Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lots of copied code from the Grouper repository #25

Open
forgedhallpass opened this issue Sep 15, 2021 · 2 comments
Open

Lots of copied code from the Grouper repository #25

forgedhallpass opened this issue Sep 15, 2021 · 2 comments
Labels
enhancement New feature or request Priority: Low

Comments

@forgedhallpass
Copy link
Member

The following classes:

  • org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase (original source code)
  • org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeCommonUtils
  • org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeUtils

were copied from the Grouper repository.

It seems that only a few changes has been made:

  • Logging: although the code is commented out, so it's not relevant (org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#iLogger)

  • Skipping the Expression Language (EL) related processing in org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#propertiesHelper: again this is only relevant if there are keys with ".elConfig" suffix

  • The following lines of code:

    //InputStream inputStream = configFile.getConfigFileType().inputStream(configFile.getConfigFileTypeConfig(), this);
try {
    //get the string and store it first (to see if it changes later)
    String configFileContents = configFile.retrieveContents(this);
    configFile.setContents(configFileContents);
    result.properties.load(new StringReader(configFileContents));

    in org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#retrieveFromConfigFiles which seem to do the same as the original code.

The question is, are these modifications really needed? If not, the original code could be used as a maven dependency:

<dependency>
     <groupId>edu.internet2.middleware.grouper</groupId>
     <artifactId>grouper-activemq</artifactId>
     <version>2.5.29</version>
</dependency>

Side note: the Grouper project is outdated/bulky/poorly written with a lot of duplicated code from the org.apache.commons:commons-lang3 and other common libraries. It would be nice to replace with a better alternative
@forgedhallpass forgedhallpass added the enhancement New feature or request label Sep 15, 2021
@forgedhallpass
Copy link
Member Author

This issue has been manually transferred from the old repository. See: aramrami/OWASP-CSRFGuard#127

@forgedhallpass
Copy link
Member Author

The logic under the overlay package will have to be thrown out/rewritten.

Initial clean-up: 1b9b89a

@forgedhallpass forgedhallpass changed the title Lot of copied code from the Grouper repository. Lots of copied code from the Grouper repository. Sep 15, 2021
@forgedhallpass forgedhallpass mentioned this issue Sep 15, 2021
Closed
@forgedhallpass forgedhallpass changed the title Lots of copied code from the Grouper repository. Lots of copied code from the Grouper repository Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Priority: Low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@forgedhallpass