Lots of copied code from the Grouper repository #25
Description
The following classes:
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase(original source code)org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeCommonUtilsorg.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeUtils
were copied from the Grouper repository.
It seems that only a few changes has been made:
-
Logging: although the code is commented out, so it's not relevant (
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#iLogger) -
Skipping the Expression Language (EL) related processing in
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#propertiesHelper: again this is only relevant if there are keys with ".elConfig" suffix -
The following lines of code:
//InputStream inputStream = configFile.getConfigFileType().inputStream(configFile.getConfigFileTypeConfig(), this); try { //get the string and store it first (to see if it changes later) String configFileContents = configFile.retrieveContents(this); configFile.setContents(configFileContents); result.properties.load(new StringReader(configFileContents));
in
org.owasp.csrfguard.config.overlay.ConfigPropertiesCascadeBase#retrieveFromConfigFileswhich seem to do the same as the original code.
The question is, are these modifications really needed? If not, the original code could be used as a maven dependency:
<dependency>
<groupId>edu.internet2.middleware.grouper</groupId>
<artifactId>grouper-activemq</artifactId>
<version>2.5.29</version>
</dependency>Side note: the Grouper project is outdated/bulky/poorly written with a lot of duplicated code from the org.apache.commons:commons-lang3 and other common libraries. It would be nice to replace with a better alternative