From df05efd7d9c5981d254f3fea3d025e14755af2db Mon Sep 17 00:00:00 2001 From: Aditya Toshniwal Date: Wed, 17 Jun 2020 17:15:09 +0530 Subject: [PATCH] =?UTF-8?q?Fixed=C2=A0vulnerabilities=20and=20few=20design?= =?UTF-8?q?=20suspicions=20where=20two=20conditional=20structures=20are=20?= =?UTF-8?q?having=20the=20same=20implementation.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../schemas/tables/indexes/__init__.py | 6 ++-- .../servers/databases/schemas/tables/utils.py | 6 ++-- .../servers/static/js/privilege.js | 18 ++--------- .../tools/debugger/static/js/debugger_ui.js | 30 ++++--------------- .../tools/debugger/static/js/direct.js | 13 +------- .../schema_diff/static/js/schema_diff_ui.js | 10 ++----- .../static/js/user_management.js | 13 +++----- web/pgadmin/utils/session.py | 9 ++---- .../utils/sqlautocomplete/autocomplete.py | 9 +++--- 9 files changed, 28 insertions(+), 86 deletions(-) diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/indexes/__init__.py b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/indexes/__init__.py index c5335cc89..aea38879a 100644 --- a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/indexes/__init__.py +++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/indexes/__init__.py @@ -1057,14 +1057,16 @@ class IndexesView(PGChildNodeView, SchemaDiffObjectCompare): for key in required_create_keys: if key in diff_dict: - if (key == 'columns' and (( + if key == 'columns' and (( 'added' in diff_dict[key] and len(diff_dict[key]['added']) > 0 ) or ('changed' in diff_dict[key] and len(diff_dict[key]['changed']) > 0) or ( 'deleted' in diff_dict[key] and len(diff_dict[key]['deleted']) > 0) - )) or key != 'columns': + ): + create_req = True + elif key != 'columns': create_req = True if create_req: diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/utils.py b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/utils.py index 4cb1e5bcd..445cafb2d 100644 --- a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/utils.py +++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/utils.py @@ -757,9 +757,9 @@ class BaseTableView(PGChildNodeView, BasePartitionTable): elif key == 'foreign_key': if 'oid' not in data: for arg in ['columns']: - if arg not in data: - return False - elif isinstance(data[arg], list) and len(data[arg]) < 1: + if arg not in data or \ + (isinstance(data[arg], list) and + len(data[arg]) < 1): return False if 'autoindex' in data and \ diff --git a/web/pgadmin/browser/server_groups/servers/static/js/privilege.js b/web/pgadmin/browser/server_groups/servers/static/js/privilege.js index 569b16c07..cb9f36526 100644 --- a/web/pgadmin/browser/server_groups/servers/static/js/privilege.js +++ b/web/pgadmin/browser/server_groups/servers/static/js/privilege.js @@ -626,16 +626,8 @@ define(['sources/gettext', 'underscore', 'jquery', 'backbone', 'backform', commonUtils.handleKeyNavigation(event); } - if (command.moveUp() || command.moveDown() || command.save()) { - // backgrid vertical navigation (Up/Down arrow key) - ev.preventDefault(); - ev.stopPropagation(); - this.model.trigger('backgrid:edited', this.model, this.column, command); - // model.trigger('backgrid:edited', model, column, command); - return; - } - // esc - else if (command.cancel()) { + if (command.moveUp() || command.moveDown() || command.save() || command.cancel() || + (command.moveLeft() && ev.target.name === 'privilege' && $(ev.target).attr('privilege') === 'ALL')) { // undo ev.stopPropagation(); model.trigger('backgrid:edited', model, column, command); @@ -650,12 +642,6 @@ define(['sources/gettext', 'underscore', 'jquery', 'backbone', 'backform', return; } } - } else if (command.moveLeft() && ev.target.name === 'privilege' && - $(ev.target).attr('privilege') === 'ALL') { - // If we are at the fist privilege then we should move to previous cell - ev.stopPropagation(); - model.trigger('backgrid:edited', model, column, command); - return; } /* diff --git a/web/pgadmin/tools/debugger/static/js/debugger_ui.js b/web/pgadmin/tools/debugger/static/js/debugger_ui.js index 91f97a471..8c7899827 100644 --- a/web/pgadmin/tools/debugger/static/js/debugger_ui.js +++ b/web/pgadmin/tools/debugger/static/js/debugger_ui.js @@ -472,20 +472,11 @@ define([ // If there is default arguments //Below logic will assign default values to "Default value" column for (j = (myargname.length - 1); j >= 0; j--) { - if (debug_info['proargmodes'] == null) { - if (arg_cnt) { - arg_cnt = arg_cnt - 1; - def_val_list[j] = default_args[arg_cnt]; - } else { - def_val_list[j] = ''; - } + if (arg_cnt) { + arg_cnt = arg_cnt - 1; + def_val_list[j] = default_args[arg_cnt]; } else { - if (arg_cnt) { - arg_cnt = arg_cnt - 1; - def_val_list[j] = default_args[arg_cnt]; - } else { - def_val_list[j] = ''; - } + def_val_list[j] = ''; } } @@ -923,22 +914,11 @@ define([ let node = pgBrowser.Nodes[item_data._type]; let treeInfo = node.getTreeNodeHierarchy.call(node, selected_item); - let f_id; - if (item_data._type == 'function') { - f_id = item_data._id; - } else if (item_data._type == 'procedure') { - f_id = item_data._id; - } else if (item_data._type == 'edbfunc') { - f_id = item_data._id; - } else if (item_data._type == 'edbproc') { - f_id = item_data._id; - } - baseUrl = url_for('debugger.clear_arguments', { 'sid': treeInfo.server._id, 'did': treeInfo.database._id, 'scid': treeInfo.schema._id, - 'func_id': f_id, + 'func_id': item_data._id, }); } else { baseUrl = url_for('debugger.clear_arguments', { diff --git a/web/pgadmin/tools/debugger/static/js/direct.js b/web/pgadmin/tools/debugger/static/js/direct.js index ee41f9c7f..74cd7b7b2 100644 --- a/web/pgadmin/tools/debugger/static/js/direct.js +++ b/web/pgadmin/tools/debugger/static/js/direct.js @@ -391,18 +391,7 @@ define([ if (res.data.result == null || res.data.result.length == 0) { self.poll_result(trans_id); } else { - if (res.data.result[0].src != undefined || res.data.result[0].src != null) { - pgTools.DirectDebug.polling_timeout_idle = false; - pgTools.DirectDebug.docker.finishLoading(50); - if (res.data.result[0].src != pgTools.DirectDebug.editor.getValue()) { - pgTools.DirectDebug.editor.setValue(res.data.result[0].src); - self.UpdateBreakpoint(trans_id); - } - self.setActiveLine(res.data.result[0].linenumber - 2); - // Update the stack, local variables and parameters information - self.GetStackInformation(trans_id); - - } else if (!pgTools.DirectDebug.debug_type && !pgTools.DirectDebug.first_time_indirect_debug) { + if (!pgTools.DirectDebug.debug_type && !pgTools.DirectDebug.first_time_indirect_debug) { pgTools.DirectDebug.docker.finishLoading(50); self.setActiveLine(-1); self.clear_all_breakpoint(trans_id); diff --git a/web/pgadmin/tools/schema_diff/static/js/schema_diff_ui.js b/web/pgadmin/tools/schema_diff/static/js/schema_diff_ui.js index 7c04d9ce6..fcc1bf177 100644 --- a/web/pgadmin/tools/schema_diff/static/js/schema_diff_ui.js +++ b/web/pgadmin/tools/schema_diff/static/js/schema_diff_ui.js @@ -238,14 +238,8 @@ export default class SchemaDiffUI { generated_script = script_header + 'BEGIN;' + '\n' + self.model.get('diff_ddl') + '\n' + 'END;'; } - let preferences = pgWindow.pgAdmin.Browser.get_preferences_for_module('schema_diff'); - if (preferences.schema_diff_new_browser_tab) { - pgWindow.pgAdmin.ddl_diff = generated_script; - generateScript(server_data, pgWindow.pgAdmin.DataGrid); - } else { - pgWindow.pgAdmin.ddl_diff = generated_script; - generateScript(server_data, pgWindow.pgAdmin.DataGrid); - } + pgWindow.pgAdmin.ddl_diff = generated_script; + generateScript(server_data, pgWindow.pgAdmin.DataGrid); } $('#diff_fetching_data').find('.schema-diff-busy-text').text(''); diff --git a/web/pgadmin/tools/user_management/static/js/user_management.js b/web/pgadmin/tools/user_management/static/js/user_management.js index 751df0014..96fc55ced 100644 --- a/web/pgadmin/tools/user_management/static/js/user_management.js +++ b/web/pgadmin/tools/user_management/static/js/user_management.js @@ -843,15 +843,10 @@ define([ saveUser: function(m) { var d = m.toJSON(true); - if(m.isNew() && m.get('auth_source') == 'ldap' && - (!m.get('username') || !m.get('auth_source') || !m.get('role')) ) { - return false; - } else if (m.isNew() && m.get('auth_source') == DEFAULT_AUTH_SOURCE && (!m.get('email') || !m.get('role') || - !m.get('newPassword') || !m.get('confirmPassword') || - m.get('newPassword') != m.get('confirmPassword'))) { - // New user model is valid but partially filled so return without saving. - return false; - } else if (!m.isNew() && m.get('newPassword') != m.get('confirmPassword')) { + if((m.isNew() && m.get('auth_source') == 'ldap' && (!m.get('username') || !m.get('auth_source') || !m.get('role'))) + || (m.isNew() && m.get('auth_source') == DEFAULT_AUTH_SOURCE && (!m.get('email') || !m.get('role') || + !m.get('newPassword') || !m.get('confirmPassword') || m.get('newPassword') != m.get('confirmPassword'))) + || (!m.isNew() && m.get('newPassword') != m.get('confirmPassword'))) { // For old user password change is in progress and user model is valid but admin has not added // both the passwords so return without saving. return false; diff --git a/web/pgadmin/utils/session.py b/web/pgadmin/utils/session.py index a32300272..600553040 100644 --- a/web/pgadmin/utils/session.py +++ b/web/pgadmin/utils/session.py @@ -375,14 +375,11 @@ def cleanup_session_files(): iterate_session_files = False global LAST_CHECK_SESSION_FILES - if LAST_CHECK_SESSION_FILES is None: + if LAST_CHECK_SESSION_FILES is None or \ + datetime.datetime.now() >= LAST_CHECK_SESSION_FILES + \ + datetime.timedelta(hours=config.CHECK_SESSION_FILES_INTERVAL): iterate_session_files = True LAST_CHECK_SESSION_FILES = datetime.datetime.now() - else: - if datetime.datetime.now() >= LAST_CHECK_SESSION_FILES + \ - datetime.timedelta(hours=config.CHECK_SESSION_FILES_INTERVAL): - iterate_session_files = True - LAST_CHECK_SESSION_FILES = datetime.datetime.now() if iterate_session_files: for root, dirs, files in os.walk( diff --git a/web/pgadmin/utils/sqlautocomplete/autocomplete.py b/web/pgadmin/utils/sqlautocomplete/autocomplete.py index ef69ccde6..00d36d8fd 100644 --- a/web/pgadmin/utils/sqlautocomplete/autocomplete.py +++ b/web/pgadmin/utils/sqlautocomplete/autocomplete.py @@ -791,12 +791,11 @@ class SQLAutoComplete(object): 'signature': self.signature_arg_style }[usage] args = func.args() - if not template: - return '()' - elif usage == 'call' and len(args) < 2: - return '()' - elif usage == 'call' and func.has_variadic(): + if not template or ( + usage == 'call' and ( + len(args) < 2 or func.has_variadic())): return '()' + multiline = usage == 'call' and len(args) > self.call_arg_oneliner_max max_arg_len = max(len(a.name) for a in args) if multiline else 0 args = (