Hello,
there are probably "check" by the Access Control missing :
In MessageSend.java lign 474 and lign 535 in returnResponse(..), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.3.8.2.4].
In MessageSend.java lign 757 in initiateReturnError(..), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.3.8.3.4].
In MALBrokerBindingImpl.java lign 156 and 201, sendNotify(..), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.6.11.9.4].
In MALBrokerBindingImpl.java lign 242 and 276, sendNotifyError(...), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.6.11.10.4].
In MALBrokerBindingImpl.java lign 317 and 351, sendPublishError(...), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.6.11.6.4].
Best regards
Maxime Garnier
Reply from @SamCooper :
Hi Maxime,
Thank you for finding this, we should probably look at adding in some tests to the MAL testbed for this first (TDD), what do you think?
Max:
Hello Sam,
You know certainly much more than me in that regard, but yes I think it is a nice approach.
Best regards
Maxime
Sam:
Hi Maxime,
Would it be possible for you to make the required changes and also create a test in the MAL testbed for this? If you talk to Dominik he can show you how to create the clone, change and pull request.
Max:
Hello Sam,
Yes I will try, I do not have so much time remain, I will talk to Dominik.
Best regards
Maxime
CesarCoelho
commented
1 year ago
From @Max-LM :
Hello, there are probably "check" by the Access Control missing :
In MessageSend.java lign 474 and lign 535 in returnResponse(..), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.3.8.2.4].
In MessageSend.java lign 757 in initiateReturnError(..), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.3.8.3.4].
In MALBrokerBindingImpl.java lign 156 and 201, sendNotify(..), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.6.11.9.4].
In MALBrokerBindingImpl.java lign 242 and 276, sendNotifyError(...), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.6.11.10.4].
In MALBrokerBindingImpl.java lign 317 and 351, sendPublishError(...), the message is sent before being checked by the Access Control, as requested by the standard : "Mission Operations Message Abstraction Layer" [CCSDS 521.0-B-2, 3.5.6.11.6.4].
Best regards Maxime Garnier
Reply from @SamCooper : Hi Maxime,
Thank you for finding this, we should probably look at adding in some tests to the MAL testbed for this first (TDD), what do you think?
Max: Hello Sam, You know certainly much more than me in that regard, but yes I think it is a nice approach. Best regards Maxime
Sam: Hi Maxime,
Would it be possible for you to make the required changes and also create a test in the MAL testbed for this? If you talk to Dominik he can show you how to create the clone, change and pull request.
Max: Hello Sam, Yes I will try, I do not have so much time remain, I will talk to Dominik. Best regards Maxime