Bug Report: Extra Messages Not Removed From Profile Extract Data

Describe the bug If extra messages get added to profile extract data in result xml returned by IRRSMO00, it should not be included in the Python dictionary that the XML gets transformed into.

To Reproduce Steps to reproduce the behavior:

Logon to a z/OS user id that is only authorized to extract their own base segment but no other segments.
Ensure an affected version of pyRACF is installed.

Extract the user's own profile and include additional segments.

from pyracf import UserAdmin
user_admin = UserAdmin()
# An even number of additional segments results in extraneous
# malformed data being added to the extracted profile data
user_admin.extract("squidwrd", segments=["omvs", "tso"]
# An odd number of additional segments results in a stack trace.
user_admin.extract("squidwrd", segments=["omvs"]

Expected behavior All profile extract functions or more specifically anything that executes the listdata operation, should exclude any extra messages attached to the end of the result xml.

Console Output

Two Additional Segments:

user_admin.extract("squidwrd", segments=["omvs", "tso"]

Result XML

<?xml version="1.0" encoding="IBM-1047"?>
<securityresult xmlns="http://www.ibm.com/systems/zos/saf/IRRSMO00Result1">
  <user name="SQUIDWRD" operation="listdata" requestid="UserRequest">
    <command>
      <safreturncode>0</safreturncode>
      <returncode>0</returncode>
      <reasoncode>0</reasoncode>
      <image>LISTUSER SQUIDWRD  OMVS     TSO      OVM     </image>
      <message>USER=SQUIDWRD  NAME=SQUIDWARD             OWNER=LEONARD   CREATED=23.094</message>
      <message> DEFAULT-GROUP=SYS1     PASSDATE=00.000 PASS-INTERVAL=186 PHRASEDATE=N/A</message>
      <message> ATTRIBUTES=NONE</message>
      <message> REVOKE DATE=NONE   RESUME DATE=NONE</message>
      <message> LAST-ACCESS=23.094/12:55:37</message>
      <message> CLASS AUTHORIZATIONS=NONE</message>
      <message> NO-INSTALLATION-DATA</message>
      <message> NO-MODEL-NAME</message>
      <message> LOGON ALLOWED   (DAYS)          (TIME)</message>
      <message> ---------------------------------------------</message>
      <message> ANYDAY                          ANYTIME</message>
      <message>  GROUP=SYS1      AUTH=USE      CONNECT-OWNER=LEONARD   CONNECT-DATE=23.094</message>
      <message>    CONNECTS=    00  UACC=NONE     LAST-CONNECT=UNKNOWN</message>
      <message>    CONNECT ATTRIBUTES=NONE</message>
      <message>    REVOKE DATE=NONE   RESUME DATE=NONE</message>
      <message>SECURITY-LEVEL=NONE SPECIFIED</message>
      <message>CATEGORY-AUTHORIZATION</message>
      <message> NONE SPECIFIED</message>
      <message>SECURITY-LABEL=NONE SPECIFIED</message>
      <message>IRR52021I You are not authorized to view OMVS segments.</message>
      <message>IRR52021I You are not authorized to view TSO segments.</message>
    </command>
  </user>
  <returncode>0</returncode>
  <reasoncode>0</reasoncode>
</securityresult>

Result Dictionary

{
  "securityResult": {
    "user": {
      "name": "SQUIDWRD",
      "operation": "listdata",
      "requestId": "UserRequest",
      "commands": [
        {
          "safReturnCode": 0,
          "returnCode": 0,
          "reasonCode": 0,
          "image": "LISTUSER SQUIDWRD  OMVS     TSO      OVM     ",
          "profiles": [
            {
              "base": {
                "user": "squidwrd",
                "name": "squidward",
                "owner": "leonard",
                "created": "4/4/2023",
                "defaultGroup": "sys1",
                "passwordDate": null,
                "passwordInterval": 186,
                "passphraseDate": null,
                "attributes": [],
                "revokeDate": null,
                "resumeDate": null,
                "lastAccess": "4/4/2023 12:55 PM",
                "classAuthorizations": [],
                "logonAllowedDays": "anyday",
                "logonAllowedTime": "anytime",
                "groups": {
                  "SYS1": {
                    "auth": "use",
                    "connectOwner": "leonard",
                    "connectDate": "4/4/2023",
                    "connects": 0,
                    "uacc": null,
                    "lastConnect": null,
                    "connectAttributes": [],
                    "revokeDate": null,
                    "resumeDate": null
                  }
                },
                "securityLevel": null,
                "categoryAuthorization": null,
                "securityLabel": null,
                "irr52021iYouAreNotAuthorizedToViewOmvsSegments.": "irr52021i you are not authorized to view tso segments."
              }
            }
          ]
        }
      ]
    },
    "returnCode": 0,
    "reasonCode": 0
  }
}

One Additional Segment

user_admin.extract("squidwrd", segments=["omvs"]

Result XML

<?xml version="1.0" encoding="IBM-1047"?>
<securityresult xmlns="http://www.ibm.com/systems/zos/saf/IRRSMO00Result1">
  <user name="SQUIDWRD" operation="listdata" requestid="UserRequest">
    <command>
      <safreturncode>0</safreturncode>
      <returncode>0</returncode>
      <reasoncode>0</reasoncode>
      <image>LISTUSER SQUIDWRD  OMVS     TSO     </image>
      <message>USER=SQUIDWRD  NAME=SQUIDWARD             OWNER=LEONARD   CREATED=23.094</message>
      <message> DEFAULT-GROUP=SYS1     PASSDATE=00.000 PASS-INTERVAL=186 PHRASEDATE=N/A</message>
      <message> ATTRIBUTES=NONE</message>
      <message> REVOKE DATE=NONE   RESUME DATE=NONE</message>
      <message> LAST-ACCESS=23.094/12:55:37</message>
      <message> CLASS AUTHORIZATIONS=NONE</message>
      <message> NO-INSTALLATION-DATA</message>
      <message> NO-MODEL-NAME</message>
      <message> LOGON ALLOWED   (DAYS)          (TIME)</message>
      <message> ---------------------------------------------</message>
      <message> ANYDAY                          ANYTIME</message>
      <message>  GROUP=SYS1      AUTH=USE      CONNECT-OWNER=LEONARD   CONNECT-DATE=23.094</message>
      <message>    CONNECTS=    00  UACC=NONE     LAST-CONNECT=UNKNOWN</message>
      <message>    CONNECT ATTRIBUTES=NONE</message>
      <message>    REVOKE DATE=NONE   RESUME DATE=NONE</message>
      <message>SECURITY-LEVEL=NONE SPECIFIED</message>
      <message>CATEGORY-AUTHORIZATION</message>
      <message> NONE SPECIFIED</message>
      <message>SECURITY-LABEL=NONE SPECIFIED</message>
      <message>IRR52021I You are not authorized to view OMVS segments.</message>
      <message>IRR52021I You are not authorized to view TSO segments.</message>
    </command>
  </user>
  <returncode>0</returncode>
  <reasoncode>0</reasoncode>
</securityresult>

Stack Trace

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/u/squidwrd/.local/lib/python3.11/site-packages/pyracf/user/user_admin.py", line 810, in extract
    result = self._extract_and_check_result(user_request)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/u/squidwrd/.local/lib/python3.11/site-packages/pyracf/common/security_admin.py", line 130, in _extract_and_check_result
    self._format_profile(result)
  File "/u/squidwrd/.local/lib/python3.11/site-packages/pyracf/user/user_admin.py", line 838, in _format_profile
    profile = self._format_profile_generic(
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/u/squidwrd/.local/lib/python3.11/site-packages/pyracf/common/security_admin.py", line 379, in _format_profile_generic
    i = self.__format_user_profile_data(
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/u/squidwrd/.local/lib/python3.11/site-packages/pyracf/common/security_admin.py", line 478, in __format_user_profile_data
    messages[i] = f"{messages[i]}={messages[i+1]}"
                                   ~~~~~~~~^^^^^
IndexError: list index out of range

Environment Information:

z/OS Version: 2.4
Python Version: 3.11
is RSecMgtOper (IRRSMO00)_ setup? Yes

Additional context Add any other context about the problem here.

ambitus / pyracf

Bug Report: Extra Messages Not Removed From Profile Extract Data #30