justinmclean opened a new issue, #10277:
URL: https://github.com/apache/gravitino/issues/10277
### What would you like to be improved?
POConverters.fromSecurableObjectPO iterates by privilegeNames.size() but
indexes privilegeConditions at the same index without validating equal lengths.
If persisted JSON arrays are mismatched, runtime deserialization throws
IndexOutOfBoundsException, breaking role read paths (for example role
fetch/list flows that deserialize securable objects).
### How should we improve?
Possibel solution si to validate deserialized inputs before iterating:
- ensure both lists are non-null,
- ensure privilegeNames.size() == privilegeConditions.size(),
- fail fast with a clear exception
Here a test showing the issue:
```
@Test
public void testFromSecurableObjectPOWithMismatchedPrivileges() {
SecurableObjectPO securableObjectPO =
SecurableObjectPO.builder()
.withRoleId(1L)
.withMetadataObjectId(1L)
.withType(MetadataObject.Type.CATALOG.name())
.withPrivilegeNames("[\"USE_CATALOG\", \"CREATE_SCHEMA\"]")
.withPrivilegeConditions("[\"ALLOW\"]")
.withCurrentVersion(1L)
.withLastVersion(1L)
.withDeletedAt(0L)
.build();
Assertions.assertThrows(
IndexOutOfBoundsException.class,
() ->
POConverters.fromSecurableObjectPO(
"test_catalog", securableObjectPO,
MetadataObject.Type.CATALOG));
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
