macrosMap) {
3838
}
3939

4040
public String expandMacros(String expr) {
41-
StringBuffer ret = null;
42-
Matcher matcher = macrosPattern.matcher(expr);
41+
StringBuffer ret = null;
4342

44-
while (matcher.find()) {
45-
if (ret == null) {
46-
ret = new StringBuffer();
47-
}
43+
if (expr != null) {
44+
Matcher matcher = macrosPattern.matcher(expr);
4845

49-
String keyword = matcher.group();
50-
String replacer = macrosMap.get(keyword);
46+
while (matcher.find()) {
47+
if (ret == null) {
48+
ret = new StringBuffer();
49+
}
5150

52-
matcher.appendReplacement(ret, replacer);
53-
}
51+
String keyword = matcher.group();
52+
String replacer = macrosMap.get(keyword);
5453

55-
if (ret == null) {
56-
if (LOG.isDebugEnabled()) {
57-
LOG.debug("expandMacros({}): no match found!", expr);
54+
matcher.appendReplacement(ret, replacer);
5855
}
5956

60-
return expr;
61-
} else {
62-
matcher.appendTail(ret);
63-
64-
if (LOG.isDebugEnabled()) {
65-
LOG.debug("expandMacros({}): match found. ret={}", expr, ret);
57+
if (ret == null) {
58+
if (LOG.isDebugEnabled()) {
59+
LOG.debug("expandMacros({}): no match found!", expr);
60+
}
61+
} else {
62+
matcher.appendTail(ret);
63+
64+
if (LOG.isDebugEnabled()) {
65+
LOG.debug("expandMacros({}): match found. ret={}", expr, ret);
66+
}
6667
}
67-
68-
return ret.toString();
6968
}
69+
70+
return ret != null ? ret.toString() : expr;
7071
}
7172

7273
private Pattern getMacrosPattern(Map<String, String> macros) {

agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java

Lines changed: 37 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -124,56 +124,71 @@ public String resolveExpressions(RangerAccessRequest request) {
124124
}
125125

126126
public static boolean hasExpressions(String str) {
127-
Matcher matcher = PATTERN.matcher(str);
127+
boolean ret = false;
128+
129+
if (str != null) {
130+
Matcher matcher = PATTERN.matcher(str);
131+
132+
ret = matcher.find();
133+
}
128134

129-
return matcher.find();
135+
return ret;
130136
}
131137

132138
public static boolean hasUserAttributeInExpression(String str) {
133139
boolean ret = false;
134-
Matcher matcher = PATTERN.matcher(str);
135140

136-
while (matcher.find()) {
137-
String expr = matcher.group(REGEX_GROUP_EXPR);
141+
if (str != null) {
142+
Matcher matcher = PATTERN.matcher(str);
138143

139-
if (RangerRequestScriptEvaluator.hasUserAttributeReference(expr)) {
140-
ret = true;
144+
while (matcher.find()) {
145+
String expr = matcher.group(REGEX_GROUP_EXPR);
141146

142-
break;
147+
if (RangerRequestScriptEvaluator.hasUserAttributeReference(expr)) {
148+
ret = true;
149+
150+
break;
151+
}
143152
}
144153
}
145154

146155
return ret;
147156
}
148157

149158
public static boolean hasGroupAttributeInExpression(String str) {
150-
boolean ret = false;
151-
Matcher matcher = PATTERN.matcher(str);
159+
boolean ret = false;
152160

153-
while (matcher.find()) {
154-
String expr = matcher.group(REGEX_GROUP_EXPR);
161+
if (str != null) {
162+
Matcher matcher = PATTERN.matcher(str);
155163

156-
if (RangerRequestScriptEvaluator.hasGroupAttributeReference(expr)) {
157-
ret = true;
164+
while (matcher.find()) {
165+
String expr = matcher.group(REGEX_GROUP_EXPR);
166+
167+
if (RangerRequestScriptEvaluator.hasGroupAttributeReference(expr)) {
168+
ret = true;
158169

159-
break;
170+
break;
171+
}
160172
}
161173
}
162174

163175
return ret;
164176
}
165177

166178
public static boolean hasUserGroupAttributeInExpression(String str) {
167-
boolean ret = false;
168-
Matcher matcher = PATTERN.matcher(str);
179+
boolean ret = false;
169180

170-
while (matcher.find()) {
171-
String expr = matcher.group(REGEX_GROUP_EXPR);
181+
if (str != null) {
182+
Matcher matcher = PATTERN.matcher(str);
172183

173-
if (RangerRequestScriptEvaluator.hasUserGroupAttributeReference(expr)) {
174-
ret = true;
184+
while (matcher.find()) {
185+
String expr = matcher.group(REGEX_GROUP_EXPR);
186+
187+
if (RangerRequestScriptEvaluator.hasUserGroupAttributeReference(expr)) {
188+
ret = true;
175189

176-
break;
190+
break;
191+
}
177192
}
178193
}
179194

security-admin/src/main/java/org/apache/ranger/common/StringUtil.java

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -150,14 +150,21 @@ public boolean validateEmail(String emailAddress) {
150150
}
151151

152152
public boolean regExPatternMatch(String expression, String inputStr) {
153-
Pattern pattern = compiledRegEx.get(expression);
154-
if (pattern == null) {
155-
pattern = Pattern.compile(expression, Pattern.CASE_INSENSITIVE);
156-
compiledRegEx.put(expression, pattern);
153+
boolean ret = false;
154+
155+
if (expression != null && inputStr != null) {
156+
Pattern pattern = compiledRegEx.get(expression);
157+
158+
if (pattern == null) {
159+
pattern = Pattern.compile(expression, Pattern.CASE_INSENSITIVE);
160+
compiledRegEx.put(expression, pattern);
161+
}
162+
163+
Matcher matcher = pattern.matcher(inputStr);
164+
ret = matcher.matches();
157165
}
158166

159-
Matcher matcher = pattern.matcher(inputStr);
160-
return matcher.matches();
167+
return ret;
161168
}
162169

163170
public boolean validateString(String regExStr, String str) {
@@ -205,7 +212,7 @@ public static String trim(String str) {
205212
}
206213

207214
/**
208-
* @param firstName
215+
* @param name
209216
* @return
210217
*/
211218
public boolean isValidName(String name) {

0 commit comments

Comments
 (0)