Re: [PR] Add limit to task payload size (druid)

Thu, 30 May 2024 12:14:00 -0700 


github-advanced-security[bot] commented on code in PR #16512:
URL: https://github.com/apache/druid/pull/16512#discussion_r1621323193


##########
indexing-service/src/main/java/org/apache/druid/indexing/overlord/TaskQueue.java:
##########
@@ -1018,4 +1022,37 @@
       giant.unlock();
     }
   }
+
+  void validateTaskPayload(Task task)
+  {
+    try {
+      String payload = passwordRedactingMapper.writeValueAsString(task);
+      if (payload.length() > TASK_SIZE_WARNING_THRESHOLD) {
+        log.warn("Received a large task payload [%s] with id [%s] and 
datasource [%s]" +
+                " There may be downstream issues caused by managing this large 
payload." +
+                "Set druid.indexer.queue.maxTaskPayloadSize to reject tasks 
above a certain size.",
+            payload.length(),
+            task.getId(),
+            task.getDataSource()
+        );
+      }
+
+      if (config.getMaxTaskPayloadSize() != null && 
config.getMaxTaskPayloadSize().getBytesInInt() < payload.length()) {
+        throw DruidException.forPersona(DruidException.Persona.OPERATOR)
+            .ofCategory(DruidException.Category.INVALID_INPUT)
+            .build(
+                "Task payload size was [%d] but max size is [%d]. " +
+                    "Reduce the size of the task or increase 
'druid.indexer.queue.maxTaskPayloadSize'.",
+                payload.length(),
+                config.getMaxTaskPayloadSize()
+            );
+      }
+    }
+    catch (JsonProcessingException e) {
+      throw DruidException.defensive(
+          "Failed to parse task payload for validation",
+          e
+      );

Review Comment:
   ## Unused format argument
   
   This format call refers to 0 argument(s) but supplies 1 argument(s).
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/7425)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org
For additional commands, e-mail: commits-h...@druid.apache.org

Reply via email to