From e8bf07ee958ac73c5c58ba77894481a7c0f5df21 Mon Sep 17 00:00:00 2001 From: Joshua Brown Date: Tue, 9 Apr 2024 14:24:53 -0400 Subject: [PATCH] Fixed static code analysis issues --- compose/cleanup_globus_files.sh | 6 ++--- compose/generate_globus_files.sh | 4 ++-- repository/docker/entrypoint_authz.sh | 2 +- repository/docker/entrypoint_repo.sh | 4 ++-- .../gridftp/globus5/authz/source/libauthz.c | 6 ++--- scripts/dependency_install_functions.sh | 2 +- scripts/generate_authz_config.sh | 2 +- scripts/globus/create_guest_collection.py | 2 -- scripts/globus/globus_cleanup.py | 2 +- scripts/globus/initialize_globus_endpoint.py | 2 +- scripts/globus/utils.py | 24 ++++++------------- web/docker/entrypoint.sh | 4 ++-- 12 files changed, 24 insertions(+), 36 deletions(-) diff --git a/compose/cleanup_globus_files.sh b/compose/cleanup_globus_files.sh index afdc0b472..d4ed2a72b 100755 --- a/compose/cleanup_globus_files.sh +++ b/compose/cleanup_globus_files.sh @@ -20,13 +20,13 @@ export DATAFED_GLOBUS_CRED_FILE_PATH="$DATAFED_HOST_CRED_FILE_PATH" if [ -f "$DATAFED_HOST_CRED_FILE_PATH" ] then - export GCS_CLI_CLIENT_ID=$(cat "${DATAFED_HOST_CRED_FILE_PATH}" | jq -r .client) - export GCS_CLI_CLIENT_SECRET=$(cat "${DATAFED_HOST_CRED_FILE_PATH}" | jq -r .secret) + export GCS_CLI_CLIENT_ID=$(jq -r .client < "${DATAFED_HOST_CRED_FILE_PATH}") + export GCS_CLI_CLIENT_SECRET=$(jq -r .secret < "${DATAFED_HOST_CRED_FILE_PATH}") fi if [ -f "$DATAFED_GLOBUS_DEPLOYMENT_KEY_PATH" ] then - export GCS_CLI_ENDPOINT_ID=$(cat "${DATAFED_GLOBUS_DEPLOYMENT_KEY_PATH}" | jq -r .client_id) + export GCS_CLI_ENDPOINT_ID=$(jq -r .client_id < "${DATAFED_GLOBUS_DEPLOYMENT_KEY_PATH}") fi sudo globus-connect-server node cleanup diff --git a/compose/generate_globus_files.sh b/compose/generate_globus_files.sh index 0ed182846..82f5dba89 100755 --- a/compose/generate_globus_files.sh +++ b/compose/generate_globus_files.sh @@ -19,11 +19,11 @@ then mkdir -p "$local_DATAFED_GLOBUS_KEY_DIR" fi -. ${PROJECT_ROOT}/compose/.env +. "${PROJECT_ROOT}/compose/.env" DATAFED_GLOBUS_DEPLOYMENT_KEY_PATH="$DATAFED_HOST_DEPLOYMENT_KEY_PATH" \ DATAFED_GLOBUS_CRED_FILE_PATH="$DATAFED_HOST_CRED_FILE_PATH" \ DATAFED_GLOBUS_CONTROL_PORT="$DATAFED_GLOBUS_CONTROL_PORT" \ DATAFED_GLOBUS_SUBSCRIPTION="$DATAFED_GLOBUS_SUBSCRIPTION" \ DATAFED_GCS_ROOT_NAME="$DATAFED_GCS_ROOT_NAME" \ - python3 ${PROJECT_ROOT}/scripts/globus/initialize_globus_endpoint.py + python3 "${PROJECT_ROOT}/scripts/globus/initialize_globus_endpoint.py" diff --git a/repository/docker/entrypoint_authz.sh b/repository/docker/entrypoint_authz.sh index 2f46877b8..af23b3cf8 100755 --- a/repository/docker/entrypoint_authz.sh +++ b/repository/docker/entrypoint_authz.sh @@ -114,7 +114,7 @@ do msg='.' sleep 5 - HTTP_CODE=$(${DATAFED_DEPENDENCIES_INSTALL_PATH}/bin/curl -s -o /dev/null -w "%{http_code}\n" -I "https://${DATAFED_GCS_URL}/api/info") + HTTP_CODE=$("${DATAFED_DEPENDENCIES_INSTALL_PATH}/bin/curl" -s -o /dev/null -w "%{http_code}\n" -I "https://${DATAFED_GCS_URL}/api/info") if [ "$HTTP_CODE" == "200" ] then break diff --git a/repository/docker/entrypoint_repo.sh b/repository/docker/entrypoint_repo.sh index 51bd23c04..df730abe6 100755 --- a/repository/docker/entrypoint_repo.sh +++ b/repository/docker/entrypoint_repo.sh @@ -12,8 +12,8 @@ PROJECT_ROOT=$(realpath "${SOURCE}/../..") # This is only part of the solution the other part is running chown if [ -n "$UID" ]; then echo "Switching datafed user to UID: ${UID}" - usermod -u $UID datafed - chown -R datafed:root ${PROJECT_ROOT} + usermod -u "$UID" datafed + chown -R datafed:root "${PROJECT_ROOT}" chown -R datafed:root /opt/datafed/repo/ chown -R datafed:root /mnt/datafed fi diff --git a/repository/gridftp/globus5/authz/source/libauthz.c b/repository/gridftp/globus5/authz/source/libauthz.c index 482921e73..629d64178 100644 --- a/repository/gridftp/globus5/authz/source/libauthz.c +++ b/repository/gridftp/globus5/authz/source/libauthz.c @@ -222,7 +222,7 @@ bool setConfigVal(const char *a_label, char *a_dest, char *a_src, if (len > a_max_len) { AUTHZ_LOG_ERROR( - "DataFed - '%s' value too long in authz config file (max %lu).\n", + "DataFed - '%s' value too long in authz config file (max %zu).\n", a_label, a_max_len); return true; } @@ -483,6 +483,8 @@ globus_result_t gsi_authz_authorize_async(va_list ap) { AUTHZ_LOG_DEBUG("libauthz.c GLOBUS_GRIDFTP_GUEST_IDENTITY_IDS: %s\n", callout_ids1); + AUTHZ_LOG_DEBUG("libauthz.c GLOBUS_GRIDFTP_MAPPED_USERNAME: %s\n", + callout_username_mapped1); AUTHZ_LOG_DEBUG("libauthz.c GLOBUS_GRIDFTP_MAPPED_IDENTITY_ID: %s\n", callout_id_mapped1); AUTHZ_LOG_INFO("Allowed collection path: %s, action: %s, object is %s\n", @@ -572,8 +574,6 @@ globus_result_t gsi_authz_authorize_async(va_list ap) { } char *callout_ids = getenv("GLOBUS_GRIDFTP_GUEST_IDENTITY_IDS"); - char *callout_username_mapped = - getenv("GLOBUS_GRIDFTP_MAPPED_USERNAME"); char *callout_id_mapped = getenv("GLOBUS_GRIDFTP_MAPPED_IDENTITY_ID"); diff --git a/scripts/dependency_install_functions.sh b/scripts/dependency_install_functions.sh index 5b97d98c3..8020bd770 100644 --- a/scripts/dependency_install_functions.sh +++ b/scripts/dependency_install_functions.sh @@ -495,7 +495,6 @@ install_libcurl() { mkdir -p "${PROJECT_ROOT}/external/libcurl" tar -xf "curl-${DATAFED_LIBCURL}.tar.gz" -C "${PROJECT_ROOT}/external/libcurl" cd "${PROJECT_ROOT}/external/libcurl/curl-${DATAFED_LIBCURL}" - PKG_CONFIG_PATH="${DATAFED_DEPENDENCIES_INSTALL_PATH}/lib/pkgconfig" \ # Making third party features and dependencies explicit # OpenSSL is needed for HTTPS encryption @@ -503,6 +502,7 @@ install_libcurl() { # GNUTLS - HTTPS support session management certificate verification etc # NOTE: NSS - Network Security Services for HTTP support is deprecated # NOTE: metalink - is no longer supported and not a valid argument + PKG_CONFIG_PATH="${DATAFED_DEPENDENCIES_INSTALL_PATH}/lib/pkgconfig" \ ./configure --with-ssl="${DATAFED_DEPENDENCIES_INSTALL_PATH}" --with-gnutls --with-zlib \ --enable-file --disable-shared \ --disable-ldap --disable-ldaps --disable-rtsp --disable-dict \ diff --git a/scripts/generate_authz_config.sh b/scripts/generate_authz_config.sh index 374e81974..e7e5f25ab 100755 --- a/scripts/generate_authz_config.sh +++ b/scripts/generate_authz_config.sh @@ -60,7 +60,7 @@ else local_DATAFED_GCS_COLLECTION_ROOT_PATH=$(printenv DATAFED_GCS_COLLECTION_ROOT_PATH) fi -if [ -z $DATAFED_GLOBUS_REPO_USER ] +if [ -z "${DATAFED_GLOBUS_REPO_USER}" ] then local_DATAFED_AUTHZ_USER="$DATAFED_GLOBUS_REPO_USER" else diff --git a/scripts/globus/create_guest_collection.py b/scripts/globus/create_guest_collection.py index 872468a15..400379992 100644 --- a/scripts/globus/create_guest_collection.py +++ b/scripts/globus/create_guest_collection.py @@ -1,8 +1,6 @@ import globus_sdk -from globus_sdk import AccessTokenAuthorizer import utils import os -import sys # The Globus project the GCS endpoint will be created in diff --git a/scripts/globus/globus_cleanup.py b/scripts/globus/globus_cleanup.py index 0583f916b..4d01a20ac 100644 --- a/scripts/globus/globus_cleanup.py +++ b/scripts/globus/globus_cleanup.py @@ -1,5 +1,5 @@ import globus_sdk -from globus_sdk import AuthClient, GroupsClient +from globus_sdk import AuthClient, GroupsClient from globus_sdk.scopes import GroupsScopes import subprocess import sys diff --git a/scripts/globus/initialize_globus_endpoint.py b/scripts/globus/initialize_globus_endpoint.py index b6fe6887a..db45be7a1 100644 --- a/scripts/globus/initialize_globus_endpoint.py +++ b/scripts/globus/initialize_globus_endpoint.py @@ -1,6 +1,6 @@ import globus_sdk import utils -from globus_sdk import AuthClient, GroupsClient +from globus_sdk import AuthClient, GroupsClient from globus_sdk.scopes import GroupsScopes import os diff --git a/scripts/globus/utils.py b/scripts/globus/utils.py index d4588b51c..226546292 100644 --- a/scripts/globus/utils.py +++ b/scripts/globus/utils.py @@ -1,6 +1,4 @@ -import globus_sdk import subprocess -from globus_sdk import AuthClient, AccessTokenAuthorizer import json import os import sys @@ -145,7 +143,7 @@ def validFile(file_name): def getCredentialFromFile(cred_file_name, cred_id): # Check to see if the local secret is the same id and not just the same # name - cred_exists_locally, cred_empty = validFile(cred_file_name) + _, cred_empty = validFile(cred_file_name) if cred_empty is False: with open(cred_file_name, "r") as f: loaded_data = json.load(f) @@ -157,7 +155,7 @@ def getCredentialFromFile(cred_file_name, cred_id): def getClientIdFromCredFile(cred_file_name): # Check to see if the local secret is the same id and not just the same # name - cred_exists_locally, cred_empty = validFile(cred_file_name) + _, cred_empty = validFile(cred_file_name) if cred_empty is False: with open(cred_file_name, "r") as f: loaded_data = json.load(f) @@ -168,7 +166,7 @@ def getClientIdFromCredFile(cred_file_name): def getEndpointIdFromFile(deployment_key_file_path): # Check to see if the local secret is the same id and not just the same # name - exists_locally, empty = validFile(deployment_key_file_path) + _, empty = validFile(deployment_key_file_path) if empty is False: with open(deployment_key_file_path, "r") as f: loaded_data = json.load(f) @@ -230,12 +228,6 @@ def createClient(auth_client, client_name, project_id, cred_name, cred_file): cred_id = getCredentialID(auth_client, client_id, cred_name) - cred_exists_on_cloud = False - if cred_id: - cred_exists_on_cloud = True - - cred_exists_locally, cred_empty = validFile(cred_file) - client_secret = getClientSecret( auth_client, client_id, cred_name, cred_id, cred_file ) @@ -285,11 +277,10 @@ def isGCSDeploymentKeyValid(auth_client, project_id, endpoint_name, gcs_id): else: # Found a globus_connect_server but did not find local deployment # key - if deployment_key_empty: - print( - "Found globus_connect_server already registered but did" - " not find deployment key locally." - ) + print( + "Found globus_connect_server already registered but did" + " not find deployment key locally." + ) return False @@ -314,7 +305,6 @@ def createGCSEndpoint( userinfo, ): - identity_id = userinfo["sub"] email = userinfo["email"] username = userinfo["preferred_username"] organization = userinfo["identity_provider_display_name"] diff --git a/web/docker/entrypoint.sh b/web/docker/entrypoint.sh index 43f33b799..4c538bd2f 100755 --- a/web/docker/entrypoint.sh +++ b/web/docker/entrypoint.sh @@ -7,8 +7,8 @@ if [ -n "$UID" ]; then usermod -u "$UID" datafed fi -chown -R datafed:root ${DATAFED_INSTALL_PATH}/web -chown -R datafed:root ${BUILD_DIR} +chown -R datafed:root "${DATAFED_INSTALL_PATH}/web" +chown -R datafed:root "${BUILD_DIR}" SCRIPT=$(realpath "$0") SOURCE=$(dirname "$SCRIPT")