dweiss commented on a change in pull request #1078: SOLR-14071: Untrusted
configsets shouldn't be allowed to use <lib>
URL: https://github.com/apache/lucene-solr/pull/1078#discussion_r357014229
##########
File path: solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java
##########
@@ -369,13 +370,55 @@ public void testUploadWithScriptUpdateProcessor() throws
Exception {
}
+ @Test
+ public void testUploadWithLibDirective() throws Exception {
+ // Authorization off
+ unprotectConfigsHandler();
+ final String untrustedSuffix = "-untrusted";
+ uploadConfigSetWithAssertions("with-lib-directive", untrustedSuffix, null,
null);
+ // try to create a collection with the uploaded configset
+ Throwable thrown = expectThrows(HttpSolrClient.RemoteSolrException.class,
() -> {
+ createCollection("newcollection3", "with-lib-directive" +
untrustedSuffix,
+ 1, 1, solrCluster.getSolrClient());
+ });
+
+ assertThat(thrown.getMessage(), containsString("Underlying core creation
failed"));
+
+ // Authorization on
+ final String trustedSuffix = "-trusted";
+ protectConfigsHandler();
+ uploadConfigSetWithAssertions("with-lib-directive", trustedSuffix, "solr",
"SolrRocks");
+ // try to create a collection with the uploaded configset
+ CollectionAdminResponse resp = createCollection("newcollection3",
"with-lib-directive" + trustedSuffix,
+ 1, 1, solrCluster.getSolrClient());
+
+ SolrInputDocument doc = sdoc("id", "4055", "subject", "Solr");
+ solrCluster.getSolrClient().add("newcollection3", doc);
+ solrCluster.getSolrClient().commit("newcollection3");
+ assertEquals("4055", solrCluster.getSolrClient().query("newcollection3",
+ params("q", "*:*")).getResults().get(0).get("id"));
+ }
+
protected SolrZkClient zkClient() {
ZkStateReader reader = solrCluster.getSolrClient().getZkStateReader();
if (reader == null)
solrCluster.getSolrClient().connect();
return solrCluster.getSolrClient().getZkStateReader().getZkClient();
}
+ private void unprotectConfigsHandler() throws Exception {
+ HttpClient cl = null;
+ try {
+ cl = HttpClientUtil.createClient(null);
+ zkClient().setData("/security.json", "{}".getBytes(UTF_8), true);
+ } finally {
+ if (cl != null) {
+ HttpClientUtil.close(cl);
+ }
+ }
+ Thread.sleep(5000); // TODO: Without a delay, the test fails. Some problem
with Authc/Authz framework?
Review comment:
Yes, please. The tests already take an hour.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
