You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by ke...@apache.org on 2022/01/06 01:57:45 UTC
[dolphinscheduler] branch dev updated: fix this issue (#7828)
This is an automated email from the ASF dual-hosted git repository.
kerwin pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new a8d19f2 fix this issue (#7828)
a8d19f2 is described below
commit a8d19f271a40a0e0f4fe28bddb28f9941d13c703
Author: calvin <ji...@163.com>
AuthorDate: Thu Jan 6 09:57:31 2022 +0800
fix this issue (#7828)
---
.../api/service/impl/ProcessDefinitionServiceImpl.java | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java
index 20d109a..957d3ac 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java
@@ -900,9 +900,9 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
List<ProcessTaskRelationLog> processTaskRelationList = new ArrayList<>();
// for Zip Bomb Attack
- int THRESHOLD_ENTRIES = 10000;
- int THRESHOLD_SIZE = 1000000000; // 1 GB
- double THRESHOLD_RATIO = 10;
+ final int THRESHOLD_ENTRIES = 10000;
+ final int THRESHOLD_SIZE = 1000000000; // 1 GB
+ final double THRESHOLD_RATIO = 10;
int totalEntryArchive = 0;
int totalSizeEntry = 0;
// In most cases, there will be only one data source
@@ -921,7 +921,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
ZipEntry entry;
while ((entry = zIn.getNextEntry()) != null) {
- totalEntryArchive ++;
+ totalEntryArchive++;
int totalSizeArchive = 0;
if (!entry.isDirectory()) {
StringBuilder sql = new StringBuilder();
@@ -934,7 +934,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
totalSizeEntry += nBytes;
totalSizeArchive += nBytes;
long compressionRatio = totalSizeEntry / entry.getCompressedSize();
- if(compressionRatio > THRESHOLD_RATIO) {
+ if (compressionRatio > THRESHOLD_RATIO) {
throw new IllegalStateException("ratio between compressed and uncompressed data is highly suspicious, looks like a Zip Bomb Attack");
}
int commentIndex = line.indexOf("-- ");
@@ -995,11 +995,11 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
taskNameToUpstream.put(taskDefinition.getName(), upstreams);
}
- if(totalSizeArchive > THRESHOLD_SIZE) {
+ if (totalSizeArchive > THRESHOLD_SIZE) {
throw new IllegalStateException("the uncompressed data size is too much for the application resource capacity");
}
- if(totalEntryArchive > THRESHOLD_ENTRIES) {
+ if (totalEntryArchive > THRESHOLD_ENTRIES) {
throw new IllegalStateException("too much entries in this archive, can lead to inodes exhaustion of the system");
}
}
@@ -1166,6 +1166,8 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
}
processDefinition.setLocations(newArrayNode.toString());
}
+ processDefinition.setCreateTime(new Date());
+ processDefinition.setUpdateTime(new Date());
Map<String, Object> createDagResult = createDagDefine(loginUser, taskRelationLogList, processDefinition, Lists.newArrayList());
if (Status.SUCCESS.equals(createDagResult.get(Constants.STATUS))) {
putMsg(createDagResult, Status.SUCCESS);