Ranger contributors/committers,
Please review and fix as appropriate.
Thanks!
-Abhay
On 10/5/17, 12:44 AM, "scan-ad...@coverity.com" <scan-ad...@coverity.com>
wrote:
>
>Hi,
>
>Please find the latest report on new defect(s) introduced to Apache
>Ranger found with Coverity Scan.
>
>1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
>3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
>recent build analyzed by Coverity Scan.
>
>New defect(s) Reported-by: Coverity Scan
>Showing 1 of 1 defect(s)
>
>
>** CID 167355: High impact security (CSRF)
>/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145
>in
>org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId(javax.servlet.
>http.HttpServletRequest, java.lang.Long)()
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167355: High impact security (CSRF)
>/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145
>in
>org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId(javax.servlet.
>http.HttpServletRequest, java.lang.Long)()
>1139 }
>1140
>1141 @DELETE
>1142 @Path("/secure/groups/id/{groupId}")
>1143 @Produces({ "application/xml", "application/json" })
>1144 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
>>>> CID 167355: High impact security (CSRF)
>>>> No CSRF protection was detected anywhere in this application. If
>>>>this is not correct, please refer to the CSRF checker reference on how
>>>>to specify it via checker option.
>1145 public void deleteSingleGroupByGroupId(@Context
>HttpServletRequest request, @PathParam("groupId") Long groupId) {
>1146 String forceDeleteStr =
>request.getParameter("forceDelete");
>1147 boolean forceDelete = false;
>1148 if (StringUtils.isNotEmpty(forceDeleteStr) &&
>"true".equalsIgnoreCase(forceDeleteStr)) {
>1149 forceDelete = true;
>1150 }
>
>
>__________________________________________________________________________
>______________________________
>To view the defects in Coverity Scan visit,
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF
>ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7pU8UU
>tymA61jLVPU8teODZcUnEX5B-2B5hX1eFAt8zyDkMf5MtEV28Pb4WsJEO8N8Kfxc-2ByhjhR1q
>MXymSicoD6FE0Xx-2Ba-2BwyEP1-2BYlAg8tBkmxe20hj-2FwktsbrcOifoTUjZaLnqFkEP4eV
>nJnYsYl-2BY7Fw6TM8FVssdZqtJYgThFTCu6NKtlAYJqGSZUma3Fnk-3D
>
>To manage Coverity Scan email notifications for
>"akulka...@hortonworks.com", click
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx
>0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb
>pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7pU8UUtymA61jLVP
>U8teODZcUnEX5B-2B5hX1eFAt8zyDkNjLEGz8ctryIMUAs1YwGqx3pLyLgLlMSPemMYFX-2FjZ
>-2BgLVVAMkO15jBW1SDLKiLTHxoQM9wbbMoKO8RQX8NT7-2FApHycHav1J274XVOSzaOHsuYRO
>OQv2UY5NyZpyHapPo5xJCFCBZla3x0wJgIH21k-3D
>
