- Notifications
You must be signed in to change notification settings - Fork 25.5k
[Entitlements] Fix: consider case sensitiveness differences #126990
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
ldematte merged 25 commits into elastic:main from ldematte:entitlements/fileaccesstree-fix-windows-casing Apr 23, 2025
Merged
Changes from all commits
Commits
Show all changes
25 commits Select commit Hold shift + click to select a range
fb7b6a7 fix: consider case sensitiveness differences
ldematte 89701ef Update docs/changelog/126990.yaml
ldematte 4c6cc3f [CI] Auto commit changes from spotless
d844993 changelog + spotless
ldematte 761b8a3 Merge branch 'entitlements/fileaccesstree-fix-windows-casing' of http…
ldematte 1b0293c forbidden
ldematte c7ab3b9 Merge branch 'main' into entitlements/fileaccesstree-fix-windows-casing
ldematte e199568 Update docs/changelog/126990.yaml
ldematte 6f2eab2 Merge remote-tracking branch 'upstream/main' into entitlements/fileac…
ldematte 3894d03 consider mac case insensitive too
ldematte ea10eb5 Merge branch 'main' into entitlements/fileaccesstree-fix-windows-casing
ldematte bd7881a Merge remote-tracking branch 'upstream/main' into entitlements/fileac…
ldematte 3862969 Refactoring: move path-as-string comparison functions to Comparison c…
ldematte b252d3d Merge branch 'main' into entitlements/fileaccesstree-fix-windows-casing
ldematte 38957a2 extract separator
ldematte 65f8bd8 Merge branch 'entitlements/fileaccesstree-fix-windows-casing' of gith…
ldematte 5d3db2e [CI] Auto commit changes from spotless
cfc7299 fix separator for windows tests
ldematte cfaf7e4 iter
ldematte 2438af9 [CI] Auto commit changes from spotless
61b1219 Merge remote-tracking branch 'upstream/main' into entitlements/fileac…
ldematte 1d15bfb iter
ldematte fe22895 iter
ldematte 0db687c Merge branch 'main' into entitlements/fileaccesstree-fix-windows-casing
ldematte a1127fd Merge branch 'main' into entitlements/fileaccesstree-fix-windows-casing
ldematte File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| pr: 126990 | ||
| summary: "Fix: consider case sensitiveness differences in Windows/Unix-like filesystems\ | ||
| \ for files entitlements" | ||
| area: Infra/Core | ||
| type: bug | ||
| issues: | ||
| - 127047 |
31 changes: 31 additions & 0 deletions 31 ...src/main/java/org/elasticsearch/entitlement/runtime/policy/CaseInsensitiveComparison.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the "Elastic License | ||
| * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side | ||
| * Public License v 1"; you may not use this file except in compliance with, at | ||
| * your election, the "Elastic License 2.0", the "GNU Affero General Public | ||
| * License v3.0 only", or the "Server Side Public License, v 1". | ||
| */ | ||
| | ||
| package org.elasticsearch.entitlement.runtime.policy; | ||
| | ||
| class CaseInsensitiveComparison extends FileAccessTreeComparison { | ||
| | ||
| CaseInsensitiveComparison(char separatorChar) { | ||
| super(CaseInsensitiveComparison::caseInsensitiveCharacterComparator, separatorChar); | ||
| } | ||
| | ||
| private static int caseInsensitiveCharacterComparator(char c1, char c2) { | ||
| return Character.compare(Character.toLowerCase(c1), Character.toLowerCase(c2)); | ||
| } | ||
| | ||
| @Override | ||
| protected boolean pathStartsWith(String pathString, String pathPrefix) { | ||
| return pathString.regionMatches(true, 0, pathPrefix, 0, pathPrefix.length()); | ||
| } | ||
| | ||
| @Override | ||
| protected boolean pathsAreEqual(String path1, String path2) { | ||
| return path1.equalsIgnoreCase(path2); | ||
| } | ||
| } | ||
27 changes: 27 additions & 0 deletions 27 ...t/src/main/java/org/elasticsearch/entitlement/runtime/policy/CaseSensitiveComparison.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the "Elastic License | ||
| * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side | ||
| * Public License v 1"; you may not use this file except in compliance with, at | ||
| * your election, the "Elastic License 2.0", the "GNU Affero General Public | ||
| * License v3.0 only", or the "Server Side Public License, v 1". | ||
| */ | ||
| | ||
| package org.elasticsearch.entitlement.runtime.policy; | ||
| | ||
| class CaseSensitiveComparison extends FileAccessTreeComparison { | ||
| | ||
| CaseSensitiveComparison(char separatorChar) { | ||
| super(Character::compare, separatorChar); | ||
| } | ||
| | ||
| @Override | ||
| protected boolean pathStartsWith(String pathString, String pathPrefix) { | ||
| return pathString.startsWith(pathPrefix); | ||
| } | ||
| | ||
| @Override | ||
| protected boolean pathsAreEqual(String path1, String path2) { | ||
| return path1.equals(path2); | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
81 changes: 81 additions & 0 deletions 81 .../src/main/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTreeComparison.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the "Elastic License | ||
| * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side | ||
| * Public License v 1"; you may not use this file except in compliance with, at | ||
| * your election, the "Elastic License 2.0", the "GNU Affero General Public | ||
| * License v3.0 only", or the "Server Side Public License, v 1". | ||
| */ | ||
| | ||
| package org.elasticsearch.entitlement.runtime.policy; | ||
| | ||
| import org.elasticsearch.core.Strings; | ||
| import org.elasticsearch.logging.LogManager; | ||
| import org.elasticsearch.logging.Logger; | ||
| | ||
| import java.util.Comparator; | ||
| | ||
| abstract class FileAccessTreeComparison { | ||
| | ||
| private static final Logger logger = LogManager.getLogger(FileAccessTreeComparison.class); | ||
| | ||
| interface CharComparator { | ||
| int compare(char c1, char c2); | ||
| } | ||
| | ||
| private final Comparator<String> pathComparator; | ||
| | ||
| private final char separatorChar; | ||
| | ||
| /** | ||
| * For our lexicographic sort trick to work correctly, we must have path separators sort before | ||
| * any other character so that files in a directory appear immediately after that directory. | ||
| * For example, we require [/a, /a/b, /a.xml] rather than the natural order [/a, /a.xml, /a/b]. | ||
| */ | ||
| FileAccessTreeComparison(CharComparator charComparator, char separatorChar) { | ||
| pathComparator = (s1, s2) -> { | ||
| int len1 = s1.length(); | ||
| int len2 = s2.length(); | ||
| int lim = Math.min(len1, len2); | ||
| for (int k = 0; k < lim; k++) { | ||
| char c1 = s1.charAt(k); | ||
| char c2 = s2.charAt(k); | ||
| var comp = charComparator.compare(c1, c2); | ||
| if (comp == 0) { | ||
| continue; | ||
| } | ||
| boolean c1IsSeparator = c1 == separatorChar; | ||
| boolean c2IsSeparator = c2 == separatorChar; | ||
| if (c1IsSeparator == false || c2IsSeparator == false) { | ||
| if (c1IsSeparator) { | ||
| return -1; | ||
| } | ||
| if (c2IsSeparator) { | ||
| return 1; | ||
| } | ||
| return comp; | ||
| } | ||
| } | ||
| return len1 - len2; | ||
| }; | ||
| this.separatorChar = separatorChar; | ||
| } | ||
| | ||
| Comparator<String> pathComparator() { | ||
| return pathComparator; | ||
| } | ||
| | ||
| boolean isParent(String maybeParent, String path) { | ||
| logger.trace(() -> Strings.format("checking isParent [%s] for [%s]", maybeParent, path)); | ||
| return pathStartsWith(path, maybeParent) | ||
| && (path.length() > maybeParent.length() && path.charAt(maybeParent.length()) == separatorChar); | ||
| } | ||
| | ||
| boolean samePath(String currentPath, String nextPath) { | ||
| return pathsAreEqual(currentPath, nextPath); | ||
| } | ||
| | ||
| protected abstract boolean pathStartsWith(String pathString, String pathPrefix); | ||
| | ||
| protected abstract boolean pathsAreEqual(String path1, String path2); | ||
| } |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a significance to the fact that we switched from uppercase to lowercase?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, just a suggestion from Ryan to make it shorter and more readable
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
toUpperCaseis equally short and readable, no?I just think if we use one that's different from the actual filesystem code you referenced, we're asking for unexpected corner cases.