QRunIO/qqq
2
0
Fork 0
mirror of https://github.com/Kingsrook/qqq.git synced 2025-07-18 13:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

CE-1955 Avoid type-based exceptions checking security key values

Browse Source
This commit is contained in:
darin.kelkhoff
2024-11-19 08:37:36 -06:00
parent c09198eed5
commit b684f2409b
2 changed files with 46 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/model/session/QSession.java
View File

@ -361,11 +361,37 @@ public class QSession implements Serializable, Cloneable
} }
List<Serializable> values = securityKeyValues.get(keyName); List<Serializable> values = securityKeyValues.get(keyName);
Serializable valueAsType = ValueUtils.getValueAsFieldType(fieldType, value);
Serializable valueAsType;
try
{
valueAsType = ValueUtils.getValueAsFieldType(fieldType, value);
}
catch(Exception e)
{
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// an exception in getValueAsFieldType would indicate, e.g., a non-number string trying to come back as integer. //
// so - assume that any such mismatch means the value isn't in the session. //
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
return (false);
}
for(Serializable keyValue : values) for(Serializable keyValue : values)
{ {
Serializable keyValueAsType = ValueUtils.getValueAsFieldType(fieldType, keyValue); Serializable keyValueAsType = null;
if(keyValueAsType.equals(valueAsType)) try
{
keyValueAsType = ValueUtils.getValueAsFieldType(fieldType, keyValue);
}
catch(Exception e)
{
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// an exception in getValueAsFieldType would indicate, e.g., a non-number string trying to come back as integer. //
// so - assume that any such mismatch means this key isn't a match.
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
}
if(valueAsType.equals(keyValueAsType))
{ {
return (true); return (true);
} }
@ -561,6 +587,7 @@ public class QSession implements Serializable, Cloneable
} }
/******************************************************************************* /*******************************************************************************
** Getter for valuesForFrontend ** Getter for valuesForFrontend
*******************************************************************************/ *******************************************************************************/
@ -591,6 +618,7 @@ public class QSession implements Serializable, Cloneable
} }
/******************************************************************************* /*******************************************************************************
** Fluent setter for a single valuesForFrontend ** Fluent setter for a single valuesForFrontend
*******************************************************************************/ *******************************************************************************/
@ -604,5 +632,4 @@ public class QSession implements Serializable, Cloneable
return (this); return (this);
} }
} }

14
qqq-backend-core/src/test/java/com/kingsrook/qqq/backend/core/model/session/QSessionTest.java
View File

@ -76,7 +76,7 @@ class QSessionTest extends BaseTest
void testMixedValueTypes() void testMixedValueTypes()
{ {
QSession session = new QSession().withSecurityKeyValues(Map.of( QSession session = new QSession().withSecurityKeyValues(Map.of(
"storeId", List.of("100", "200", 300) "storeId", List.of("100", "200", 300, "four-hundred")
)); ));
for(int i : List.of(100, 200, 300)) for(int i : List.of(100, 200, 300))
@ -86,6 +86,18 @@ class QSessionTest extends BaseTest
assertTrue(session.hasSecurityKeyValue("storeId", i, QFieldType.STRING), "Should contain: " + i); assertTrue(session.hasSecurityKeyValue("storeId", i, QFieldType.STRING), "Should contain: " + i);
assertTrue(session.hasSecurityKeyValue("storeId", String.valueOf(i), QFieldType.STRING), "Should contain: " + i); assertTrue(session.hasSecurityKeyValue("storeId", String.valueOf(i), QFieldType.STRING), "Should contain: " + i);
} }
////////////////////////////////////////////////////////////////////////////
// next two blocks - used to throw exceptions - now, gracefully be false. //
////////////////////////////////////////////////////////////////////////////
int i = 400;
assertFalse(session.hasSecurityKeyValue("storeId", i, QFieldType.INTEGER), "Should not contain: " + i);
assertFalse(session.hasSecurityKeyValue("storeId", String.valueOf(i), QFieldType.INTEGER), "Should not contain: " + i);
assertFalse(session.hasSecurityKeyValue("storeId", i, QFieldType.STRING), "Should not contain: " + i);
assertFalse(session.hasSecurityKeyValue("storeId", String.valueOf(i), QFieldType.STRING), "Should not contain: " + i);
assertFalse(session.hasSecurityKeyValue("storeId", "one-hundred", QFieldType.INTEGER), "Should not contain: " + i);
assertFalse(session.hasSecurityKeyValue("storeId", "one-hundred", QFieldType.STRING), "Should not contain: " + i);
} }