[GitHub] [solr] sonatype-lift[bot] commented on a change in pull request #264: SOLR-10887: Append .xml to managed-schema file

GitBox Mon, 23 Aug 2021 15:40:31 -0700


sonatype-lift[bot] commented on a change in pull request #264:
URL: https://github.com/apache/solr/pull/264#discussion_r694355510




##########
File path: 
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +95,66 @@ public void init(NamedList<?> args) {
   public String getSchemaResourceName(String cdResourceName) {
     return managedSchemaResourceName; // actually a guess; reality depends on 
the actual files in the config set :-(
   }
+  
+  /**
+   * Lookup the path to the managed schema, dealing with falling back to the
+   * legacy managed-schema file, instead of the expected managed-schema.xml 
file.
+   * 
+   * This method is duplicated in ManagedIndexSchema.
+   */
+  public String lookupZKManagedSchemaPath() {
+    final ZkSolrResourceLoader zkLoader = (ZkSolrResourceLoader)loader;
+    final ZkController zkController = zkLoader.getZkController();
+    final SolrZkClient zkClient = zkController.getZkClient();
+    String managedSchemaPath = zkLoader.getConfigSetZkPath() + "/" + 
managedSchemaResourceName;
+    final String legacyManagedSchemaPath = zkLoader.getConfigSetZkPath() + "/" 
+ ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME;
+    try {
+      // check if we are using the legacy managed-schema file name.
+      if (zkClient.exists(legacyManagedSchemaPath, true)){
+        log.debug("Legacy managed schema resource {} found - loading legacy 
managed schema instead of {} file."
+            , ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME, 
managedSchemaResourceName);
+        managedSchemaPath = legacyManagedSchemaPath;
+      }
+    } catch (KeeperException e) {
+      throw new RuntimeException(e);
+    } catch (InterruptedException e) {
+      // Restore the interrupted status
+      Thread.currentThread().interrupt();
+      throw new RuntimeException(e);
+    }
+    return managedSchemaPath;
+  }  
+  
+  /**
+   * Lookup the path to the managed schema, dealing with falling back to the
+   * legacy managed-schema file, instead of the expected managed-schema.xml 
file.
+   * 
+   * This method is duplicated in ManagedIndexSchemaFactory.
+   * @see 
org.apache.solr.schema.ManagedIndexSchemaFactory#lookupZKManagedSchemaPath
+   */
+  public Path lookupLocalManagedSchemaPath() {
+    final Path legacyManagedSchemaPath = 
Paths.get(loader.getConfigPath().toString(), 
ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME);
+    
+    Path managedSchemaPath = Paths.get(loader.getConfigPath().toString(), 
managedSchemaResourceName);

Review comment:
       *PATH_TRAVERSAL_IN:*  This API 
(java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;)
 reads a file whose location might be specified by user input 
[(details)](https://find-sec-bugs.github.io/bugs.htm#PATH_TRAVERSAL_IN)
   (at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)

##########
File path: 
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +95,66 @@ public void init(NamedList<?> args) {
   public String getSchemaResourceName(String cdResourceName) {
     return managedSchemaResourceName; // actually a guess; reality depends on 
the actual files in the config set :-(
   }
+  
+  /**
+   * Lookup the path to the managed schema, dealing with falling back to the
+   * legacy managed-schema file, instead of the expected managed-schema.xml 
file.
+   * 
+   * This method is duplicated in ManagedIndexSchema.
+   */
+  public String lookupZKManagedSchemaPath() {
+    final ZkSolrResourceLoader zkLoader = (ZkSolrResourceLoader)loader;
+    final ZkController zkController = zkLoader.getZkController();
+    final SolrZkClient zkClient = zkController.getZkClient();
+    String managedSchemaPath = zkLoader.getConfigSetZkPath() + "/" + 
managedSchemaResourceName;
+    final String legacyManagedSchemaPath = zkLoader.getConfigSetZkPath() + "/" 
+ ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME;
+    try {
+      // check if we are using the legacy managed-schema file name.
+      if (zkClient.exists(legacyManagedSchemaPath, true)){
+        log.debug("Legacy managed schema resource {} found - loading legacy 
managed schema instead of {} file."
+            , ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME, 
managedSchemaResourceName);
+        managedSchemaPath = legacyManagedSchemaPath;
+      }
+    } catch (KeeperException e) {
+      throw new RuntimeException(e);
+    } catch (InterruptedException e) {
+      // Restore the interrupted status
+      Thread.currentThread().interrupt();
+      throw new RuntimeException(e);
+    }
+    return managedSchemaPath;
+  }  
+  
+  /**
+   * Lookup the path to the managed schema, dealing with falling back to the
+   * legacy managed-schema file, instead of the expected managed-schema.xml 
file.
+   * 
+   * This method is duplicated in ManagedIndexSchemaFactory.
+   * @see 
org.apache.solr.schema.ManagedIndexSchemaFactory#lookupZKManagedSchemaPath
+   */
+  public Path lookupLocalManagedSchemaPath() {
+    final Path legacyManagedSchemaPath = 
Paths.get(loader.getConfigPath().toString(), 
ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME);

Review comment:
       *THREAD_SAFETY_VIOLATION:*  Read/Write race. Non-private method 
`ManagedIndexSchemaFactory.lookupLocalManagedSchemaPath()` reads without 
synchronization from `this.loader`. Potentially races with write in method 
`ManagedIndexSchemaFactory.create(...)`.
    Reporting because another access to the same memory occurs on a background 
thread, although this access may not.
   (at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)

##########
File path: 
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +95,66 @@ public void init(NamedList<?> args) {
   public String getSchemaResourceName(String cdResourceName) {
     return managedSchemaResourceName; // actually a guess; reality depends on 
the actual files in the config set :-(
   }
+  
+  /**
+   * Lookup the path to the managed schema, dealing with falling back to the
+   * legacy managed-schema file, instead of the expected managed-schema.xml 
file.
+   * 
+   * This method is duplicated in ManagedIndexSchema.
+   */
+  public String lookupZKManagedSchemaPath() {
+    final ZkSolrResourceLoader zkLoader = (ZkSolrResourceLoader)loader;
+    final ZkController zkController = zkLoader.getZkController();
+    final SolrZkClient zkClient = zkController.getZkClient();
+    String managedSchemaPath = zkLoader.getConfigSetZkPath() + "/" + 
managedSchemaResourceName;
+    final String legacyManagedSchemaPath = zkLoader.getConfigSetZkPath() + "/" 
+ ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME;
+    try {
+      // check if we are using the legacy managed-schema file name.
+      if (zkClient.exists(legacyManagedSchemaPath, true)){
+        log.debug("Legacy managed schema resource {} found - loading legacy 
managed schema instead of {} file."
+            , ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME, 
managedSchemaResourceName);
+        managedSchemaPath = legacyManagedSchemaPath;
+      }
+    } catch (KeeperException e) {
+      throw new RuntimeException(e);
+    } catch (InterruptedException e) {
+      // Restore the interrupted status
+      Thread.currentThread().interrupt();
+      throw new RuntimeException(e);
+    }
+    return managedSchemaPath;
+  }  
+  
+  /**
+   * Lookup the path to the managed schema, dealing with falling back to the
+   * legacy managed-schema file, instead of the expected managed-schema.xml 
file.
+   * 
+   * This method is duplicated in ManagedIndexSchemaFactory.
+   * @see 
org.apache.solr.schema.ManagedIndexSchemaFactory#lookupZKManagedSchemaPath
+   */
+  public Path lookupLocalManagedSchemaPath() {
+    final Path legacyManagedSchemaPath = 
Paths.get(loader.getConfigPath().toString(), 
ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME);
+    
+    Path managedSchemaPath = Paths.get(loader.getConfigPath().toString(), 
managedSchemaResourceName);

Review comment:
       *THREAD_SAFETY_VIOLATION:*  Read/Write race. Non-private method 
`ManagedIndexSchemaFactory.lookupLocalManagedSchemaPath()` reads without 
synchronization from `this.managedSchemaResourceName`. Potentially races with 
write in method `ManagedIndexSchemaFactory.create(...)`.
    Reporting because another access to the same memory occurs on a background 
thread, although this access may not.
   (at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[GitHub] [solr] sonatype-lift[bot] commented on a change in pull request #264: SOLR-10887: Append .xml to managed-schema file

Reply via email to