[MediaWiki-commits] [Gerrit] wikidata...rdf[master]: Allow whitelisted remote services
jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/338030 ) Change subject: Allow whitelisted remote services .. Allow whitelisted remote services Bug: T155127 Change-Id: Iae1b19c0f6674bb14db0fd5fb308f08e1e621f9d --- M blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java M blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/geo/GeoService.java M blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/label/LabelService.java M dist/src/script/runBlazegraph.sh 4 files changed, 81 insertions(+), 9 deletions(-) Approvals: Smalyshev: Looks good to me, approved jenkins-bot: Verified diff --git a/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java b/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java index c5d651d..7bf98ff 100644 --- a/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java +++ b/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java @@ -1,5 +1,11 @@ package org.wikidata.query.rdf.blazegraph; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.List; import java.util.Map; import javax.servlet.ServletContextEvent; @@ -24,6 +30,7 @@ import com.bigdata.bop.BOpContextBase; import com.bigdata.bop.IValueExpression; +import com.bigdata.rdf.graph.impl.bd.GASService; import com.bigdata.rdf.internal.IV; import com.bigdata.rdf.internal.constraints.DateBOp.DateOp; import com.bigdata.rdf.sail.sparql.PrefixDeclProcessor; @@ -34,31 +41,58 @@ import com.bigdata.rdf.sparql.ast.FunctionRegistry.Factory; import com.bigdata.rdf.sparql.ast.eval.AST2BOpUtility; import com.bigdata.rdf.sparql.ast.eval.AbstractServiceFactoryBase; +import com.bigdata.rdf.sparql.ast.eval.SampleServiceFactory; +import com.bigdata.rdf.sparql.ast.eval.SliceServiceFactory; +import com.bigdata.rdf.sparql.ast.eval.ValuesServiceFactory; import com.bigdata.rdf.sparql.ast.service.IServiceOptions; +import com.bigdata.rdf.sparql.ast.service.RemoteServiceFactoryImpl; import com.bigdata.rdf.sparql.ast.service.RemoteServiceOptions; +import com.bigdata.rdf.sparql.ast.service.SPARQLVersion; import com.bigdata.rdf.sparql.ast.service.ServiceCall; import com.bigdata.rdf.sparql.ast.service.ServiceCallCreateParams; +import com.bigdata.rdf.sparql.ast.service.ServiceFactory; import com.bigdata.rdf.sparql.ast.service.ServiceRegistry; -import com.bigdata.service.fts.FTS; +import com.bigdata.rdf.store.BDS; /** * Context listener to enact configurations we need on initialization. */ +@SuppressWarnings("checkstyle:classfanoutcomplexity") public class WikibaseContextListener extends BigdataRDFServletContextListener { private static final Logger log = LoggerFactory.getLogger(WikibaseContextListener.class); /** - * Replaces the default Blazegraph services with ones that do not allow - * remote services and a label resolution service. + * Default service whitelist filename. + */ +public static final String WHITELIST_DEFAULT = "whitelist.txt"; + +/** + * Whitelist configuration name. + */ +public static final String WHITELIST = System.getProperty("wikibaseServiceWhitelist", WHITELIST_DEFAULT); + +/** + * Initializes BG service setup to allow whitelisted services. + * Also add additional custom services and functions. */ public static void initializeServices() { -ServiceRegistry.getInstance().setDefaultServiceFactory(new DisableRemotesServiceFactory()); +// Enable service whitelisting +final ServiceRegistry reg = ServiceRegistry.getInstance(); +reg.setWhitelistEnabled(true); LabelService.register(); GeoService.register(); -// Remove FTS service for now since it allows arbitrary endpoints -ServiceRegistry.getInstance().remove(FTS.SEARCH); +// Whitelist services we like by default +reg.addWhitelistURL(GASService.Options.SERVICE_KEY.toString()); +reg.addWhitelistURL(ValuesServiceFactory.SERVICE_KEY.toString()); +reg.addWhitelistURL(BDS.SEARCH_IN_SEARCH.toString()); +reg.addWhitelistURL(SliceServiceFactory.SERVICE_KEY.toString()); +reg.addWhitelistURL(SampleServiceFactory.SERVICE_KEY.toString()); +loadWhitelist(reg); + +// Initialize remote services +reg.setDefaultServiceFactory(getDefaultServiceFactory()); // Override date functions so that we can handle them // via WikibaseDate @@ -103,6 +137,36 @@ } /** + * Get default service factory, with proper options. + * @return + */ +private static ServiceFactory getDefaultServiceFactory() { +final
[MediaWiki-commits] [Gerrit] wikidata...rdf[master]: Allow whitelisted remote services
Smalyshev has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/338030 ) Change subject: Allow whitelisted remote services .. Allow whitelisted remote services Bug: T155127 Change-Id: Iae1b19c0f6674bb14db0fd5fb308f08e1e621f9d --- M blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java M blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/geo/GeoService.java M blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/label/LabelService.java M dist/src/script/runBlazegraph.sh 4 files changed, 80 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/wikidata/query/rdf refs/changes/30/338030/1 diff --git a/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java b/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java index c5d651d..7bf98ff 100644 --- a/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java +++ b/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java @@ -1,5 +1,11 @@ package org.wikidata.query.rdf.blazegraph; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.List; import java.util.Map; import javax.servlet.ServletContextEvent; @@ -24,6 +30,7 @@ import com.bigdata.bop.BOpContextBase; import com.bigdata.bop.IValueExpression; +import com.bigdata.rdf.graph.impl.bd.GASService; import com.bigdata.rdf.internal.IV; import com.bigdata.rdf.internal.constraints.DateBOp.DateOp; import com.bigdata.rdf.sail.sparql.PrefixDeclProcessor; @@ -34,31 +41,58 @@ import com.bigdata.rdf.sparql.ast.FunctionRegistry.Factory; import com.bigdata.rdf.sparql.ast.eval.AST2BOpUtility; import com.bigdata.rdf.sparql.ast.eval.AbstractServiceFactoryBase; +import com.bigdata.rdf.sparql.ast.eval.SampleServiceFactory; +import com.bigdata.rdf.sparql.ast.eval.SliceServiceFactory; +import com.bigdata.rdf.sparql.ast.eval.ValuesServiceFactory; import com.bigdata.rdf.sparql.ast.service.IServiceOptions; +import com.bigdata.rdf.sparql.ast.service.RemoteServiceFactoryImpl; import com.bigdata.rdf.sparql.ast.service.RemoteServiceOptions; +import com.bigdata.rdf.sparql.ast.service.SPARQLVersion; import com.bigdata.rdf.sparql.ast.service.ServiceCall; import com.bigdata.rdf.sparql.ast.service.ServiceCallCreateParams; +import com.bigdata.rdf.sparql.ast.service.ServiceFactory; import com.bigdata.rdf.sparql.ast.service.ServiceRegistry; -import com.bigdata.service.fts.FTS; +import com.bigdata.rdf.store.BDS; /** * Context listener to enact configurations we need on initialization. */ +@SuppressWarnings("checkstyle:classfanoutcomplexity") public class WikibaseContextListener extends BigdataRDFServletContextListener { private static final Logger log = LoggerFactory.getLogger(WikibaseContextListener.class); /** - * Replaces the default Blazegraph services with ones that do not allow - * remote services and a label resolution service. + * Default service whitelist filename. + */ +public static final String WHITELIST_DEFAULT = "whitelist.txt"; + +/** + * Whitelist configuration name. + */ +public static final String WHITELIST = System.getProperty("wikibaseServiceWhitelist", WHITELIST_DEFAULT); + +/** + * Initializes BG service setup to allow whitelisted services. + * Also add additional custom services and functions. */ public static void initializeServices() { -ServiceRegistry.getInstance().setDefaultServiceFactory(new DisableRemotesServiceFactory()); +// Enable service whitelisting +final ServiceRegistry reg = ServiceRegistry.getInstance(); +reg.setWhitelistEnabled(true); LabelService.register(); GeoService.register(); -// Remove FTS service for now since it allows arbitrary endpoints -ServiceRegistry.getInstance().remove(FTS.SEARCH); +// Whitelist services we like by default +reg.addWhitelistURL(GASService.Options.SERVICE_KEY.toString()); +reg.addWhitelistURL(ValuesServiceFactory.SERVICE_KEY.toString()); +reg.addWhitelistURL(BDS.SEARCH_IN_SEARCH.toString()); +reg.addWhitelistURL(SliceServiceFactory.SERVICE_KEY.toString()); +reg.addWhitelistURL(SampleServiceFactory.SERVICE_KEY.toString()); +loadWhitelist(reg); + +// Initialize remote services +reg.setDefaultServiceFactory(getDefaultServiceFactory()); // Override date functions so that we can handle them // via WikibaseDate @@ -103,6 +137,36 @@ } /** + * Get default service factory, with proper options. + * @return + */ +private static ServiceFactory getDefaultServiceFactory() { +final