Possible unnecessary code duplication from another repository

Question

Possible unnecessary code duplication from another repository

forgedhallpass opened this issue 4 years ago · comments

forgedhallpass commented 4 years ago

The following classes:

org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase (original source code)
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeCommonUtils
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeUtils

were copied from the Grouper repository.

It seems that only a few changes has been made:

Logging: although the code is commented out, so it's not relevant (org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#iLogger)
Skipping the Expression Language (EL) related processing in org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#propertiesHelper: again this is only relevant if there are keys with ".elConfig" suffix

The following lines of code:

//InputStream inputStream = configFile.getConfigFileType().inputStream(configFile.getConfigFileTypeConfig(), this);
try {
    //get the string and store it first (to see if it changes later)
    String configFileContents = configFile.retrieveContents(this);
    configFile.setContents(configFileContents);
    result.properties.load(new StringReader(configFileContents));

in org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#retrieveFromConfigFiles which seem to do the same as the original code.

The question is, are these modifications really needed? If not, the original code could be used as a maven dependency:

<dependency>
     <groupId>edu.internet2.middleware.grouper</groupId>
     <artifactId>grouper-activemq</artifactId>
     <version>2.5.29</version>
</dependency>

Side note: the Grouper project is outdated/bulky/poorly written with a lot of duplicated code from the org.apache.commons:commons-lang3 and other common libraries. It would be nice to replace with a better alternative

Tamilmozhi Gunasekar · Answer 1 · Fri Jul 17 2020 00:45:18 GMT+0800 (China Standard Time)

@forgedhallpass Thanks for taking time to look into the code. I think your "Side note" could be the very reason for duplicating (only the required) code for this project.
This project need contributors and unless anyone provides a pull request with a better solution, this may not change.

forgedhallpass · Answer 2 · Wed Sep 15 2021 18:48:42 GMT+0800 (China Standard Time)

The logic under the overlay package will have to be thrown out/rewritten.

Initial clean-up: OWASP/www-project-csrfguard@1b9b89a