From b869b59da70de08970754a235a3bc3e3e81e56e3 Mon Sep 17 00:00:00 2001 From: Christophe Maudoux Date: Fri, 30 Oct 2020 12:55:32 +0100 Subject: [PATCH] Avoid assignment (#2360) --- .../lib/Lemonldap/NG/Common/Conf/Constants.pm | 2 +- .../Lemonldap/NG/Common/Conf/DefaultValues.pm | 2 +- .../Lemonldap/NG/Common/Conf/ReConstants.pm | 2 +- .../NG/Handler/Lib/StatusConstants.pm | 2 +- .../lib/Lemonldap/NG/Manager/2ndFA.pm | 3 +- .../lib/Lemonldap/NG/Manager/Attributes.pm | 7 ++- .../Lemonldap/NG/Manager/Build/Attributes.pm | 53 +++++++++++-------- .../lib/Lemonldap/NG/Manager/Sessions.pm | 3 +- .../site/htdocs/static/languages/ar.json | 1 + .../site/htdocs/static/languages/de.json | 1 + .../site/htdocs/static/languages/en.json | 1 + .../site/htdocs/static/languages/fr.json | 1 + .../site/htdocs/static/languages/it.json | 1 + .../site/htdocs/static/languages/pl.json | 1 + .../site/htdocs/static/languages/tr.json | 1 + .../site/htdocs/static/languages/vi.json | 1 + .../site/htdocs/static/languages/zh.json | 1 + .../t/14-bad-changes-in-conf.t | 4 +- lemonldap-ng-manager/t/jsonfiles/14-bad.json | 2 +- .../lib/Lemonldap/NG/Portal/Main/Constants.pm | 2 +- 20 files changed, 57 insertions(+), 34 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm index 7d8a107da..545fe34bf 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm @@ -5,7 +5,7 @@ use strict; use Exporter 'import'; use base qw(Exporter); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; # CONSTANTS diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm index 2823bccb9..027cafb87 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm @@ -1,7 +1,7 @@ # This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand package Lemonldap::NG::Common::Conf::DefaultValues; -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; sub defaultValues { return { diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm index 202916f69..4bd597851 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm @@ -5,7 +5,7 @@ use strict; use Exporter 'import'; use base qw(Exporter); -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; our %EXPORT_TAGS = ( 'all' => [qw($simpleHashKeys $doubleHashKeys $specialNodeKeys $casAppMetaDataNodeKeys $casSrvMetaDataNodeKeys $oidcOPMetaDataNodeKeys $oidcRPMetaDataNodeKeys $samlIDPMetaDataNodeKeys $samlSPMetaDataNodeKeys $virtualHostKeys $specialNodeHash $authParameters $issuerParameters $samlServiceParameters $oidcServiceParameters $casServiceParameters)] ); our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm index 09c1f6160..b604aaf16 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm @@ -4,7 +4,7 @@ package Lemonldap::NG::Handler::Lib::StatusConstants; use strict; use Exporter 'import'; -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; sub portalConsts { return { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm index 515f746f8..77008258f 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm @@ -45,7 +45,8 @@ sub init { $self->setTypes($conf); $self->{multiValuesSeparator} ||= '; '; $self->{hiddenAttributes} //= "_password"; - $self->{hiddenAttributes} .= ' _session_id' unless $conf->{displaySessionId}; + $self->{hiddenAttributes} .= ' _session_id' + unless $conf->{displaySessionId}; $self->{TOTPCheck} = $self->{U2FCheck} = $self->{UBKCheck} = '1'; return 1; } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index d65f6e5b1..c539197a4 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -1,7 +1,7 @@ # This file is generated by Lemonldap::NG::Manager::Build. Don't modify it by hand package Lemonldap::NG::Manager::Attributes; -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; sub perlExpr { my ( $val, $conf ) = @_; @@ -22,7 +22,10 @@ sub perlExpr { grep( { $_ =~ /(?:Undefined subroutine|Devel::StackTrace)/ ? () : $_; } split( /\n/, $@, 0 ) ) ); - return $err ? ( -1, "__badExpression__: $err" ) : 1; + return -1, "__badExpression__: $err" if $err; + return $val =~ qr/(?<=[^=\|\?])=(?![=~])/ + ? ( 0, '__badExpressionAssignment__' ) + : 1; } sub types { diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 71c3e043a..384cc5f11 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -6,7 +6,7 @@ package Lemonldap::NG::Manager::Build::Attributes; -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; use strict; use Regexp::Common qw/URI/; @@ -27,7 +27,10 @@ sub perlExpr { my $err = join( '', grep { $_ =~ /(?:Undefined subroutine|Devel::StackTrace)/ ? () : $_ } split( /\n/, $@ ) ); - return $err ? ( -1, "__badExpression__: $err" ) : (1); + return ( -1, "__badExpression__: $err" ) if $err; + return $val =~ qr/(?<=[^=\|\?])=(?![=~])/ + ? ( -1, "__badExpressionAssignment__" ) + : 1; } my $url_re = $RE{URI}{HTTP}{ -scheme => "https?" }; @@ -1090,9 +1093,10 @@ sub attributes { documentation => 'Display logout tab in portal', }, portalDisplayCertificateResetByMail => { - type => 'bool', - default => 0, - documentation => 'Display certificate reset by mail button in portal', + type => 'bool', + default => 0, + documentation => + 'Display certificate reset by mail button in portal', }, portalDisplayRegister => { default => 1, @@ -2118,14 +2122,14 @@ sub attributes { documentation => 'List of auto signin rules', }, - # Adaptative Authentication Level plugin + # Adaptative Authentication Level plugin adaptativeAuthenticationLevelRules => { - type => 'keyTextContainer', - keyTest => sub { - eval { qr/$_[0]/ }; - return $@ ? 0 : 1; - }, - keyMsgFail => '__badRegexp__', + type => 'keyTextContainer', + keyTest => sub { + eval { qr/$_[0]/ }; + return $@ ? 0 : 1; + }, + keyMsgFail => '__badRegexp__', documentation => 'Adaptative authentication level rules', flags => 'p', }, @@ -2345,8 +2349,9 @@ sub attributes { documentation => 'CAS User attribute', }, casAppMetaDataOptionsAuthnLevel => { - type => 'int', - documentation => 'Authentication level requires to access to this CAS application', + type => 'int', + documentation => + 'Authentication level requires to access to this CAS application', }, casAppMetaDataOptionsRule => { type => 'text', @@ -2984,8 +2989,9 @@ sub attributes { default => 1, }, samlSPMetaDataOptionsAuthnLevel => { - type => 'int', - documentation => 'Authentication level requires to access to this SP', + type => 'int', + documentation => + 'Authentication level requires to access to this SP', }, samlSPMetaDataOptionsRule => { type => 'text', @@ -3345,12 +3351,14 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: default => 'require', }, ldapCAFile => { - type => 'text', - documentation => 'Location of the certificate file for LDAP connections', + type => 'text', + documentation => + 'Location of the certificate file for LDAP connections', }, ldapCAPath => { - type => 'text', - documentation => 'Location of the CA directory for LDAP connections', + type => 'text', + documentation => + 'Location of the CA directory for LDAP connections', }, # SSL @@ -4167,8 +4175,9 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: documentation => 'Issue refresh tokens', }, oidcRPMetaDataOptionsAuthnLevel => { - type => 'int', - documentation => 'Authentication level requires to access to this RP', + type => 'int', + documentation => + 'Authentication level requires to access to this RP', }, oidcRPMetaDataOptionsRule => { type => 'text', diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm index 5fe92357a..1b05fa1dc 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm @@ -56,7 +56,8 @@ sub init { $self->{multiValuesSeparator} ||= '; '; $self->{impersonationPrefix} = $conf->{impersonationPrefix} || 'real_'; $self->{hiddenAttributes} //= '_password'; - $self->{hiddenAttributes} .= ' _session_id' unless $conf->{displaySessionId}; + $self->{hiddenAttributes} .= ' _session_id' + unless $conf->{displaySessionId}; return 1; } diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index 4de3ebf11..1eb7cc2fa 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -79,6 +79,7 @@ "badDomainName":"اسم النطاق سيئ", "badEncoding":"تشفير خاطئ", "badExpression":"تعبير خاطئ", +"badExpressionAssignment":"Expression containing an assignment", "badHeaderName":" حقل الهيدر خاطئ", "badHostname":"اسم الخادم خاطئ", "badLdapUri":"\n URI LDAP خاطئ", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/de.json b/lemonldap-ng-manager/site/htdocs/static/languages/de.json index 171d76637..c20ab3b44 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json @@ -79,6 +79,7 @@ "badDomainName":"Ungültiger Domainname", "badEncoding":"Ungültige Codierung", "badExpression":"Bad expression", +"badExpressionAssignment":"Expression containing an assignment", "badHeaderName":"Bad header name", "badHostname":"Ungültiger Hostname", "badLdapUri":"Bad LDAP URI", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index 8e79762be..ebc994abd 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -79,6 +79,7 @@ "badDomainName":"Bad domain name", "badEncoding":"Bad encoding", "badExpression":"Bad expression", +"badExpressionAssignment":"Expression containing an assignment", "badHeaderName":"Bad header name", "badHostname":"Bad hostname", "badLdapUri":"Bad LDAP URI", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index 4e4c8ec7d..25ecc51c5 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -79,6 +79,7 @@ "badDomainName":"Mauvais nom de domaine", "badEncoding":"Mauvais encodage", "badExpression":"Mauvaise expression", +"badExpressionAssignment":"Expression contenant une affectation", "badHeaderName":"Mauvais nom d'en-tête", "badHostname":"Mauvais nom d'hôte", "badLdapUri":"Mauvaise URI LDAP", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index 635048d15..a189fa33d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -79,6 +79,7 @@ "badDomainName":"Nome di dominio errato", "badEncoding":"Codifica errata", "badExpression":"Espressione errata", +"badExpressionAssignment":"Expression containing an assignment", "badHeaderName":"Nome intestazione errato", "badHostname":"Hostname errato", "badLdapUri":"LDAP URI errata", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json index 06d4fe245..5fa1d666b 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json @@ -79,6 +79,7 @@ "badDomainName":"Błędna nazwa domeny", "badEncoding":"Błędne kodowanie", "badExpression":"Błędne wyrażenie", +"badExpressionAssignment":"Expression containing an assignment", "badHeaderName":"Błędna nazwa nagłówka", "badHostname":"Błędna nazwa hosta", "badLdapUri":"Błędny identyfikator URI LDAP", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index 4d00446c1..6db57b21e 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -79,6 +79,7 @@ "badDomainName":"Hatalı etki alanı adı", "badEncoding":"Hatalı kodlama", "badExpression":"Hatalı ifade", +"badExpressionAssignment":"Expression containing an assignment", "badHeaderName":"Hatalı başlık adı", "badHostname":"Hatalı konak adı", "badLdapUri":"Hatalı LDAP URI", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index e294f23f0..aed4b2aa3 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -79,6 +79,7 @@ "badDomainName":"Tên miền không hợp lệ", "badEncoding":"Mã hoá không hợp lệ", "badExpression":"Biểu thức không hợp lệ", +"badExpressionAssignment":"Expression containing an assignment", "badHeaderName":"Tên tiêu đề không hợp lệ", "badHostname":"Tên máy chủ không hợp lệ", "badLdapUri":"URI LDAP không đúng", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index a2e83d86b..8d586a15b 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -79,6 +79,7 @@ "badDomainName":"无效的域名", "badEncoding":"无效的编码", "badExpression":"无效的表达式", +"badExpressionAssignment":"Expression containing an assignment", "badHeaderName":"无效的头部名称", "badHostname":"无效的主机名", "badLdapUri":"无效的 LDAP URI ", diff --git a/lemonldap-ng-manager/t/14-bad-changes-in-conf.t b/lemonldap-ng-manager/t/14-bad-changes-in-conf.t index 1faa2469f..7fcaef332 100644 --- a/lemonldap-ng-manager/t/14-bad-changes-in-conf.t +++ b/lemonldap-ng-manager/t/14-bad-changes-in-conf.t @@ -22,9 +22,9 @@ ok( $resBody->{result} == 0, "JSON response contains \"result:0\"" ) or print STDERR Dumper($res); ok( ( $resBody->{details}->{__errors__} - and @{ $resBody->{details}->{__errors__} } == 1 + and @{ $resBody->{details}->{__errors__} } == 2 ), - '1 error detected' + '2 errors detected' ) or print STDERR Dumper($resBody); count(5); diff --git a/lemonldap-ng-manager/t/jsonfiles/14-bad.json b/lemonldap-ng-manager/t/jsonfiles/14-bad.json index a34aa4c45..f664444c5 100644 --- a/lemonldap-ng-manager/t/jsonfiles/14-bad.json +++ b/lemonldap-ng-manager/t/jsonfiles/14-bad.json @@ -1822,7 +1822,7 @@ "data": "logout_sso", "re": "^/logout" }, { - "data": "accept", + "data": "$uid = 1", "re": "default", "title": "default", "comment": "", diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm index 281f14aae..81e0229eb 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm @@ -4,7 +4,7 @@ package Lemonldap::NG::Portal::Main::Constants; use strict; use Exporter 'import'; -our $VERSION = '2.0.9'; +our $VERSION = '2.0.10'; use constant HANDLER => 'Lemonldap::NG::Handler::PSGI::Main'; use constant {