brk-175
/ gist:c1d46647dae86a6a27ad61dac0bd0b8d
Created
March 2, 2026 09:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Drone least-privilege runbook | |
| This runbook describes how to run Drone services as a non-root, least-privileged Linux account. | |
| It addresses the audit finding that the application is currently running as `root`. | |
| ## Goals | |
| - Run all Drone services as an unprivileged service account (e.g., `drone` or `tomcat`). | |
| - Prevent interactive logins for the service account. | |
| - Restrict filesystem write access to only the required directories. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@page import="org.apache.poi.sl.usermodel.ObjectMetaData.Application"%> | |
| <%@page import="org.springframework.web.servlet.support.RequestContextUtils"%> | |
| <%@page import="org.springframework.beans.factory.annotation.Autowired"%> | |
| <%@page import="com.thales.drone.common.dto.SamlRespDto"%> | |
| <%@page import="com.thales.drone.serviceimpl.UserServiceImpl"%> | |
| <%@page import="com.thales.drone.common.service.CommonServiceImpl"%> | |
| <%@page import="com.thales.drone.common.dto.UserRoleDto"%> | |
| <%@page import="com.thales.drone.util.JwtUtils"%> | |
| <%@page import="com.thales.drone.service.UserService"%> | |
| <%@page import="com.onelogin.saml2.Auth"%> |
brk-175
/ Output Description
Created
January 27, 2026 10:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ✅ What I found | |
| The only usage of po_list_view in this workspace is in PurchaseOrderServiceImpl (it builds the native SQL for PO search). The view name also appears inside QueryConstant, but that class isn’t present in the workspace (likely from a shared module). | |
| ✅ Fix applied (same solution) | |
| When the database throws “relation dronedb.po_list_view does not exist”, the code now retries the count and the data query by swapping to po_list_export_view. This keeps behavior intact without requiring DB changes. | |
| File updated | |
| PurchaseOrderServiceImpl.java | |
| Added a safe fallback to replace po_list_view with po_list_export_view for both count and data queries. | |
| Added helper methods: isMissingPoListView(...) and replacePoListView(...). |
brk-175
/ PurchaseOrderServiceImpl.java
Last active
January 27, 2026 06:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.thales.drone.serviceimpl; | |
| import static com.thales.drone.constants.Constants.AMENDED_DATE; | |
| import static com.thales.drone.constants.Constants.AMOUNT_MISMATCH; | |
| import static com.thales.drone.constants.Constants.BAD_FILE; | |
| import static com.thales.drone.constants.Constants.BLACKLISTED_WORDS; | |
| import static com.thales.drone.constants.Constants.COUNT; | |
| import static com.thales.drone.constants.Constants.DATA; | |
| import static com.thales.drone.constants.Constants.DELETE_EXCEPTION; | |
| import static com.thales.drone.constants.Constants.DELETE_SUCCESS; |