From 847438d65dbb522ac4227acde8e6a437031a6a99 Mon Sep 17 00:00:00 2001
From: Sergio Ribeiro <sergio.ribeiro@hitachivantara.com>
Date: Tue, 25 Jun 2024 11:25:11 +0100
Subject: [PATCH] [PPP-5118] Revert "[PPP-5053] - Intercepting few Get request
 with Burp Suite allows un-athorised user to access data (#5559)"

This reverts commit b27effe4fd9d12c209bb6f2a6fd5fdbc1f2cfa2c.
---
 .../solution/SimpleContentGenerator.java      |  9 --------
 .../resources/GeneratorStreamingOutput.java   |  9 --------
 .../content/AxisServiceExecutorTest.java      | 23 ++-----------------
 .../AxisServiceWsdlGeneratorTest.java         | 14 -----------
 .../services/webservices/WsdlPageTest.java    | 16 -------------
 5 files changed, 2 insertions(+), 69 deletions(-)

diff --git a/core/src/main/java/org/pentaho/platform/engine/services/solution/SimpleContentGenerator.java b/core/src/main/java/org/pentaho/platform/engine/services/solution/SimpleContentGenerator.java
index a9c45e0b94..328f3475f2 100644
--- a/core/src/main/java/org/pentaho/platform/engine/services/solution/SimpleContentGenerator.java
+++ b/core/src/main/java/org/pentaho/platform/engine/services/solution/SimpleContentGenerator.java
@@ -20,10 +20,7 @@
 
 package org.pentaho.platform.engine.services.solution;
 
-import org.pentaho.commons.util.repository.exception.PermissionDeniedException;
-import org.pentaho.platform.api.engine.IAuthorizationPolicy;
 import org.pentaho.platform.api.repository.IContentItem;
-import org.pentaho.platform.engine.core.system.PentahoSystem;
 import org.pentaho.platform.engine.services.messages.Messages;
 import org.pentaho.platform.util.UUIDUtil;
 
@@ -33,15 +30,9 @@
 public abstract class SimpleContentGenerator extends BaseContentGenerator {
 
   private static final long serialVersionUID = -8882315618256741737L;
-  private static final String REPOSITORY_CREATE_ACTION = "org.pentaho.repository.create";
 
   @Override
   public void createContent() throws Exception {
-
-    if ( !PentahoSystem.get( IAuthorizationPolicy.class ).isAllowed( REPOSITORY_CREATE_ACTION ) ) {
-      throw new PermissionDeniedException();
-    }
-
     OutputStream out = null;
     if ( outputHandler == null ) {
       error( Messages.getInstance().getErrorString( "SimpleContentGenerator.ERROR_0001_NO_OUTPUT_HANDLER" ) ); //$NON-NLS-1$
diff --git a/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/GeneratorStreamingOutput.java b/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/GeneratorStreamingOutput.java
index db4cd83010..31a76d49f6 100644
--- a/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/GeneratorStreamingOutput.java
+++ b/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/GeneratorStreamingOutput.java
@@ -22,8 +22,6 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.pentaho.commons.util.repository.exception.PermissionDeniedException;
-import org.pentaho.platform.api.engine.IAuthorizationPolicy;
 import org.pentaho.platform.api.engine.IContentGenerator;
 import org.pentaho.platform.api.engine.IOutputHandler;
 import org.pentaho.platform.api.engine.IParameterProvider;
@@ -88,8 +86,6 @@ public class GeneratorStreamingOutput {
 
   private static final boolean MIMETYPE_MUTABLE = true;
 
-  private static final String REPOSITORY_CREATE_ACTION = "org.pentaho.repository.create";
-
   /**
    * Invokes a content generator to produce some content either in the context of a repository file, or in the form of a
    * direct service call (no repository file in view).
@@ -180,11 +176,6 @@ public void write( OutputStream output, MimeTypeCallback callback ) throws IOExc
   }
 
   protected void generateContent( OutputStream outputStream, final MimeTypeCallback callback ) throws Exception {
-
-    if ( !PentahoSystem.get( IAuthorizationPolicy.class ).isAllowed( REPOSITORY_CREATE_ACTION ) ) {
-      throw new PermissionDeniedException();
-    }
-
     try {
       httpServletResponse.setCharacterEncoding( LocaleHelper.getSystemEncoding() );
     } catch ( Throwable t ) {
diff --git a/extensions/src/test/java/org/pentaho/platform/plugin/services/webservices/content/AxisServiceExecutorTest.java b/extensions/src/test/java/org/pentaho/platform/plugin/services/webservices/content/AxisServiceExecutorTest.java
index d8614c9c56..f68c688d10 100644
--- a/extensions/src/test/java/org/pentaho/platform/plugin/services/webservices/content/AxisServiceExecutorTest.java
+++ b/extensions/src/test/java/org/pentaho/platform/plugin/services/webservices/content/AxisServiceExecutorTest.java
@@ -24,11 +24,6 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.mockStatic;
-import static org.mockito.Mockito.when;
 
 import java.io.ByteArrayOutputStream;
 import java.util.ArrayList;
@@ -39,14 +34,12 @@
 import org.apache.axis2.description.TransportInDescription;
 import org.apache.axis2.description.TransportOutDescription;
 import org.apache.axis2.engine.AxisConfiguration;
-import org.junit.*;
-import org.mockito.MockedStatic;
-import org.pentaho.platform.api.engine.IAuthorizationPolicy;
+import org.junit.Before;
+import org.junit.Test;
 import org.pentaho.platform.api.engine.IOutputHandler;
 import org.pentaho.platform.api.engine.IParameterProvider;
 import org.pentaho.platform.engine.core.output.SimpleOutputHandler;
 import org.pentaho.platform.engine.core.solution.SimpleParameterProvider;
-import org.pentaho.platform.engine.core.system.PentahoSystem;
 import org.pentaho.platform.engine.core.system.StandaloneSession;
 import org.pentaho.platform.plugin.services.pluginmgr.servicemgr.AxisWebServiceManager;
 import org.pentaho.platform.util.web.SimpleUrlFactory;
@@ -67,8 +60,6 @@ public class AxisServiceExecutorTest {
 
   private ByteArrayOutputStream out;
   private AxisServiceExecutor contentGenerator;
-  private static MockedStatic<PentahoSystem> pentahoSystem;
-
 
   @Before
   public void setUp() throws Exception {
@@ -108,16 +99,6 @@ public void setUp() throws Exception {
 
     assertNotNull( "contentGenerator is null", contentGenerator );
     assertNotNull( "Logger is null", contentGenerator.getLogger() );
-
-    pentahoSystem = mockStatic( PentahoSystem.class );
-    IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class );
-    pentahoSystem.when( () -> PentahoSystem.get( eq( IAuthorizationPolicy.class ) ) ).thenReturn( policy );
-    when( policy.isAllowed( anyString() ) ).thenReturn( true );
-  }
-
-  @After
-  public void cleanUp() {
-    pentahoSystem.close();
   }
 
   @Test
diff --git a/extensions/src/test/java/org/pentaho/test/platform/plugin/services/webservices/AxisServiceWsdlGeneratorTest.java b/extensions/src/test/java/org/pentaho/test/platform/plugin/services/webservices/AxisServiceWsdlGeneratorTest.java
index ce60e0c0fd..94ea2e3fcb 100644
--- a/extensions/src/test/java/org/pentaho/test/platform/plugin/services/webservices/AxisServiceWsdlGeneratorTest.java
+++ b/extensions/src/test/java/org/pentaho/test/platform/plugin/services/webservices/AxisServiceWsdlGeneratorTest.java
@@ -21,13 +21,10 @@
 package org.pentaho.test.platform.plugin.services.webservices;
 
 import org.junit.Test;
-import org.mockito.MockedStatic;
-import org.pentaho.platform.api.engine.IAuthorizationPolicy;
 import org.pentaho.platform.api.engine.IOutputHandler;
 import org.pentaho.platform.api.engine.IParameterProvider;
 import org.pentaho.platform.engine.core.output.SimpleOutputHandler;
 import org.pentaho.platform.engine.core.solution.SimpleParameterProvider;
-import org.pentaho.platform.engine.core.system.PentahoSystem;
 import org.pentaho.platform.engine.core.system.StandaloneSession;
 import org.pentaho.platform.plugin.services.pluginmgr.servicemgr.AxisWebServiceManager;
 import org.pentaho.platform.plugin.services.webservices.content.AxisServiceWsdlGenerator;
@@ -41,11 +38,6 @@
 import java.util.Map;
 
 import static org.junit.Assert.*;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.mockStatic;
-import static org.mockito.Mockito.when;
 
 public class AxisServiceWsdlGeneratorTest {
 
@@ -58,12 +50,6 @@ public void testBadInit2() throws Exception {
 
   @Test
   public void testBadInit3() throws Exception {
-
-    MockedStatic<PentahoSystem>  pentahoSystem = mockStatic( PentahoSystem.class );
-    IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class );
-    pentahoSystem.when( () -> PentahoSystem.get( eq( IAuthorizationPolicy.class ) ) ).thenReturn( policy );
-    when( policy.isAllowed( anyString() ) ).thenReturn( true );
-
     StandaloneSession session = new StandaloneSession( "test" ); //$NON-NLS-1$
 
     AxisServiceWsdlGenerator contentGenerator = new AxisServiceWsdlGenerator();
diff --git a/extensions/src/test/java/org/pentaho/test/platform/plugin/services/webservices/WsdlPageTest.java b/extensions/src/test/java/org/pentaho/test/platform/plugin/services/webservices/WsdlPageTest.java
index 22b21070d9..8eb17d162e 100644
--- a/extensions/src/test/java/org/pentaho/test/platform/plugin/services/webservices/WsdlPageTest.java
+++ b/extensions/src/test/java/org/pentaho/test/platform/plugin/services/webservices/WsdlPageTest.java
@@ -25,13 +25,10 @@
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
-import org.mockito.MockedStatic;
-import org.pentaho.platform.api.engine.IAuthorizationPolicy;
 import org.pentaho.platform.api.engine.IOutputHandler;
 import org.pentaho.platform.api.engine.IParameterProvider;
 import org.pentaho.platform.engine.core.output.SimpleOutputHandler;
 import org.pentaho.platform.engine.core.solution.SimpleParameterProvider;
-import org.pentaho.platform.engine.core.system.PentahoSystem;
 import org.pentaho.platform.engine.core.system.StandaloneSession;
 import org.pentaho.platform.plugin.services.pluginmgr.servicemgr.AxisWebServiceManager;
 import org.pentaho.platform.plugin.services.webservices.content.AxisServiceWsdlGenerator;
@@ -46,11 +43,6 @@
 
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.mockStatic;
-import static org.mockito.Mockito.when;
 
 public class WsdlPageTest {
 
@@ -61,7 +53,6 @@ public class WsdlPageTest {
 
   private ByteArrayOutputStream out;
   private AxisServiceWsdlGenerator contentGenerator;
-  private static MockedStatic<PentahoSystem> pentahoSystem;
 
   @Before
   public void setUp() {
@@ -86,19 +77,12 @@ public void setUp() {
     contentGenerator.setMessagesList( new ArrayList<String>() );
     contentGenerator.setSession( session );
     contentGenerator.setUrlFactory( new SimpleUrlFactory( BASE_URL + "?" ) );
-
-    pentahoSystem = mockStatic( PentahoSystem.class );
-    IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class );
-    pentahoSystem.when( () -> PentahoSystem.get( eq( IAuthorizationPolicy.class ) ) ).thenReturn( policy );
-    when( policy.isAllowed( anyString() ) ).thenReturn( true );
   }
 
   @After
   public void tearDown() {
     AxisWebServiceManager.currentAxisConfiguration = beforeTestCfg;
     AxisWebServiceManager.currentAxisConfigContext = beforeTestCtx;
-
-    pentahoSystem.close();
   }