RANGER-5015: Implementing Best Practices While Exporting CSV and Excel Files

Signed-off-by: Mugdha Varadkar <mugdha@apache.org>

Author: RakeshGuptaDev

security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java

@@ -213,6 +213,7 @@
 import java.util.Set;
 import java.util.StringTokenizer;
 import java.util.TreeSet;
+import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
 import static org.apache.ranger.db.XXGlobalStateDao.RANGER_GLOBAL_STATE_NAME_GDS;
@@ -255,6 +256,9 @@ public class ServiceDBStore extends AbstractServiceStore {
     private static final String FILE_HEADER                 = "ID|Name|Resources|Roles|Groups|Users|Accesses|Service Type|Status|Policy Type|Delegate Admin|isRecursive|isExcludes|Service Name|Description|isAuditEnabled|Policy Conditions|Policy Condition Type|Masking Options|Row Filter Expr|Policy Label Name";
     private static final String COMMA_DELIMITER             = "|";
 
+    private static final String  DEFAULT_CSV_SANITIZATION_PATTERN = "^[=+\\-@\\t\\r]";
+    private static final Pattern CSV_SANITIZATION_PATTERN = Pattern.compile(PropertiesUtil.getProperty("ranger.admin.csv.sanitization.pattern", DEFAULT_CSV_SANITIZATION_PATTERN));
+
     private static final Comparator<RangerPolicyDelta> POLICY_DELTA_ID_COMPARATOR = new RangerPolicyDeltaComparator();
 
     public static boolean SUPPORTS_POLICY_DELTAS;
@@ -4731,7 +4735,6 @@ private void writeCSVForPolicyItems(Map<String, String> svcNameToSvcType, Ranger
         String                            userNames                = "";
         String                            policyLabelName          = "";
         String                            accessType               = "";
-        String                            policyType               = "";
         Boolean                           delegateAdmin            = false;
         String                            isExcludesValue          = "";
         String                            maskingInfo              = "";
@@ -4898,28 +4901,6 @@ private void writeCSVForPolicyItems(Map<String, String> svcNameToSvcType, Ranger
             policyConditionTypeValue = "";
         }
 
-        String policyStatus;
-
-        if (policy.getIsEnabled()) {
-            policyStatus = "Enabled";
-        } else {
-            policyStatus = "Disabled";
-        }
-
-        int policyTypeInt = policy.getPolicyType();
-
-        switch (policyTypeInt) {
-            case RangerPolicy.POLICY_TYPE_ACCESS:
-                policyType = POLICY_TYPE_ACCESS;
-                break;
-            case RangerPolicy.POLICY_TYPE_DATAMASK:
-                policyType = POLICY_TYPE_DATAMASK;
-                break;
-            case RangerPolicy.POLICY_TYPE_ROWFILTER:
-                policyType = POLICY_TYPE_ROWFILTER;
-                break;
-        }
-
         if (CollectionUtils.isNotEmpty(policyLabels)) {
             for (String policyLabel : policyLabels) {
                 if (StringUtils.isNotBlank(policyLabel)) {
@@ -4936,49 +4917,53 @@ private void writeCSVForPolicyItems(Map<String, String> svcNameToSvcType, Ranger
 
         csvBuffer.append(policy.getId());
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(policyName);
+        csvBuffer.append(sanitizeCell(policyName));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(resourceKeyVal);
+        csvBuffer.append(sanitizeCell(resourceKeyVal));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(roleNames);
+        csvBuffer.append(sanitizeCell(roleNames));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(groupNames);
+        csvBuffer.append(sanitizeCell(groupNames));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(userNames);
+        csvBuffer.append(sanitizeCell(userNames));
         csvBuffer.append(COMMA_DELIMITER);
         csvBuffer.append(accessType.trim());
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(serviceType);
+        csvBuffer.append(sanitizeCell(serviceType));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(policyStatus);
+        csvBuffer.append(policy.getIsEnabled() ? "Enabled" : "Disabled");
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(policyType);
+        csvBuffer.append(getPolicyTypeString(policy.getPolicyType()));
         csvBuffer.append(COMMA_DELIMITER);
         csvBuffer.append(delegateAdmin.toString().toUpperCase());
         csvBuffer.append(COMMA_DELIMITER);
         csvBuffer.append(isRecursiveValue);
         csvBuffer.append(COMMA_DELIMITER);
         csvBuffer.append(isExcludesValue);
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(serviceName);
+        csvBuffer.append(sanitizeCell(serviceName));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(description);
+        csvBuffer.append(sanitizeCell(description));
         csvBuffer.append(COMMA_DELIMITER);
         csvBuffer.append(isAuditEnabled.toString().toUpperCase());
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(conditionKeyValue.trim());
+        csvBuffer.append(sanitizeCell(conditionKeyValue.trim()));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(policyConditionTypeValue);
+        csvBuffer.append(sanitizeCell(policyConditionTypeValue));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(maskingInfo);
+        csvBuffer.append(sanitizeCell(maskingInfo));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(filterExpr);
+        csvBuffer.append(sanitizeCell(filterExpr));
         csvBuffer.append(COMMA_DELIMITER);
-        csvBuffer.append(policyLabelName);
+        csvBuffer.append(sanitizeCell(policyLabelName));
         csvBuffer.append(COMMA_DELIMITER);
         csvBuffer.append(LINE_SEPARATOR);
     }
 
+    private String sanitizeCell(String value) {
+        return (value != null && !value.isEmpty() && CSV_SANITIZATION_PATTERN.matcher(value).find()) ? " " + value : value;
+    }
+
     private <T> void writeJson(List<T> objList, String jsonFileName, HttpServletResponse response, JSON_FILE_NAME_TYPE type) {
         response.setContentType("text/json");
         response.setHeader("Content-Disposition", "attachment; filename=" + jsonFileName);
@@ -5044,18 +5029,11 @@ private void writeBookForPolicyItems(Map<String, String> svcNameToSvcType, Range
         String       userNames                = "";
         String       policyLabelNames         = "";
         String       accessType               = "";
-        String       policyStatus;
-        String       policyType               = "";
         Boolean      delegateAdmin            = false;
         String       isRecursive;
         String       isExcludes;
-        String       serviceName;
-        String       description;
         Boolean      isAuditEnabled           = policy.getIsAuditEnabled();
         String       isExcludesValue          = "";
-        Cell         cell                     = row.createCell(0);
-
-        cell.setCellValue(policy.getId());
 
         List<RangerPolicyItemAccess>               accesses          = new ArrayList<>();
         List<RangerPolicyItemCondition>            conditionsList    = new ArrayList<>();
@@ -5072,11 +5050,8 @@ private void writeBookForPolicyItems(Map<String, String> svcNameToSvcType, Range
         RangerPolicy.RangerPolicyItemDataMaskInfo  dataMaskInfo;
         RangerPolicy.RangerPolicyItemRowFilterInfo filterInfo;
 
-        cell = row.createCell(1);
-
-        cell.setCellValue(policy.getName());
-
-        cell = row.createCell(2);
+        row.createCell(0).setCellValue(policy.getId());
+        row.createCell(1).setCellValue(sanitizeCell(policy.getName()));
 
         if (resources != null) {
             for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) {
@@ -5101,7 +5076,7 @@ private void writeBookForPolicyItems(Map<String, String> svcNameToSvcType, Range
             resourceKeyVal   = sb.toString();
             resourceKeyVal   = resourceKeyVal.substring(1);
 
-            cell.setCellValue(resourceKeyVal);
+            row.createCell(2).setCellValue(sanitizeCell(resourceKeyVal));
 
             if (policyItem != null && dataMaskPolicyItem == null && rowFilterPolicyItem == null) {
                 roles          = policyItem.getRoles();
@@ -5128,8 +5103,7 @@ private void writeBookForPolicyItems(Map<String, String> svcNameToSvcType, Range
                     maskingInfo = maskingInfo + "; conditionExpr=[" + conditionExpr + "]";
                 }
 
-                cell = row.createCell(18);
-                cell.setCellValue(maskingInfo);
+                row.createCell(18).setCellValue(sanitizeCell(maskingInfo));
             } else if (rowFilterPolicyItem != null && policyItem == null && dataMaskPolicyItem == null) {
                 roles          = rowFilterPolicyItem.getRoles();
                 groups         = rowFilterPolicyItem.getGroups();
@@ -5141,9 +5115,7 @@ private void writeBookForPolicyItems(Map<String, String> svcNameToSvcType, Range
 
                 String filterExpr = filterInfo.getFilterExpr();
 
-                cell = row.createCell(19);
-
-                cell.setCellValue(filterExpr);
+                row.createCell(19).setCellValue(sanitizeCell(filterExpr));
             }
 
             if (CollectionUtils.isNotEmpty(accesses)) {
@@ -5194,15 +5166,10 @@ private void writeBookForPolicyItems(Map<String, String> svcNameToSvcType, Range
                 conditionKeyValue = conditionType + "=" + conditionValue;
             }
 
-            cell = row.createCell(3);
-            cell.setCellValue(roleNames);
-            cell = row.createCell(4);
-            cell.setCellValue(groupNames);
-            cell = row.createCell(5);
-            cell.setCellValue(userNames);
-            cell = row.createCell(6);
-            cell.setCellValue(accessType.trim());
-            cell = row.createCell(7);
+            row.createCell(3).setCellValue(sanitizeCell(roleNames));
+            row.createCell(4).setCellValue(sanitizeCell(groupNames));
+            row.createCell(5).setCellValue(sanitizeCell(userNames));
+            row.createCell(6).setCellValue(accessType.trim());
 
             String serviceType = policy.getServiceType();
 
@@ -5224,16 +5191,19 @@ private void writeBookForPolicyItems(Map<String, String> svcNameToSvcType, Range
                 policyConditionTypeValue = "";
             }
 
-            cell.setCellValue(serviceType);
-
-            cell = row.createCell(8);
+            row.createCell(7).setCellValue(sanitizeCell(serviceType));
         }
 
-        if (policy.getIsEnabled()) {
-            policyStatus = "Enabled";
-        } else {
-            policyStatus = "Disabled";
-        }
+        row.createCell(8).setCellValue(policy.getIsEnabled() ? "Enabled" : "Disabled");
+        row.createCell(9).setCellValue(getPolicyTypeString(policy.getPolicyType()));
+        row.createCell(10).setCellValue(delegateAdmin.toString().toUpperCase());
+        row.createCell(11).setCellValue(isRecursiveValue);
+        row.createCell(12).setCellValue(isExcludesValue);
+        row.createCell(13).setCellValue(sanitizeCell(policy.getService()));
+        row.createCell(14).setCellValue(sanitizeCell(policy.getDescription()));
+        row.createCell(15).setCellValue(isAuditEnabled.toString().toUpperCase());
+        row.createCell(16).setCellValue(sanitizeCell(conditionKeyValue.trim()));
+        row.createCell(17).setCellValue(sanitizeCell(policyConditionTypeValue));
 
         policyLabels = policy.getPolicyLabels();
 
@@ -5247,47 +5217,20 @@ private void writeBookForPolicyItems(Map<String, String> svcNameToSvcType, Range
             }
         }
 
-        cell.setCellValue(policyStatus);
-
-        cell = row.createCell(9);
-
-        int policyTypeInt = policy.getPolicyType();
+        row.createCell(20).setCellValue(sanitizeCell(policyLabelNames));
+    }
 
-        switch (policyTypeInt) {
+    private String getPolicyTypeString(int policyType) {
+        switch (policyType) {
             case RangerPolicy.POLICY_TYPE_ACCESS:
-                policyType = POLICY_TYPE_ACCESS;
-                break;
-
+                return POLICY_TYPE_ACCESS;
             case RangerPolicy.POLICY_TYPE_DATAMASK:
-                policyType = POLICY_TYPE_DATAMASK;
-                break;
-
+                return POLICY_TYPE_DATAMASK;
             case RangerPolicy.POLICY_TYPE_ROWFILTER:
-                policyType = POLICY_TYPE_ROWFILTER;
-                break;
+                return POLICY_TYPE_ROWFILTER;
+            default:
+                return "";
         }
-
-        cell.setCellValue(policyType);
-        cell = row.createCell(10);
-        cell.setCellValue(delegateAdmin.toString().toUpperCase());
-        cell = row.createCell(11);
-        cell.setCellValue(isRecursiveValue);
-        cell = row.createCell(12);
-        cell.setCellValue(isExcludesValue);
-        cell        = row.createCell(13);
-        serviceName = policy.getService();
-        cell.setCellValue(serviceName);
-        cell        = row.createCell(14);
-        description = policy.getDescription();
-        cell.setCellValue(description);
-        cell = row.createCell(15);
-        cell.setCellValue(isAuditEnabled.toString().toUpperCase());
-        cell = row.createCell(16);
-        cell.setCellValue(conditionKeyValue.trim());
-        cell = row.createCell(17);
-        cell.setCellValue(policyConditionTypeValue);
-        cell = row.createCell(20);
-        cell.setCellValue(policyLabelNames);
     }
 
     private void createHeaderRow(Sheet sheet) {

security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java

@@ -1986,6 +1986,7 @@ public boolean resetPolicyCacheAll() {
         return ret;
     }
 
+    @Deprecated
     @GET
     @Path("/policies/downloadExcel")
     @Produces("application/ms-excel")
@@ -2038,6 +2039,7 @@ public void getPoliciesInExcel(@Context HttpServletRequest request, @Context Htt
         }
     }
 
+    @Deprecated
     @GET
     @Path("/policies/csv")
     @Produces("text/csv")