This is an automated email from the ASF dual-hosted git repository. shaofengshi pushed a commit to branch 3.0.x in repository https://gitbox.apache.org/repos/asf/kylin.git
The following commit(s) were added to refs/heads/3.0.x by this push: new d7b73e3 Minor, refactor d7b73e3 is described below commit d7b73e311dc665585245a4870d0022e190eaf197 Author: rupengwang <wangrup...@live.cn> AuthorDate: Thu Jun 11 13:54:59 2020 +0800 Minor, refactor - disbale setting kylin config - add check for database name - add check for command parameter --- .../main/java/org/apache/kylin/common/KylinConfigBase.java | 6 +++++- .../org/apache/kylin/common/util/CliCommandExecutor.java | 12 +++++++++--- .../apache/kylin/common/util/CliCommandExecutorTest.java | 13 +++++++++++++ .../org/apache/kylin/rest/controller/AdminController.java | 4 ++++ .../apache/kylin/rest/controller/DiagnosisController.java | 5 +++-- .../java/org/apache/kylin/rest/service/AdminService.java | 5 +++++ 6 files changed, 39 insertions(+), 6 deletions(-) diff --git a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java index 7953807..86fd831 100644 --- a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java +++ b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java @@ -955,7 +955,7 @@ public abstract class KylinConfigBase implements Serializable { } public String getHiveDatabaseForIntermediateTable() { - return this.getOptional("kylin.source.hive.database-for-flat-table", DEFAULT); + return CliCommandExecutor.checkHiveProperty(this.getOptional("kylin.source.hive.database-for-flat-table", DEFAULT)); } public String getFlatTableStorageFormat() { @@ -1950,6 +1950,10 @@ public abstract class KylinConfigBase implements Serializable { return Boolean.parseBoolean(getOptional("kylin.web.dashboard-enabled", FALSE)); } + public boolean isWebConfigEnabled() { + return Boolean.parseBoolean(getOptional("kylin.web.set-config-enable", FALSE)); + } + public String getPropertiesWhiteList() { return getOptional("kylin.web.properties.whitelist", "kylin.web.timezone,kylin.query.cache-enabled,kylin.env," + "kylin.web.hive-limit,kylin.storage.default," diff --git a/core-common/src/main/java/org/apache/kylin/common/util/CliCommandExecutor.java b/core-common/src/main/java/org/apache/kylin/common/util/CliCommandExecutor.java index c7600fd..74ea1f9 100644 --- a/core-common/src/main/java/org/apache/kylin/common/util/CliCommandExecutor.java +++ b/core-common/src/main/java/org/apache/kylin/common/util/CliCommandExecutor.java @@ -163,8 +163,10 @@ public class CliCommandExecutor { } } - public static final String COMMAND_INJECT_REX = "[ &`>|{}()$;\\-#~!+*”\\\\]+"; + public static final String COMMAND_BLOCK_LIST = "[ &`>|{}()$;\\-#~!+*\\\\]+"; public static final String COMMAND_WHITE_LIST = "[^\\w%,@/:=?.\"\\[\\]]"; + public static final String HIVE_BLOCK_LIST = "[ <>()$;\\-#!+*\"'/=%@]+"; + /** * <pre> @@ -188,17 +190,21 @@ public class CliCommandExecutor { * </pre> */ public static String checkParameter(String commandParameter) { - return checkParameter(commandParameter, COMMAND_INJECT_REX); + return checkParameter(commandParameter, COMMAND_BLOCK_LIST); } public static String checkParameterWhiteList(String commandParameter) { return checkParameter(commandParameter, COMMAND_WHITE_LIST); } + public static String checkHiveProperty(String hiveProperty) { + return checkParameter(hiveProperty, HIVE_BLOCK_LIST); + } + private static String checkParameter(String commandParameter, String rex) { String repaired = commandParameter.replaceAll(rex, ""); if (repaired.length() != commandParameter.length()) { - logger.info("Detected illegal character in command {} by {} , replace it to {}.", commandParameter, rex, repaired); + logger.warn("Detected illegal character in command {} by {} , replace it to {}.", commandParameter, rex, repaired); } return repaired; } diff --git a/core-common/src/test/java/org/apache/kylin/common/util/CliCommandExecutorTest.java b/core-common/src/test/java/org/apache/kylin/common/util/CliCommandExecutorTest.java index 043e4b5..18aea77 100644 --- a/core-common/src/test/java/org/apache/kylin/common/util/CliCommandExecutorTest.java +++ b/core-common/src/test/java/org/apache/kylin/common/util/CliCommandExecutorTest.java @@ -35,6 +35,12 @@ public class CliCommandExecutorTest { {"c1 | ${c2}", "c1c2"}, }; + private String[][] properties = { + {"default;show tables", "defaultshowtables"}, + {"default_kylin;drop tables;", "default_kylindroptables"}, + {"db and 1=2", "dband12"} + }; + @Test public void testCmd() { for (String[] pair : commands) { @@ -48,4 +54,11 @@ public class CliCommandExecutorTest { assertEquals(pair[1], CliCommandExecutor.checkParameterWhiteList(pair[0])); } } + + @Test + public void testHiveProperties() { + for (String[] pair : properties) { + assertEquals(pair[1], CliCommandExecutor.checkHiveProperty(pair[0])); + } + } } diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/AdminController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/AdminController.java index 843c609..2529c93 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/AdminController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/AdminController.java @@ -25,6 +25,7 @@ import org.apache.commons.configuration.ConfigurationException; import org.apache.kylin.common.KylinConfig; import org.apache.kylin.common.KylinVersion; import org.apache.kylin.common.util.VersionUtil; +import org.apache.kylin.rest.exception.BadRequestException; import org.apache.kylin.rest.msg.Message; import org.apache.kylin.rest.msg.MsgPicker; import org.apache.kylin.rest.request.MetricsRequest; @@ -120,6 +121,9 @@ public class AdminController extends BasicController { @RequestMapping(value = "/config", method = { RequestMethod.PUT }, produces = { "application/json" }) public void updateKylinConfig(@RequestBody UpdateConfigRequest updateConfigRequest) { + if (!adminService.configWritableStatus()) { + throw new BadRequestException("Update configuration from API is not allowed."); + } adminService.updateConfig(updateConfigRequest.getKey(), updateConfigRequest.getValue()); } diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/DiagnosisController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/DiagnosisController.java index dd9eb44..6d22df9 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/DiagnosisController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/DiagnosisController.java @@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.kylin.common.persistence.AutoDeleteDirectory; +import org.apache.kylin.common.util.CliCommandExecutor; import org.apache.kylin.metadata.badquery.BadQueryEntry; import org.apache.kylin.metadata.badquery.BadQueryHistory; import org.apache.kylin.rest.exception.InternalErrorException; @@ -79,7 +80,7 @@ public class DiagnosisController extends BasicController { public void dumpProjectDiagnosisInfo(@PathVariable String project, final HttpServletRequest request, final HttpServletResponse response) { try (AutoDeleteDirectory diagDir = new AutoDeleteDirectory("diag_project", "")) { - String filePath = dgService.dumpProjectDiagnosisInfo(project, diagDir.getFile()); + String filePath = dgService.dumpProjectDiagnosisInfo(CliCommandExecutor.checkParameter(project), diagDir.getFile()); setDownloadResponse(filePath, response); } catch (IOException e) { throw new InternalErrorException("Failed to dump project diagnosis info. " + e.getMessage(), e); @@ -95,7 +96,7 @@ public class DiagnosisController extends BasicController { public void dumpJobDiagnosisInfo(@PathVariable String jobId, final HttpServletRequest request, final HttpServletResponse response) { try (AutoDeleteDirectory diagDir = new AutoDeleteDirectory("diag_job", "")) { - String filePath = dgService.dumpJobDiagnosisInfo(jobId, diagDir.getFile()); + String filePath = dgService.dumpJobDiagnosisInfo(CliCommandExecutor.checkParameter(jobId), diagDir.getFile()); setDownloadResponse(filePath, response); } catch (IOException e) { throw new InternalErrorException("Failed to dump job diagnosis info. " + e.getMessage(), e); diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/AdminService.java b/server-base/src/main/java/org/apache/kylin/rest/service/AdminService.java index 6abbe98..d10ee44 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/service/AdminService.java +++ b/server-base/src/main/java/org/apache/kylin/rest/service/AdminService.java @@ -91,6 +91,11 @@ public class AdminService extends BasicService { } @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN) + public boolean configWritableStatus() { + return KylinConfig.getInstanceFromEnv().isWebConfigEnabled(); + } + + @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN) public void cleanupStorage() { StorageCleanupJob job = null; try {