Possible unnecessary code duplication from another repository
forgedhallpass opened this issue · comments
The following classes:
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase
(original source code)org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeCommonUtils
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeUtils
were copied from the Grouper repository.
It seems that only a few changes has been made:
-
Logging: although the code is commented out, so it's not relevant (
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#iLogger
) -
Skipping the Expression Language (EL) related processing in
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#propertiesHelper
: again this is only relevant if there are keys with ".elConfig" suffix -
The following lines of code:
//InputStream inputStream = configFile.getConfigFileType().inputStream(configFile.getConfigFileTypeConfig(), this); try { //get the string and store it first (to see if it changes later) String configFileContents = configFile.retrieveContents(this); configFile.setContents(configFileContents); result.properties.load(new StringReader(configFileContents));
in
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#retrieveFromConfigFiles
which seem to do the same as the original code.
The question is, are these modifications really needed? If not, the original code could be used as a maven dependency:
<dependency>
<groupId>edu.internet2.middleware.grouper</groupId>
<artifactId>grouper-activemq</artifactId>
<version>2.5.29</version>
</dependency>
Side note: the Grouper project is outdated/bulky/poorly written with a lot of duplicated code from the org.apache.commons:commons-lang3
and other common libraries. It would be nice to replace with a better alternative
@forgedhallpass Thanks for taking time to look into the code. I think your "Side note" could be the very reason for duplicating (only the required) code for this project.
This project need contributors and unless anyone provides a pull request with a better solution, this may not change.
The logic under the overlay
package will have to be thrown out/rewritten.
Initial clean-up: OWASP/www-project-csrfguard@1b9b89a