You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by le...@apache.org on 2022/07/03 09:10:24 UTC

[dolphinscheduler] branch 2.0.6-prepare updated: [Cherry-pick] pick 8811/9020/9834 from dev to 206 (#10744)

This is an automated email from the ASF dual-hosted git repository.

leonbao pushed a commit to branch 2.0.6-prepare
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/2.0.6-prepare by this push:
     new 51efcbffc0 [Cherry-pick] pick 8811/9020/9834 from dev to 206 (#10744)
51efcbffc0 is described below

commit 51efcbffc0ed339be75c12fae17aa593cba2782c
Author: JinYong Li <42...@users.noreply.github.com>
AuthorDate: Sun Jul 3 17:10:14 2022 +0800

    [Cherry-pick] pick 8811/9020/9834 from dev to 206 (#10744)
    
    * issue 8645 (#8811)
    
    Co-authored-by: 北笙 <“zhanqian@cai-inc.com”>
    Co-authored-by: zhanqian <zh...@cai-inc.com>
    
    * [fix-8929][DAO]Description Failed to upload the file because the full name was too long (#9020)
    
    * [fix-8929][DAO]Description Failed to upload the file because the full name was too long
    
    * [DS-#8929][fix]Description Failed to upload the file because the full name was too long
    
    * [DS-#8929][fix]Description Failed to upload the file because the full name was too long
    
    * [DS-#8929][fix]Description Failed to upload the file because the full name was too long
    
    Co-authored-by: houshuai <ho...@jiguang.cn>
    
    * [BUG][ALERT-SERVER]validate script before alert script (#9834)
    
    * validate script before alert script
    
    * fix validate script before alert script
    
    * pick 8811/9020/9834
    
    Co-authored-by: zhanqian <36...@qq.com>
    Co-authored-by: 北笙 <“zhanqian@cai-inc.com”>
    Co-authored-by: zhanqian <zh...@cai-inc.com>
    Co-authored-by: shuai hou <12...@qq.com>
    Co-authored-by: houshuai <ho...@jiguang.cn>
    Co-authored-by: Tq <ti...@gmail.com>
    Co-authored-by: JinyLeeChina <ji...@foxmail.com>
---
 .../plugin/alert/script/ScriptSender.java          | 19 +++++++++-
 .../service/impl/ProcessDefinitionServiceImpl.java | 10 +++--
 .../src/main/resources/sql/dolphinscheduler_h2.sql |  2 +-
 .../main/resources/sql/dolphinscheduler_mysql.sql  |  2 +-
 .../resources/sql/dolphinscheduler_postgresql.sql  |  2 +-
 .../2.0.6_schema/mysql/dolphinscheduler_ddl.sql    | 38 +++++++++++++++++++
 .../2.0.6_schema/mysql/dolphinscheduler_dml.sql    | 16 ++++++++
 .../postgresql/dolphinscheduler_ddl.sql            | 44 ++++++++++++++++++++++
 .../postgresql/dolphinscheduler_dml.sql            | 17 +++++++++
 script/dolphinscheduler-daemon.sh                  |  2 +-
 10 files changed, 143 insertions(+), 9 deletions(-)

diff --git a/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java b/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java
index a4dbe1eabc..0d422f279b 100644
--- a/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java
+++ b/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java
@@ -18,11 +18,11 @@
 package org.apache.dolphinscheduler.plugin.alert.script;
 
 import org.apache.dolphinscheduler.alert.api.AlertResult;
+import org.slf4j.Logger;
 
+import java.io.File;
 import java.util.Map;
 
-import org.slf4j.Logger;
-
 public final class ScriptSender {
     private static final Logger log = org.slf4j.LoggerFactory.getLogger(ScriptSender.class);
     private static final String ALERT_TITLE_OPTION = " -t ";
@@ -53,6 +53,21 @@ public final class ScriptSender {
             alertResult.setMessage("shell script not support windows os");
             return alertResult;
         }
+        //validate script path in case of injections
+        File shellScriptFile = new File(scriptPath);
+        //validate existence
+        if (!shellScriptFile.exists()) {
+            logger.error("shell script not exist : {}", scriptPath);
+            alertResult.setMessage("shell script not exist : " + scriptPath);
+            return alertResult;
+        }
+        //validate is file
+        if (!shellScriptFile.isFile()) {
+            logger.error("shell script is not a file : {}", scriptPath);
+            alertResult.setMessage("shell script is not a file : " + scriptPath);
+            return alertResult;
+        }
+
         String[] cmd = {"/bin/sh", "-c", scriptPath + ALERT_TITLE_OPTION + "'" + title + "'" + ALERT_CONTENT_OPTION + "'" + content + "'" + ALERT_USER_PARAMS_OPTION + "'" + userParams + "'"};
         int exitCode = ProcessUtils.executeScript(cmd);
 
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java
index b5fd941c87..cc7a437eff 100644
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java
@@ -925,16 +925,20 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
             return false;
         }
         ProcessDefinition processDefinition = dagDataSchedule.getProcessDefinition();
+
+        // generate import processDefinitionName
+        String processDefinitionName = recursionProcessDefinitionName(projectCode, processDefinition.getName(), 1);
+        String importProcessDefinitionName = processDefinitionName + "_import_" + DateUtils.getCurrentTimeStamp();
+
         //unique check
-        Map<String, Object> checkResult = verifyProcessDefinitionName(loginUser, projectCode, processDefinition.getName());
+        Map<String, Object> checkResult = verifyProcessDefinitionName(loginUser, projectCode, importProcessDefinitionName);
         if (Status.SUCCESS.equals(checkResult.get(Constants.STATUS))) {
             putMsg(result, Status.SUCCESS);
         } else {
             result.putAll(checkResult);
             return false;
         }
-        String processDefinitionName = recursionProcessDefinitionName(projectCode, processDefinition.getName(), 1);
-        processDefinition.setName(processDefinitionName + "_import_" + DateUtils.getCurrentTimeStamp());
+        processDefinition.setName(importProcessDefinitionName);
         processDefinition.setId(0);
         processDefinition.setProjectCode(projectCode);
         processDefinition.setUserId(loginUser.getId());
diff --git a/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_h2.sql b/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_h2.sql
index 66862e11d9..c75ad0313b 100644
--- a/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_h2.sql
+++ b/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_h2.sql
@@ -755,7 +755,7 @@ CREATE TABLE t_ds_resources
     create_time  datetime     DEFAULT NULL,
     update_time  datetime     DEFAULT NULL,
     pid          int(11) DEFAULT NULL,
-    full_name    varchar(64)  DEFAULT NULL,
+    full_name    varchar(128)  DEFAULT NULL,
     is_directory tinyint(4) DEFAULT NULL,
     PRIMARY KEY (id),
     UNIQUE KEY t_ds_resources_un (full_name, type)
diff --git a/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_mysql.sql b/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_mysql.sql
index 5f47551fc5..a58ac66dd6 100644
--- a/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_mysql.sql
+++ b/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_mysql.sql
@@ -749,7 +749,7 @@ CREATE TABLE `t_ds_resources` (
   `create_time` datetime DEFAULT NULL COMMENT 'create time',
   `update_time` datetime DEFAULT NULL COMMENT 'update time',
   `pid` int(11) DEFAULT NULL,
-  `full_name` varchar(64) DEFAULT NULL,
+  `full_name` varchar(128) DEFAULT NULL,
   `is_directory` tinyint(4) DEFAULT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `t_ds_resources_un` (`full_name`,`type`)
diff --git a/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_postgresql.sql b/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_postgresql.sql
index 82bb412a6b..93c552f95e 100644
--- a/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_postgresql.sql
+++ b/dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_postgresql.sql
@@ -640,7 +640,7 @@ CREATE TABLE t_ds_resources (
   create_time timestamp DEFAULT NULL ,
   update_time timestamp DEFAULT NULL ,
   pid int,
-  full_name varchar(64),
+  full_name varchar(128),
   is_directory boolean DEFAULT FALSE,
   PRIMARY KEY (id),
   CONSTRAINT t_ds_resources_un UNIQUE (full_name, type)
diff --git a/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/mysql/dolphinscheduler_ddl.sql b/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/mysql/dolphinscheduler_ddl.sql
new file mode 100644
index 0000000000..45f8acd4da
--- /dev/null
+++ b/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/mysql/dolphinscheduler_ddl.sql
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+SET sql_mode=(SELECT REPLACE(@@sql_mode,'ONLY_FULL_GROUP_BY',''));
+
+-- uc_dolphin_T_t_ds_resources_R_full_name
+drop PROCEDURE if EXISTS uc_dolphin_T_t_ds_resources_R_full_name;
+delimiter d//
+CREATE PROCEDURE uc_dolphin_T_t_ds_resources_R_full_name()
+BEGIN
+    IF EXISTS (SELECT 1 FROM information_schema.COLUMNS
+        WHERE TABLE_NAME='t_ds_resources'
+        AND TABLE_SCHEMA=(SELECT DATABASE())
+        AND COLUMN_NAME ='full_name')
+    THEN
+ALTER TABLE t_ds_resources MODIFY COLUMN `full_name` varchar(128);
+END IF;
+END;
+
+d//
+
+delimiter ;
+CALL uc_dolphin_T_t_ds_resources_R_full_name;
+DROP PROCEDURE uc_dolphin_T_t_ds_resources_R_full_name;
diff --git a/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/mysql/dolphinscheduler_dml.sql b/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/mysql/dolphinscheduler_dml.sql
new file mode 100644
index 0000000000..4a14f326b9
--- /dev/null
+++ b/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/mysql/dolphinscheduler_dml.sql
@@ -0,0 +1,16 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
diff --git a/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/postgresql/dolphinscheduler_ddl.sql b/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/postgresql/dolphinscheduler_ddl.sql
new file mode 100644
index 0000000000..14a20fcd8e
--- /dev/null
+++ b/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/postgresql/dolphinscheduler_ddl.sql
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+delimiter d//
+CREATE OR REPLACE FUNCTION public.dolphin_update_metadata(
+    )
+    RETURNS character varying
+    LANGUAGE 'plpgsql'
+    COST 100
+    VOLATILE PARALLEL UNSAFE
+AS $BODY$
+DECLARE
+    v_schema varchar;
+BEGIN
+    ---get schema name
+    v_schema =current_schema();
+
+    --- alter column
+    EXECUTE 'ALTER TABLE ' || quote_ident(v_schema) ||'.t_ds_resources ALTER COLUMN full_name Type varchar(128)';
+
+    return 'Success!';
+    exception when others then
+        ---Raise EXCEPTION '(%)',SQLERRM;
+        return SQLERRM;
+END;
+$BODY$;
+
+select dolphin_update_metadata();
+
+d//
\ No newline at end of file
diff --git a/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/postgresql/dolphinscheduler_dml.sql b/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/postgresql/dolphinscheduler_dml.sql
new file mode 100644
index 0000000000..5f26e3515d
--- /dev/null
+++ b/dolphinscheduler-dao/src/main/resources/sql/upgrade/2.0.6_schema/postgresql/dolphinscheduler_dml.sql
@@ -0,0 +1,17 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
diff --git a/script/dolphinscheduler-daemon.sh b/script/dolphinscheduler-daemon.sh
index d26ec85c0c..c2823f04ea 100755
--- a/script/dolphinscheduler-daemon.sh
+++ b/script/dolphinscheduler-daemon.sh
@@ -35,7 +35,7 @@ BIN_DIR=`dirname $0`
 BIN_DIR=`cd "$BIN_DIR"; pwd`
 export DOLPHINSCHEDULER_HOME=`cd "$BIN_DIR/.."; pwd`
 
-chmod -R 700 ${DOLPHINSCHEDULER_HOME}/config
+chmod -R 700 ${DOLPHINSCHEDULER_HOME}/conf/config
 source /etc/profile
 set -a
 source "${DOLPHINSCHEDULER_HOME}/conf/env/dolphinscheduler_env.sh"