[
https://issues.apache.org/jira/browse/KARAF-5560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16328696#comment-16328696
]
ASF GitHub Bot commented on KARAF-5560:
---------------------------------------
jbonofre closed pull request #42: [KARAF-5560] Bypass synchronization if
whitelist/blacklist configurat…
URL: https://github.com/apache/karaf-cellar/pull/42
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/core/src/main/java/org/apache/karaf/cellar/core/CellarSupport.java
b/core/src/main/java/org/apache/karaf/cellar/core/CellarSupport.java
index b597e973..9ee4e874 100644
--- a/core/src/main/java/org/apache/karaf/cellar/core/CellarSupport.java
+++ b/core/src/main/java/org/apache/karaf/cellar/core/CellarSupport.java
@@ -176,8 +176,14 @@ public Boolean isAllowed(Group group, String category,
String event, EventType t
Set<String> whiteList = getListEntries(Configurations.WHITELIST,
group, category, type);
Set<String> blackList = getListEntries(Configurations.BLACKLIST,
group, category, type);
+ if (blackList == null || whiteList == null) {
+ // If one list is missing, we probably have a configuration issue
- do not synchronize anything
+ LOGGER.warn("No whitelist/blacklist found for " + group.getName()
+ ", check your configuration !");
+ return false;
+ }
+
// if no white listed items we assume all are accepted.
- if (whiteList != null && !whiteList.isEmpty()) {
+ if (!whiteList.isEmpty()) {
result = false;
for (String whiteListItem : whiteList) {
if (wildCardMatch(event, whiteListItem))
@@ -185,11 +191,13 @@ public Boolean isAllowed(Group group, String category,
String event, EventType t
}
}
- // if any blackList item matched, then false is returned.
- if (blackList != null && !blackList.isEmpty()) {
- for (String blackListItem : blackList) {
- if (wildCardMatch(event, blackListItem)) {
- result = false;
+ if (result) {
+ // if any blackList item matched, then false is returned.
+ if (!blackList.isEmpty()) {
+ for (String blackListItem : blackList) {
+ if (wildCardMatch(event, blackListItem)) {
+ return false;
+ }
}
}
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Synchronization sometimes bypass whitelist/blacklist config
> -----------------------------------------------------------
>
> Key: KARAF-5560
> URL: https://issues.apache.org/jira/browse/KARAF-5560
> Project: Karaf
> Issue Type: Bug
> Components: cellar-core
> Affects Versions: cellar-4.0.4, cellar-4.1.1
> Reporter: Thomas Draier
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: cellar-4.0.5, cellar-4.1.2
>
>
> In case group configuration is not synchronized yet (after a group creation,
> for example), whitelist/blacklist configuration may not be readable and is
> bypassed. We should rather not allow synchronization to happen when no
> configuration is present. Otherwise, many bundles which are not supposed to
> be allowed are uninstalled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
