private ProcedureConfig procedureConfig() { Config config = Config.defaults( procedure_unrestricted, "org.neo4j.kernel.impl.proc.unsafeFullAccess*" ); return new ProcedureConfig( config ); } }
private ProcedureConfig() { this.defaultValue = ""; this.matchers = Collections.emptyList(); this.accessPatterns = Collections.emptyList(); this.whiteList = Collections.singletonList( compilePattern( "*" ) ); this.defaultTemporalTimeZone = UTC; }
if ( !config.fullAccessFor( funcName.toString() ) ) UserFunctionSignature signature = new UserFunctionSignature( funcName, inputSignature, valueConverter.type(), deprecated, config.rolesFor( funcName.toString() ), description, false ); config.rolesFor( funcName.toString() ), description, false );
String definedName = method.getAnnotation( UserFunction.class ).name(); QualifiedName funcName = extractName( fcnDefinition, method, valueName, definedName ); if ( config.isWhitelisted( funcName.toString() ) )
String[] rolesFor( String procedureName ) { String[] wildCardRoles = matchers.stream().filter( matcher -> matcher.matches( procedureName ) ) .map( ProcMatcher::roles ).reduce( new String[0], ( acc, next ) -> Stream.concat( stream( acc ), stream( next ) ).toArray( String[]::new ) ); if ( wildCardRoles.length > 0 ) { return wildCardRoles; } else { return getDefaultValue(); } }
public ProcedureConfig( Config config ) { this.defaultValue = config.getValue( PROC_ALLOWED_SETTING_DEFAULT_NAME ) .map( Object::toString ) .orElse( "" ); String allowedRoles = config.getValue( PROC_ALLOWED_SETTING_ROLES ).map( Object::toString ) .orElse( "" ); this.matchers = Stream.of( allowedRoles.split( SETTING_DELIMITER ) ) .map( procToRoleSpec -> procToRoleSpec.split( MAPPING_DELIMITER ) ) .filter( spec -> spec.length > 1 ) .map( spec -> { String[] roles = stream( spec[1].split( ROLES_DELIMITER ) ).map( String::trim ).toArray( String[]::new ); return new ProcMatcher( spec[0].trim(), roles ); } ).collect( Collectors.toList() ); this.accessPatterns = parseMatchers( GraphDatabaseSettings.procedure_unrestricted.name(), config, PROCEDURE_DELIMITER, ProcedureConfig::compilePattern ); this.whiteList = parseMatchers( GraphDatabaseSettings.procedure_whitelist.name(), config, PROCEDURE_DELIMITER, ProcedureConfig::compilePattern ); this.defaultTemporalTimeZone = config.get( GraphDatabaseSettings.db_temporal_timezone ); }
QualifiedName funcName = extractName( fcnDefinition, method, valueName, definedName ); if ( config.isWhitelisted( funcName.toString() ) )
String[] rolesFor( String procedureName ) { String[] wildCardRoles = matchers.stream().filter( matcher -> matcher.matches( procedureName ) ) .map( ProcMatcher::roles ).reduce( new String[0], ( acc, next ) -> Stream.concat( stream( acc ), stream( next ) ).toArray( String[]::new ) ); if ( wildCardRoles.length > 0 ) { return wildCardRoles; } else { return getDefaultValue(); } }
public ProcedureConfig( Config config ) { this.defaultValue = config.getValue( PROC_ALLOWED_SETTING_DEFAULT_NAME ) .map( Object::toString ) .orElse( "" ); String allowedRoles = config.getValue( PROC_ALLOWED_SETTING_ROLES ).map( Object::toString ) .orElse( "" ); this.matchers = Stream.of( allowedRoles.split( SETTING_DELIMITER ) ) .map( procToRoleSpec -> procToRoleSpec.split( MAPPING_DELIMITER ) ) .filter( spec -> spec.length > 1 ) .map( spec -> { String[] roles = stream( spec[1].split( ROLES_DELIMITER ) ).map( String::trim ).toArray( String[]::new ); return new ProcMatcher( spec[0].trim(), roles ); } ).collect( Collectors.toList() ); this.accessPatterns = parseMatchers( GraphDatabaseSettings.procedure_unrestricted.name(), config, PROCEDURE_DELIMITER, ProcedureConfig::compilePattern ); this.whiteList = parseMatchers( GraphDatabaseSettings.procedure_whitelist.name(), config, PROCEDURE_DELIMITER, ProcedureConfig::compilePattern ); this.defaultTemporalTimeZone = config.get( GraphDatabaseSettings.db_temporal_timezone ); }
@Test public void shouldNotLoadNoneWhiteListedFunction() throws Throwable { // Given Log log = spy(Log.class); procedureCompiler = new ReflectiveProcedureCompiler( new TypeMappers(), components, new ComponentRegistry(), log, new ProcedureConfig( Config.defaults( GraphDatabaseSettings.procedure_whitelist, "WrongName" ) ) ); List<CallableUserAggregationFunction> method = compile( SingleAggregationFunction.class ); verify( log ).warn( "The function 'org.neo4j.kernel.impl.proc.collectCool' is not on the whitelist and won't be loaded." ); assertThat( method.size(), equalTo( 0 ) ); }
if ( !config.fullAccessFor( procName.toString() ) ) UserFunctionSignature signature = new UserFunctionSignature( procName, inputSignature, typeChecker.type(), deprecated, config.rolesFor( procName.toString() ), description, false ); return new FailedLoadFunction( signature ); config.rolesFor( procName.toString() ), description, false );
QualifiedName procName = extractName( procDefinition, method, valueName, definedName ); if ( fullAccess || config.isWhitelisted( procName.toString() ) )
private ProcedureConfig() { this.defaultValue = ""; this.matchers = Collections.emptyList(); this.accessPatterns = Collections.emptyList(); this.whiteList = Collections.singletonList( compilePattern( "*" ) ); this.defaultTemporalTimeZone = UTC; }
@Test public void shouldNotLoadNoneWhiteListedFunction() throws Throwable { // Given Log log = spy(Log.class); procedureCompiler = new ReflectiveProcedureCompiler( new TypeMappers(), components, new ComponentRegistry(), log, new ProcedureConfig( Config.defaults( GraphDatabaseSettings.procedure_whitelist, "WrongName" ) ) ); List<CallableUserFunction> method = compile( SingleReadOnlyFunction.class ); verify( log ).warn( "The function 'org.neo4j.kernel.impl.proc.listCoolPeople' is not on the whitelist and won't be loaded." ); assertThat( method.size(), equalTo( 0 ) ); }
if ( !fullAccess && !config.fullAccessFor( procName.toString() ) ) config.rolesFor( procName.toString() ), description, warning, procedure.eager(), false ); return new ReflectiveProcedure( signature, constructor, method, outputMapper, setters );
QualifiedName funcName = extractName( fcnDefinition, method, valueName, definedName ); if ( config.isWhitelisted( funcName.toString() ) )
@Test public void shouldNotLoadAnyFunctionIfConfigIsEmpty() throws Throwable { // Given Log log = spy(Log.class); procedureCompiler = new ReflectiveProcedureCompiler( new TypeMappers(), components, new ComponentRegistry(), log, new ProcedureConfig( Config.defaults( GraphDatabaseSettings.procedure_whitelist, "" ) ) ); List<CallableUserFunction> method = compile( SingleReadOnlyFunction.class ); verify( log ).warn( "The function 'org.neo4j.kernel.impl.proc.listCoolPeople' is not on the whitelist and won't be loaded." ); assertThat( method.size(), equalTo( 0 ) ); }
if ( !config.fullAccessFor( funcName.toString() ) ) UserFunctionSignature signature = new UserFunctionSignature( funcName, inputSignature, valueConverter.type(), deprecated, config.rolesFor( funcName.toString() ), description, false ); config.rolesFor( funcName.toString() ), description, false );
QualifiedName procName = extractName( procDefinition, method, valueName, definedName ); if ( fullAccess || config.isWhitelisted( procName.toString() ) )
@Test public void shouldNotLoadAnyFunctionIfConfigIsEmpty() throws Throwable { // Given Log log = spy(Log.class); procedureCompiler = new ReflectiveProcedureCompiler( new TypeMappers(), components, new ComponentRegistry(), log, new ProcedureConfig( Config.defaults( GraphDatabaseSettings.procedure_whitelist, "" ) ) ); List<CallableUserAggregationFunction> method = compile( SingleAggregationFunction.class ); verify( log ).warn( "The function 'org.neo4j.kernel.impl.proc.collectCool' is not on the whitelist and won't be loaded." ); assertThat( method.size(), equalTo( 0 ) ); }