This is an automated email from the ASF dual-hosted git repository. chia7712 pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/yunikorn-core.git
The following commit(s) were added to refs/heads/master by this push: new 119162ac [YUNIKORN-2718] Assert invalid user name in Get User REST API (#916) 119162ac is described below commit 119162ac5d36c4d22602e71d34a719d0c7489a3f Author: YUN SUN <yun.sun7...@gmail.com> AuthorDate: Thu Jul 18 10:55:12 2024 +0800 [YUNIKORN-2718] Assert invalid user name in Get User REST API (#916) Closes: #916 Signed-off-by: Chia-Ping Tsai <chia7...@gmail.com> --- pkg/webservice/handlers.go | 5 +++++ pkg/webservice/handlers_test.go | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/pkg/webservice/handlers.go b/pkg/webservice/handlers.go index 343986c8..9f89fe92 100644 --- a/pkg/webservice/handlers.go +++ b/pkg/webservice/handlers.go @@ -56,6 +56,7 @@ const ( PartitionDoesNotExists = "Partition not found" MissingParamsName = "Missing parameters" QueueDoesNotExists = "Queue not found" + InvalidUserName = "Invalid user name" UserDoesNotExists = "User not found" GroupDoesNotExists = "Group not found" UserNameMissing = "User name is missing" @@ -1100,6 +1101,10 @@ func getUserResourceUsage(w http.ResponseWriter, r *http.Request) { buildJSONErrorResponse(w, err.Error(), http.StatusBadRequest) return } + if !configs.UserRegExp.MatchString(unescapedUser) { + buildJSONErrorResponse(w, InvalidUserName, http.StatusBadRequest) + return + } userTracker := ugm.GetUserManager().GetUserTracker(unescapedUser) if userTracker == nil { buildJSONErrorResponse(w, UserDoesNotExists, http.StatusNotFound) diff --git a/pkg/webservice/handlers_test.go b/pkg/webservice/handlers_test.go index d770d9a4..2231ff98 100644 --- a/pkg/webservice/handlers_test.go +++ b/pkg/webservice/handlers_test.go @@ -1941,6 +1941,19 @@ func TestSpecificUserResourceUsage(t *testing.T) { assert.Equal(t, http.StatusBadRequest, resp.statusCode, statusCodeError) assert.Equal(t, errInfo.Message, "invalid URL escape \"%Zt\"", jsonMessageError) assert.Equal(t, errInfo.StatusCode, http.StatusBadRequest) + + // Test invalid user name that does not match UserRegExp + invalidUserName := "1InvalidUser" + req, err = createRequest(t, "/ws/v1/partition/default/usage/user/", map[string]string{"user": invalidUserName, "group": "testgroup"}) + assert.NilError(t, err) + resp = &MockResponseWriter{} + getUserResourceUsage(resp, req) + assert.Equal(t, http.StatusBadRequest, resp.statusCode) + var invalidUserError dao.YAPIError + err = json.Unmarshal(resp.outputBytes, &invalidUserError) + assert.NilError(t, err, unmarshalError) + assert.Equal(t, InvalidUserName, invalidUserError.Message) + assert.Equal(t, http.StatusBadRequest, invalidUserError.StatusCode) } func TestSpecificGroupResourceUsage(t *testing.T) { --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@yunikorn.apache.org For additional commands, e-mail: issues-h...@yunikorn.apache.org