This is an automated email from the ASF dual-hosted git repository. jialiang pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push: new 2e23e28b2f AMBARI-26102:Add validation for Download CSV on Admin==>Kerberos tab (#3824) 2e23e28b2f is described below commit 2e23e28b2f9665981d1745bf5bd3d5b3288f358d Author: Bhavik Patel <bhavi...@visa.com> AuthorDate: Fri Sep 13 06:53:42 2024 +0530 AMBARI-26102:Add validation for Download CSV on Admin==>Kerberos tab (#3824) --- .../ambari/server/api/services/ClusterService.java | 98 +++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java index ec171455a1..a3506bdfbc 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java @@ -21,6 +21,7 @@ package org.apache.ambari.server.api.services; import java.util.Collections; import java.util.HashMap; import java.util.Map; +import java.util.Set; import javax.ws.rs.DELETE; import javax.ws.rs.GET; @@ -36,6 +37,7 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; import org.apache.ambari.server.api.resources.ResourceInstance; +import org.apache.ambari.server.api.services.parsers.BodyParseException; import org.apache.ambari.server.controller.AmbariServer; import org.apache.ambari.server.controller.ClusterArtifactResponse; import org.apache.ambari.server.controller.ClusterResponse.ClusterResponseWrapper; @@ -43,6 +45,13 @@ import org.apache.ambari.server.controller.internal.ClusterResourceProvider; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.state.Clusters; import org.apache.http.HttpStatus; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.gson.Gson; +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; @@ -59,6 +68,10 @@ import io.swagger.annotations.ApiResponses; @Api(value = "Clusters", description = "Endpoint for cluster-specific operations") public class ClusterService extends BaseService { + private final static Logger LOG = LoggerFactory.getLogger(ClusterService.class); + public static final String INVALID_KERBEROS_CHAR = "^\"[=+@].*"; + + private final Gson gson = new Gson(); private static final String CLUSTER_REQUEST_TYPE = "org.apache.ambari.server.api.services.ClusterRequestSwagger"; private static final String ARTIFACT_REQUEST_TYPE = "org.apache.ambari.server.controller.ClusterArtifactRequest"; @@ -419,7 +432,13 @@ public class ClusterService extends BaseService { public Response updateClusterArtifact(String body, @Context HttpHeaders headers, @Context UriInfo ui, @ApiParam(required = true) @PathParam("clusterName") String clusterName, @ApiParam(required = true) @PathParam("artifactName") String artifactName - ) { + ) throws BodyParseException { + if ("kerberos_descriptor".equals(artifactName)) { + LOG.info("Validating body For kerberos_descriptor"); + if (parseBody(body)) { + throw new BodyParseException("Bad request received"); + } + } ResourceInstance resource = createArtifactResource(clusterName, artifactName); return handleRequest(headers, body, ui, Request.Type.PUT, resource); } @@ -860,4 +879,81 @@ public class ClusterService extends BaseService { return createResource(Resource.Type.Artifact, mapIds); } + + private boolean parseBody(String body) { + JsonObject jsonObject = gson.fromJson(body, JsonObject.class); + if (jsonObject == null) { + return false; + } + + JsonElement artifact_data = jsonObject.get("artifact_data"); + if (artifact_data == null) { + return false; + } + JsonArray identities = artifact_data.getAsJsonObject().getAsJsonArray("identities"); + if (identities != null) { + if (checkKeytabsPrincipal(identities)) { + return true; + } + } + + JsonArray services = artifact_data.getAsJsonObject().getAsJsonArray("services"); + for (int i = 0; i < services.size(); i++) { + JsonArray components = services.get(i).getAsJsonObject().get("components").getAsJsonArray(); + if (services.get(i).getAsJsonObject().get("identities") != null) { + if (checkKeytabsPrincipal((JsonArray)services.get(i).getAsJsonObject().get("identities"))) { + return true; + } + } + for (int ii = 0; ii < components.size(); ii++) { + JsonArray componentsIdentities = (JsonArray) components.get(ii).getAsJsonObject().get("identities"); + if (componentsIdentities != null) { + if (checkKeytabsPrincipal(componentsIdentities)) { + return true; + } + } + } + } + + Set<Map.Entry<String, JsonElement>> properties = artifact_data.getAsJsonObject().getAsJsonObject("properties").entrySet(); + for (Map.Entry<String, JsonElement> entry : properties) { + boolean res = validateValues(String.valueOf(entry.getValue())); + if (res) { + return true; + } + } + return false; + } + + private boolean checkKeytabsPrincipal(JsonArray identities) { + String keytabFile = ""; + String principalValue = ""; + for (int i = 0; i < identities.size(); i++) { + if (identities.get(i).getAsJsonObject().get("keytab") != null) { + keytabFile = String.valueOf(identities.get(i).getAsJsonObject().get("keytab").getAsJsonObject().get("file")); + } + if (identities.get(i).getAsJsonObject().get("principal") != null) { + principalValue = String.valueOf(identities.get(i).getAsJsonObject().get("principal").getAsJsonObject().get("value")); + } + if (!keytabFile.isEmpty() && !"null".equals(keytabFile)) { + if (validateValues(keytabFile)) { + return true; + } + } + if (!principalValue.isEmpty() && !"null".equals(principalValue)) { + if (validateValues(principalValue)) { + return true; + } + ; + } + } + return false; + } + + private boolean validateValues(String values) { + if (values.matches(INVALID_KERBEROS_CHAR)) { + return true; + } + return false; + } } --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@ambari.apache.org For additional commands, e-mail: commits-h...@ambari.apache.org