Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible unnecessary code duplication from another repository #127

Open
forgedhallpass opened this issue Jul 16, 2020 · 2 comments
Open

Possible unnecessary code duplication from another repository #127

forgedhallpass opened this issue Jul 16, 2020 · 2 comments
Labels
enhancement

Comments

@forgedhallpass
Copy link
Collaborator

The following classes:

  • org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase (original source code)
  • org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeCommonUtils
  • org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeUtils

were copied from the Grouper repository.

It seems that only a few changes has been made:

  • Logging: although the code is commented out, so it's not relevant (org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#iLogger)

  • Skipping the Expression Language (EL) related processing in org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#propertiesHelper: again this is only relevant if there are keys with ".elConfig" suffix

  • The following lines of code:

    //InputStream inputStream = configFile.getConfigFileType().inputStream(configFile.getConfigFileTypeConfig(), this);
try {
    //get the string and store it first (to see if it changes later)
    String configFileContents = configFile.retrieveContents(this);
    configFile.setContents(configFileContents);
    result.properties.load(new StringReader(configFileContents));

    in org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#retrieveFromConfigFiles which seem to do the same as the original code.

The question is, are these modifications really needed? If not, the original code could be used as a maven dependency:

<dependency>
     <groupId>edu.internet2.middleware.grouper</groupId>
     <artifactId>grouper-activemq</artifactId>
     <version>2.5.29</version>
</dependency>

Side note: the Grouper project is outdated/bulky/poorly written with a lot of duplicated code from the org.apache.commons:commons-lang3 and other common libraries. It would be nice to replace with a better alternative
@tamilsweet
Copy link

@forgedhallpass Thanks for taking time to look into the code. I think your "Side note" could be the very reason for duplicating (only the required) code for this project.
This project need contributors and unless anyone provides a pull request with a better solution, this may not change.

@forgedhallpass
Copy link
Collaborator Author

The logic under the overlay package will have to be thrown out/rewritten.

Initial clean-up: OWASP/www-project-csrfguard@1b9b89a

@forgedhallpass forgedhallpass mentioned this issue Sep 15, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tamilsweet @forgedhallpass