Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-9525

Backport OPENIDM-6641: cannot-contains-others policy is broken and does not correctly detect values which do not meet the policy requirements

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Do
    • Affects Version/s: OpenIDM 4.0.0
    • Fix Version/s: None
    • Component/s: Module - Policy
    • Labels:

      Description

      The cannot-contain-others policy does not properly detect policy violations due to a invalid RegularExpress within the policy implementation.

      Specifically the following code:

              if (typeof(openidm) !== "undefined" && typeof(request) !== "undefined"  && request.resourcePath && !request.resourcePath.match(/*$')) {
      

      will never evaluate to false as the match() function never returns a 'falsey' value and always evaluates to true when executed. The issue is caused by the lack of a trailing '/' within the RegularExpression and lack of escaping of the asterisk.

      The above code should be modified as follows:

              if (typeof(openidm) !== "undefined" && typeof(request) !== "undefined"  && request.resourcePath && !request.resourcePath.match(/\*$/)) {
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mark.offutt Mark Offutt
                Reporter:
                cgdrake Chris Drake
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: