You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@asterixdb.apache.org by AsterixDB Code Review <do...@asterix-gerrit.ics.uci.edu> on 2021/04/10 08:09:58 UTC
Change in asterixdb[cheshire-cat]: [NO ISSUE] Restrict UDF modification
From Ian Maxon <im...@uci.edu>:
Ian Maxon has uploaded this change for review. ( https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/11003 )
Change subject: [NO ISSUE] Restrict UDF modification
......................................................................
[NO ISSUE] Restrict UDF modification
Change-Id: I2cc23138793ae562cfa42c841b3bc4202391d9a1
---
M asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
1 file changed, 34 insertions(+), 2 deletions(-)
git pull ssh://asterix-gerrit.ics.uci.edu:29418/asterixdb refs/changes/03/11003/1
diff --git a/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java b/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
index fec0b38..877e725 100644
--- a/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
+++ b/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
@@ -295,14 +295,46 @@
responseWriter.flush();
}
+ private boolean isReqOnLoopBack(IServletRequest request, IServletResponse response) {
+ if (request.getLocalAddress() == null || !request.getLocalAddress().getAddress().isLoopbackAddress()) {
+ rejectNonLoopback(response);
+ return false;
+ }
+ return true;
+ }
+
+ protected List<String> getBadHeaders() {
+ return Collections.emptyList();
+ }
+
+ private boolean containsBadHeaders(IServletRequest request, IServletResponse response) {
+ List<String> badHeaders = getBadHeaders();
+ for (Map.Entry<String, String> header : request.getHttpRequest().headers()) {
+ if (badHeaders.contains(header.getKey())) {
+ rejectNonLoopback(response);
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private static void rejectNonLoopback(IServletResponse response) {
+ response.setStatus(HttpResponseStatus.FORBIDDEN);
+ response.writer().write("{ \"error\": \"Forbidden\" }");
+ }
+
@Override
protected void post(IServletRequest request, IServletResponse response) {
- handleModification(request, response, LibraryOperation.UPSERT);
+ if (isReqOnLoopBack(request, response) && !containsBadHeaders(request, response)) {
+ handleModification(request, response, LibraryOperation.UPSERT);
+ }
}
@Override
protected void delete(IServletRequest request, IServletResponse response) {
- handleModification(request, response, LibraryOperation.DELETE);
+ if (isReqOnLoopBack(request, response) && !containsBadHeaders(request, response)) {
+ handleModification(request, response, LibraryOperation.DELETE);
+ }
}
}
--
To view, visit https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/11003
To unsubscribe, or for help writing mail filters, visit https://asterix-gerrit.ics.uci.edu/settings
Gerrit-Project: asterixdb
Gerrit-Branch: cheshire-cat
Gerrit-Change-Id: I2cc23138793ae562cfa42c841b3bc4202391d9a1
Gerrit-Change-Number: 11003
Gerrit-PatchSet: 1
Gerrit-Owner: Ian Maxon <im...@uci.edu>
Gerrit-MessageType: newchange
Change in asterixdb[cheshire-cat]: [NO ISSUE] Restrict UDF modification
Posted by AsterixDB Code Review <do...@asterix-gerrit.ics.uci.edu>.
From Ian Maxon <im...@uci.edu>:
Hello Hussain Towaileb, Till Westmann, Ali Alsuliman, Jenkins, Michael Blow, Murtadha Hubail, Dmitry Lychagin,
I'd like you to reexamine a change. Please visit
https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/11003
to look at the new patch set (#6).
Change subject: [NO ISSUE] Restrict UDF modification
......................................................................
[NO ISSUE] Restrict UDF modification
Change-Id: I2cc23138793ae562cfa42c841b3bc4202391d9a1
---
M asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
M asterixdb/asterix-app/src/test/java/org/apache/asterix/test/common/TestExecutor.java
2 files changed, 47 insertions(+), 3 deletions(-)
git pull ssh://asterix-gerrit.ics.uci.edu:29418/asterixdb refs/changes/03/11003/6
--
To view, visit https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/11003
To unsubscribe, or for help writing mail filters, visit https://asterix-gerrit.ics.uci.edu/settings
Gerrit-Project: asterixdb
Gerrit-Branch: cheshire-cat
Gerrit-Change-Id: I2cc23138793ae562cfa42c841b3bc4202391d9a1
Gerrit-Change-Number: 11003
Gerrit-PatchSet: 6
Gerrit-Owner: Ian Maxon <im...@uci.edu>
Gerrit-Reviewer: Ali Alsuliman <al...@gmail.com>
Gerrit-Reviewer: Dmitry Lychagin <dm...@couchbase.com>
Gerrit-Reviewer: Hussain Towaileb <hu...@gmail.com>
Gerrit-Reviewer: Ian Maxon <im...@uci.edu>
Gerrit-Reviewer: Jenkins <je...@fulliautomatix.ics.uci.edu>
Gerrit-Reviewer: Michael Blow <mb...@apache.org>
Gerrit-Reviewer: Murtadha Hubail <mh...@apache.org>
Gerrit-Reviewer: Till Westmann <ti...@apache.org>
Gerrit-CC: Anon. E. Moose #1000171
Gerrit-MessageType: newpatchset
Change in asterixdb[cheshire-cat]: [NO ISSUE] Restrict UDF modification
Posted by AsterixDB Code Review <do...@asterix-gerrit.ics.uci.edu>.
From Ian Maxon <im...@uci.edu>:
Ian Maxon has uploaded this change for review. ( https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/11003 )
Change subject: [NO ISSUE] Restrict UDF modification
......................................................................
[NO ISSUE] Restrict UDF modification
Change-Id: I2cc23138793ae562cfa42c841b3bc4202391d9a1
---
M asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
1 file changed, 34 insertions(+), 2 deletions(-)
git pull ssh://asterix-gerrit.ics.uci.edu:29418/asterixdb refs/changes/03/11003/1
diff --git a/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java b/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
index fec0b38..877e725 100644
--- a/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
+++ b/asterixdb/asterix-app/src/main/java/org/apache/asterix/api/http/server/NCUdfApiServlet.java
@@ -295,14 +295,46 @@
responseWriter.flush();
}
+ private boolean isReqOnLoopBack(IServletRequest request, IServletResponse response) {
+ if (request.getLocalAddress() == null || !request.getLocalAddress().getAddress().isLoopbackAddress()) {
+ rejectNonLoopback(response);
+ return false;
+ }
+ return true;
+ }
+
+ protected List<String> getBadHeaders() {
+ return Collections.emptyList();
+ }
+
+ private boolean containsBadHeaders(IServletRequest request, IServletResponse response) {
+ List<String> badHeaders = getBadHeaders();
+ for (Map.Entry<String, String> header : request.getHttpRequest().headers()) {
+ if (badHeaders.contains(header.getKey())) {
+ rejectNonLoopback(response);
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private static void rejectNonLoopback(IServletResponse response) {
+ response.setStatus(HttpResponseStatus.FORBIDDEN);
+ response.writer().write("{ \"error\": \"Forbidden\" }");
+ }
+
@Override
protected void post(IServletRequest request, IServletResponse response) {
- handleModification(request, response, LibraryOperation.UPSERT);
+ if (isReqOnLoopBack(request, response) && !containsBadHeaders(request, response)) {
+ handleModification(request, response, LibraryOperation.UPSERT);
+ }
}
@Override
protected void delete(IServletRequest request, IServletResponse response) {
- handleModification(request, response, LibraryOperation.DELETE);
+ if (isReqOnLoopBack(request, response) && !containsBadHeaders(request, response)) {
+ handleModification(request, response, LibraryOperation.DELETE);
+ }
}
}
--
To view, visit https://asterix-gerrit.ics.uci.edu/c/asterixdb/+/11003
To unsubscribe, or for help writing mail filters, visit https://asterix-gerrit.ics.uci.edu/settings
Gerrit-Project: asterixdb
Gerrit-Branch: cheshire-cat
Gerrit-Change-Id: I2cc23138793ae562cfa42c841b3bc4202391d9a1
Gerrit-Change-Number: 11003
Gerrit-PatchSet: 1
Gerrit-Owner: Ian Maxon <im...@uci.edu>
Gerrit-MessageType: newchange