You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by ni...@apache.org on 2020/02/07 08:04:30 UTC
[kylin] 03/15: Ensure the validity of http header from concated
string
This is an automated email from the ASF dual-hosted git repository.
nic pushed a commit to branch 2.6.x
in repository https://gitbox.apache.org/repos/asf/kylin.git
commit b2c529df507e5a5b8447908d4405e1d9ceacf9f1
Author: nichunen <ni...@apache.org>
AuthorDate: Mon Jan 13 13:17:15 2020 +0800
Ensure the validity of http header from concated string
---
.../java/org/apache/kylin/rest/controller/CubeController.java | 3 ++-
.../java/org/apache/kylin/rest/controller/QueryController.java | 10 ++++++----
.../src/main/java/org/apache/kylin/rest/util/ValidateUtil.java | 8 ++++++--
3 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java
index f664e66..dceb39d 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java
@@ -852,7 +852,8 @@ public class CubeController extends BasicController {
}
response.setContentType("text/json;charset=utf-8");
- response.setHeader("Content-Disposition", "attachment; filename=\"" + cubeName + ".json\"");
+ response.setHeader("Content-Disposition",
+ "attachment; filename=\"" + ValidateUtil.convertStringToBeAlphanumericUnderscore(cubeName) + ".json\"");
try (PrintWriter writer = response.getWriter()) {
writer.write(JsonUtil.writeValueAsString(dimensionSetList));
} catch (IOException e) {
diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
index 6b56e91..da0a1e5 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
@@ -49,6 +49,7 @@ import org.apache.kylin.rest.request.SQLRequest;
import org.apache.kylin.rest.request.SaveSqlRequest;
import org.apache.kylin.rest.response.SQLResponse;
import org.apache.kylin.rest.service.QueryService;
+import org.apache.kylin.rest.util.ValidateUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -77,14 +78,13 @@ public class QueryController extends BasicController {
@SuppressWarnings("unused")
private static final Logger logger = LoggerFactory.getLogger(QueryController.class);
-
+ private static String BOM_CHARACTER;
@Autowired
@Qualifier("queryService")
private QueryService queryService;
- private static String BOM_CHARACTER;
{
- BOM_CHARACTER = new String(new byte[]{(byte) 0xEF, (byte) 0xBB, (byte) 0xBF}, StandardCharsets.UTF_8);
+ BOM_CHARACTER = new String(new byte[] { (byte) 0xEF, (byte) 0xBB, (byte) 0xBF }, StandardCharsets.UTF_8);
}
@RequestMapping(value = "/query", method = RequestMethod.POST, produces = { "application/json" })
@@ -148,7 +148,9 @@ public class QueryController extends BasicController {
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmssSSS", Locale.ROOT);
Date now = new Date();
String nowStr = sdf.format(now);
- response.setHeader("Content-Disposition", "attachment; filename=\"" + nowStr + ".result." + format + "\"");
+ response.setHeader("Content-Disposition",
+ "attachment; filename=\"" + ValidateUtil.convertStringToBeAlphanumericUnderscore(nowStr) + ".result."
+ + ValidateUtil.convertStringToBeAlphanumericUnderscore(format) + "\"");
ICsvListWriter csvWriter = null;
try {
diff --git a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
index 1d56a71..bda2628 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
@@ -50,7 +50,7 @@ import com.google.common.base.Preconditions;
@Component("validateUtil")
public class ValidateUtil {
- private final static Pattern alphaNumUnderscorePattren = Pattern.compile("[a-zA-Z0-9_]+");
+ private final static Pattern alphaNumUnderscorePattern = Pattern.compile("[a-zA-Z0-9_]+");
@Autowired
@Qualifier("tableService")
@@ -73,7 +73,11 @@ public class ValidateUtil {
private IUserGroupService userGroupService;
public static boolean isAlphanumericUnderscore(String toCheck) {
- return toCheck == null ? false : alphaNumUnderscorePattren.matcher(toCheck).matches();
+ return toCheck != null && alphaNumUnderscorePattern.matcher(toCheck).matches();
+ }
+
+ public static String convertStringToBeAlphanumericUnderscore(String toBeConverted) {
+ return toBeConverted.replaceAll("[^a-zA-Z0-9_]", "");
}
public void checkIdentifiersExists(String name, boolean isPrincipal) throws IOException {