#3642

Committed 23 Oct 2023 02:33PM UTC coverage: 75.784% (+1.4%) from 74.413%

Build # #3642

Build Type

push

Committed by

Commit Message

Sonar code smell issue fixes (#4450)

Signed-off-by: Gino Augustine <ginoaugustine@gmail.com>

Run Details

200 of 200 new or added lines in 39 files covered. (100.0%)

44390 of 58574 relevant lines covered (75.78%)

0.76 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/opengrok-web/src/main/java/org/opengrok/web/AuthorizationFilter.java

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * See LICENSE.txt included in this distribution for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at LICENSE.txt.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
 * Portions Copyright (c) 2020, Chris Fraire <cfraire@me.com>.
 */
package org.opengrok.web;

import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.opengrok.indexer.configuration.Project;
import org.opengrok.indexer.logger.LoggerFactory;
import org.opengrok.indexer.web.Laundromat;
import org.opengrok.web.api.v1.RestApp;

public class AuthorizationFilter implements Filter {

    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationFilter.class);

    @Override
    public void init(FilterConfig fc) {
        // Empty since there is No specific init configuration.
    }

    /**
     * All RESTful API requests are allowed here because they go through
     * {@link org.opengrok.web.api.v1.filter.IncomingFilter}.
     * The /search endpoint will go through authorization via SearchEngine.search()
     * so does not have to be exempted here.
     */
    @Override
    public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) throws IOException, ServletException {
        HttpServletRequest httpReq = (HttpServletRequest) sr;
        HttpServletResponse httpRes = (HttpServletResponse) sr1;

        if (httpReq.getServletPath().startsWith(RestApp.API_PATH)) {
            if (LOGGER.isLoggable(Level.FINER)) {
                LOGGER.log(Level.FINER, "Allowing request to {0} in {1}",
                        new Object[] {Laundromat.launderLog(httpReq.getServletPath()),
                                AuthorizationFilter.class.getName()});
            }
            fc.doFilter(sr, sr1);
            return;
        }

        PageConfig config = PageConfig.get(httpReq);

        Project p = config.getProject();
        if (p != null && !config.isAllowed(p)) {
            if (LOGGER.isLoggable(Level.INFO)) {
                if (httpReq.getRemoteUser() != null) {
                    LOGGER.log(Level.INFO, "Access denied for user ''{0}'' for URI: {1}",
                            new Object[] {Laundromat.launderLog(httpReq.getRemoteUser()),
                                    Laundromat.launderLog(httpReq.getRequestURI())});
                } else {
                    LOGGER.log(Level.INFO, "Access denied for URI: {0}",
                            Laundromat.launderLog(httpReq.getRequestURI()));
                }
            }

            if (!config.getEnv().getIncludeFiles().getForbiddenIncludeFileContent(false).isEmpty()) {
                sr.getRequestDispatcher("/eforbidden").forward(sr, sr1);
                return;
            }

            httpRes.sendError(HttpServletResponse.SC_FORBIDDEN, "Access forbidden");
            return;
        }
        fc.doFilter(sr, sr1);
    }

    @Override
    public void destroy() {
        // Empty since there is No specific destroy configuration.
    }

}

1	/*
2	* CDDL HEADER START
3	*
4	* The contents of this file are subject to the terms of the
5	* Common Development and Distribution License (the "License").
6	* You may not use this file except in compliance with the License.
7	*
8	* See LICENSE.txt included in this distribution for the specific
9	* language governing permissions and limitations under the License.
10	*
11	* When distributing Covered Code, include this CDDL HEADER in each
12	* file and include the License file at LICENSE.txt.
13	* If applicable, add the following below this CDDL HEADER, with the
14	* fields enclosed by brackets "[]" replaced with your own identifying
15	* information: Portions Copyright [yyyy] [name of copyright owner]
16	*
17	* CDDL HEADER END
18	*/
19
20	/*
21	* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
22	* Portions Copyright (c) 2020, Chris Fraire <cfraire@me.com>.
23	*/
24	package org.opengrok.web;
25
26	import java.io.IOException;
27	import java.util.logging.Level;
28	import java.util.logging.Logger;
29
30	import jakarta.servlet.Filter;
31	import jakarta.servlet.FilterChain;
32	import jakarta.servlet.FilterConfig;
33	import jakarta.servlet.ServletException;
34	import jakarta.servlet.ServletRequest;
35	import jakarta.servlet.ServletResponse;
36	import jakarta.servlet.http.HttpServletRequest;
37	import jakarta.servlet.http.HttpServletResponse;
38	import org.opengrok.indexer.configuration.Project;
39	import org.opengrok.indexer.logger.LoggerFactory;
40	import org.opengrok.indexer.web.Laundromat;
41	import org.opengrok.web.api.v1.RestApp;
42
43	public class AuthorizationFilter implements Filter {	×
44
45	private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationFilter.class);	×
46
47	@Override
48	public void init(FilterConfig fc) {
49	// Empty since there is No specific init configuration.
50	}	×
51
52	/**
53	* All RESTful API requests are allowed here because they go through
54	* {@link org.opengrok.web.api.v1.filter.IncomingFilter}.
55	* The /search endpoint will go through authorization via SearchEngine.search()
56	* so does not have to be exempted here.
57	*/
58	@Override
59	public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) throws IOException, ServletException {
60	HttpServletRequest httpReq = (HttpServletRequest) sr;	×
61	HttpServletResponse httpRes = (HttpServletResponse) sr1;	×
62
63	if (httpReq.getServletPath().startsWith(RestApp.API_PATH)) {	×
64	if (LOGGER.isLoggable(Level.FINER)) {	×
65	LOGGER.log(Level.FINER, "Allowing request to {0} in {1}",	×
66	new Object[] {Laundromat.launderLog(httpReq.getServletPath()),	×
67	AuthorizationFilter.class.getName()});	×
68	}
69	fc.doFilter(sr, sr1);	×
70	return;	×
71	}
72
73	PageConfig config = PageConfig.get(httpReq);	×
74
75	Project p = config.getProject();	×
76	if (p != null && !config.isAllowed(p)) {	×
77	if (LOGGER.isLoggable(Level.INFO)) {	×
78	if (httpReq.getRemoteUser() != null) {	×
79	LOGGER.log(Level.INFO, "Access denied for user ''{0}'' for URI: {1}",	×
80	new Object[] {Laundromat.launderLog(httpReq.getRemoteUser()),	×
81	Laundromat.launderLog(httpReq.getRequestURI())});	×
82	} else {
83	LOGGER.log(Level.INFO, "Access denied for URI: {0}",	×
84	Laundromat.launderLog(httpReq.getRequestURI()));	×
85	}
86	}
87
88	if (!config.getEnv().getIncludeFiles().getForbiddenIncludeFileContent(false).isEmpty()) {	×
89	sr.getRequestDispatcher("/eforbidden").forward(sr, sr1);	×
90	return;	×
91	}
92
93	httpRes.sendError(HttpServletResponse.SC_FORBIDDEN, "Access forbidden");	×
94	return;	×
95	}
96	fc.doFilter(sr, sr1);	×
97	}	×
98
99	@Override
100	public void destroy() {
101	// Empty since there is No specific destroy configuration.
102	}	×
103
104	}

oracle / opengrok / #3642

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous