[
https://issues.apache.org/jira/browse/KNOX-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Attila Magyar updated KNOX-2940:
--------------------------------
Description:
If I want to create a password with a leading - character the create-alias
command will fail:
{code}
knoxcli.sh create-alias name --value "-asdf"
{code}
The same is true for the batch alias creation command. Using quotes around the
value doesn't help. Generated passwords sometimes contain - character and
sometimes they start with that character.
The reason for this is this check:
{code}
} else if (args[i].equals("--value")) {
if (i + 1 >= args.length || args[i + 1].startsWith("-")) {
printKnoxShellUsage();
return -1;
}
{code}
This tries to prevent incorrect usage by checking if the next parameter is
likely an another command (so the actual value is missing).
For example this prevents this case where the user mistakenly combined the
--value (without defining a value) with the --generate command.
{code}
bin/knoxcli.sh create-alias test --value --generate
{code}
However we can prevent this by explicitly testing if the next parameter is any
of the commands supported by the create-alias/create-aliases command. There are
only 2, --generate and --cluster.
So these kind of incorrect usages can be tested with:
{code}
if (args.length > i + 1 && ("--generate".equals(args[i + 1]) ||
"--cluster".equals(args[i + 1]))) { // missing value
printKnoxShellUsage();
return -1;
}
{code}
So I think we should use the above check instead.
Misusing the batch alias command will generate error regardless of this check
because the number of parameters won't match.
Here there is no value for a1.
{code}
knoxcli.sh create-aliases --alias a1 --value --alias a2 --value v2
{code}
For this no extra check is required.
was:
If I want to create a password with a leading - character the create-alias
command will fail:
{code}
knoxcli.sh create-alias name --value "-asdf"
{code}
The same is true for the batch alias creation command. Using quotes around the
value doesn't help.
The reason for this is this check:
{code}
} else if (args[i].equals("--value")) {
if (i + 1 >= args.length || args[i + 1].startsWith("-")) {
printKnoxShellUsage();
return -1;
}
{code}
This tries to prevent incorrect usage by checking if the next parameter is
likely an another command (so the actual value is missing).
For example this prevents this case where the user mistakenly combined the
--value (without defining a value) with the --generate command.
{code}
bin/knoxcli.sh create-alias test --value --generate
{code}
However we can prevent this by explicitly testing if the next parameter is any
of the commands supported by the create-alias/create-aliases command. There are
only 2, --generate and --cluster.
So these kind of incorrect usages can be tested with:
{code}
if (args.length > i + 1 && ("--generate".equals(args[i + 1]) ||
"--cluster".equals(args[i + 1]))) { // missing value
printKnoxShellUsage();
return -1;
}
{code}
So I think we should use the above check instead.
Misusing the batch alias command will generate error regardless of this check
because the number of parameters won't match.
Here there is no value for a1.
{code}
knoxcli.sh create-aliases --alias a1 --value --alias a2 --value v2
{code}
For this no extra check is required.
> knoxcli create-alias/create-aliases command doesn't support values starting
> with dash
> -------------------------------------------------------------------------------------
>
> Key: KNOX-2940
> URL: https://issues.apache.org/jira/browse/KNOX-2940
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
> Reporter: Attila Magyar
> Assignee: Attila Magyar
> Priority: Major
>
> If I want to create a password with a leading - character the create-alias
> command will fail:
> {code}
> knoxcli.sh create-alias name --value "-asdf"
> {code}
> The same is true for the batch alias creation command. Using quotes around
> the value doesn't help. Generated passwords sometimes contain - character and
> sometimes they start with that character.
> The reason for this is this check:
> {code}
> } else if (args[i].equals("--value")) {
> if (i + 1 >= args.length || args[i + 1].startsWith("-")) {
> printKnoxShellUsage();
> return -1;
> }
> {code}
> This tries to prevent incorrect usage by checking if the next parameter is
> likely an another command (so the actual value is missing).
> For example this prevents this case where the user mistakenly combined the
> --value (without defining a value) with the --generate command.
> {code}
> bin/knoxcli.sh create-alias test --value --generate
> {code}
> However we can prevent this by explicitly testing if the next parameter is
> any of the commands supported by the create-alias/create-aliases command.
> There are only 2, --generate and --cluster.
> So these kind of incorrect usages can be tested with:
> {code}
> if (args.length > i + 1 && ("--generate".equals(args[i + 1]) ||
> "--cluster".equals(args[i + 1]))) { // missing value
> printKnoxShellUsage();
> return -1;
> }
> {code}
> So I think we should use the above check instead.
> Misusing the batch alias command will generate error regardless of this check
> because the number of parameters won't match.
> Here there is no value for a1.
> {code}
> knoxcli.sh create-aliases --alias a1 --value --alias a2 --value v2
> {code}
> For this no extra check is required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
