This is an automated email from the ASF dual-hosted git repository.
shaofengshi pushed a commit to branch 3.0.x
in repository https://gitbox.apache.org/repos/asf/kylin.git
The following commit(s) were added to refs/heads/3.0.x by this push:
new d7b73e3 Minor, refactor
d7b73e3 is described below
commit d7b73e311dc665585245a4870d0022e190eaf197
Author: rupengwang <wangrup...@live.cn>
AuthorDate: Thu Jun 11 13:54:59 2020 +0800
Minor, refactor
- disbale setting kylin config
- add check for database name
- add check for command parameter
---
.../main/java/org/apache/kylin/common/KylinConfigBase.java | 6 +++++-
.../org/apache/kylin/common/util/CliCommandExecutor.java | 12 +++++++++---
.../apache/kylin/common/util/CliCommandExecutorTest.java | 13 +++++++++++++
.../org/apache/kylin/rest/controller/AdminController.java | 4 ++++
.../apache/kylin/rest/controller/DiagnosisController.java | 5 +++--
.../java/org/apache/kylin/rest/service/AdminService.java | 5 +++++
6 files changed, 39 insertions(+), 6 deletions(-)
diff --git
a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java
b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java
index 7953807..86fd831 100644
--- a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java
+++ b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java
@@ -955,7 +955,7 @@ public abstract class KylinConfigBase implements
Serializable {
}
public String getHiveDatabaseForIntermediateTable() {
- return this.getOptional("kylin.source.hive.database-for-flat-table",
DEFAULT);
+ return
CliCommandExecutor.checkHiveProperty(this.getOptional("kylin.source.hive.database-for-flat-table",
DEFAULT));
}
public String getFlatTableStorageFormat() {
@@ -1950,6 +1950,10 @@ public abstract class KylinConfigBase implements
Serializable {
return Boolean.parseBoolean(getOptional("kylin.web.dashboard-enabled",
FALSE));
}
+ public boolean isWebConfigEnabled() {
+ return Boolean.parseBoolean(getOptional("kylin.web.set-config-enable",
FALSE));
+ }
+
public String getPropertiesWhiteList() {
return getOptional("kylin.web.properties.whitelist",
"kylin.web.timezone,kylin.query.cache-enabled,kylin.env,"
+ "kylin.web.hive-limit,kylin.storage.default,"
diff --git
a/core-common/src/main/java/org/apache/kylin/common/util/CliCommandExecutor.java
b/core-common/src/main/java/org/apache/kylin/common/util/CliCommandExecutor.java
index c7600fd..74ea1f9 100644
---
a/core-common/src/main/java/org/apache/kylin/common/util/CliCommandExecutor.java
+++
b/core-common/src/main/java/org/apache/kylin/common/util/CliCommandExecutor.java
@@ -163,8 +163,10 @@ public class CliCommandExecutor {
}
}
- public static final String COMMAND_INJECT_REX = "[
&`>|{}()$;\\-#~!+*”\\\\]+";
+ public static final String COMMAND_BLOCK_LIST = "[
&`>|{}()$;\\-#~!+*\\\\]+";
public static final String COMMAND_WHITE_LIST = "[^\\w%,@/:=?.\"\\[\\]]";
+ public static final String HIVE_BLOCK_LIST = "[ <>()$;\\-#!+*\"'/=%@]+";
+
/**
* <pre>
@@ -188,17 +190,21 @@ public class CliCommandExecutor {
* </pre>
*/
public static String checkParameter(String commandParameter) {
- return checkParameter(commandParameter, COMMAND_INJECT_REX);
+ return checkParameter(commandParameter, COMMAND_BLOCK_LIST);
}
public static String checkParameterWhiteList(String commandParameter) {
return checkParameter(commandParameter, COMMAND_WHITE_LIST);
}
+ public static String checkHiveProperty(String hiveProperty) {
+ return checkParameter(hiveProperty, HIVE_BLOCK_LIST);
+ }
+
private static String checkParameter(String commandParameter, String rex) {
String repaired = commandParameter.replaceAll(rex, "");
if (repaired.length() != commandParameter.length()) {
- logger.info("Detected illegal character in command {} by {} ,
replace it to {}.", commandParameter, rex, repaired);
+ logger.warn("Detected illegal character in command {} by {} ,
replace it to {}.", commandParameter, rex, repaired);
}
return repaired;
}
diff --git
a/core-common/src/test/java/org/apache/kylin/common/util/CliCommandExecutorTest.java
b/core-common/src/test/java/org/apache/kylin/common/util/CliCommandExecutorTest.java
index 043e4b5..18aea77 100644
---
a/core-common/src/test/java/org/apache/kylin/common/util/CliCommandExecutorTest.java
+++
b/core-common/src/test/java/org/apache/kylin/common/util/CliCommandExecutorTest.java
@@ -35,6 +35,12 @@ public class CliCommandExecutorTest {
{"c1 | ${c2}", "c1c2"},
};
+ private String[][] properties = {
+ {"default;show tables", "defaultshowtables"},
+ {"default_kylin;drop tables;", "default_kylindroptables"},
+ {"db and 1=2", "dband12"}
+ };
+
@Test
public void testCmd() {
for (String[] pair : commands) {
@@ -48,4 +54,11 @@ public class CliCommandExecutorTest {
assertEquals(pair[1],
CliCommandExecutor.checkParameterWhiteList(pair[0]));
}
}
+
+ @Test
+ public void testHiveProperties() {
+ for (String[] pair : properties) {
+ assertEquals(pair[1],
CliCommandExecutor.checkHiveProperty(pair[0]));
+ }
+ }
}
diff --git
a/server-base/src/main/java/org/apache/kylin/rest/controller/AdminController.java
b/server-base/src/main/java/org/apache/kylin/rest/controller/AdminController.java
index 843c609..2529c93 100644
---
a/server-base/src/main/java/org/apache/kylin/rest/controller/AdminController.java
+++
b/server-base/src/main/java/org/apache/kylin/rest/controller/AdminController.java
@@ -25,6 +25,7 @@ import
org.apache.commons.configuration.ConfigurationException;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.KylinVersion;
import org.apache.kylin.common.util.VersionUtil;
+import org.apache.kylin.rest.exception.BadRequestException;
import org.apache.kylin.rest.msg.Message;
import org.apache.kylin.rest.msg.MsgPicker;
import org.apache.kylin.rest.request.MetricsRequest;
@@ -120,6 +121,9 @@ public class AdminController extends BasicController {
@RequestMapping(value = "/config", method = { RequestMethod.PUT },
produces = { "application/json" })
public void updateKylinConfig(@RequestBody UpdateConfigRequest
updateConfigRequest) {
+ if (!adminService.configWritableStatus()) {
+ throw new BadRequestException("Update configuration from API is
not allowed.");
+ }
adminService.updateConfig(updateConfigRequest.getKey(),
updateConfigRequest.getValue());
}
diff --git
a/server-base/src/main/java/org/apache/kylin/rest/controller/DiagnosisController.java
b/server-base/src/main/java/org/apache/kylin/rest/controller/DiagnosisController.java
index dd9eb44..6d22df9 100644
---
a/server-base/src/main/java/org/apache/kylin/rest/controller/DiagnosisController.java
+++
b/server-base/src/main/java/org/apache/kylin/rest/controller/DiagnosisController.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.kylin.common.persistence.AutoDeleteDirectory;
+import org.apache.kylin.common.util.CliCommandExecutor;
import org.apache.kylin.metadata.badquery.BadQueryEntry;
import org.apache.kylin.metadata.badquery.BadQueryHistory;
import org.apache.kylin.rest.exception.InternalErrorException;
@@ -79,7 +80,7 @@ public class DiagnosisController extends BasicController {
public void dumpProjectDiagnosisInfo(@PathVariable String project, final
HttpServletRequest request,
final HttpServletResponse response) {
try (AutoDeleteDirectory diagDir = new
AutoDeleteDirectory("diag_project", "")) {
- String filePath = dgService.dumpProjectDiagnosisInfo(project,
diagDir.getFile());
+ String filePath =
dgService.dumpProjectDiagnosisInfo(CliCommandExecutor.checkParameter(project),
diagDir.getFile());
setDownloadResponse(filePath, response);
} catch (IOException e) {
throw new InternalErrorException("Failed to dump project diagnosis
info. " + e.getMessage(), e);
@@ -95,7 +96,7 @@ public class DiagnosisController extends BasicController {
public void dumpJobDiagnosisInfo(@PathVariable String jobId, final
HttpServletRequest request,
final HttpServletResponse response) {
try (AutoDeleteDirectory diagDir = new AutoDeleteDirectory("diag_job",
"")) {
- String filePath = dgService.dumpJobDiagnosisInfo(jobId,
diagDir.getFile());
+ String filePath =
dgService.dumpJobDiagnosisInfo(CliCommandExecutor.checkParameter(jobId),
diagDir.getFile());
setDownloadResponse(filePath, response);
} catch (IOException e) {
throw new InternalErrorException("Failed to dump job diagnosis
info. " + e.getMessage(), e);
diff --git
a/server-base/src/main/java/org/apache/kylin/rest/service/AdminService.java
b/server-base/src/main/java/org/apache/kylin/rest/service/AdminService.java
index 6abbe98..d10ee44 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/AdminService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/AdminService.java
@@ -91,6 +91,11 @@ public class AdminService extends BasicService {
}
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
+ public boolean configWritableStatus() {
+ return KylinConfig.getInstanceFromEnv().isWebConfigEnabled();
+ }
+
+ @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public void cleanupStorage() {
StorageCleanupJob job = null;
try {
