You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ho...@apache.org on 2020/02/18 17:24:43 UTC
[lucene-solr] branch branch_7_7 updated: SOLR-13669: DIH: Add
System property toggle for use of dataConfig param (#1260)
This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch branch_7_7
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_7_7 by this push:
new 224c038 SOLR-13669: DIH: Add System property toggle for use of dataConfig param (#1260)
224c038 is described below
commit 224c038f9b9a40517ff5378971d3c8aac7c4aafa
Author: Houston Putman <ho...@apache.org>
AuthorDate: Tue Feb 18 12:24:31 2020 -0500
SOLR-13669: DIH: Add System property toggle for use of dataConfig param (#1260)
(cherry picked from commit 325824cd391c8e71f36f17d687f52344e50e9715)
Addresses CVE-2019-0193, backported from Solr 8.1.2
---
solr/CHANGES.txt | 2 ++
.../apache/solr/handler/dataimport/DataImportHandler.java | 11 ++++++++++-
.../dataimport/AbstractDataImportHandlerTestCase.java | 13 +++++--------
solr/core/src/java/org/apache/solr/core/PluginBag.java | 6 +++++-
...-xml-LICENSE-ASL.txt => simple-xml-safe-LICENSE-ASL.txt} | 0
...ctured-data-store-data-with-the-data-import-handler.adoc | 2 +-
6 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index bc21c8b..b1732de 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -53,6 +53,8 @@ Bug fixes
* SOLR-14025: VelocityResponseWriter has been hardened - only trusted configsets can render configset provided
templates and rendering templates from request parameters has been removed.
+* SOLR-13158: DataImportHandler: Added enable.dih.dataConfigParam system property to toggle whether the dataConfig param
+ is permitted. (David Smiley, janhoy, Tomás Fernández Löbbe)
================== 7.7.2 ==================
diff --git a/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImportHandler.java b/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImportHandler.java
index 71ee442..50938e4 100644
--- a/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImportHandler.java
+++ b/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImportHandler.java
@@ -80,6 +80,9 @@ public class DataImportHandler extends RequestHandlerBase implements
private static final String PARAM_WRITER_IMPL = "writerImpl";
private static final String DEFAULT_WRITER_NAME = "SolrWriter";
+ static final String ENABLE_DIH_DATA_CONFIG_PARAM = "enable.dih.dataConfigParam";
+
+ final boolean dataConfigParam_enabled = Boolean.getBoolean(ENABLE_DIH_DATA_CONFIG_PARAM);
public DataImporter getImporter() {
return this.importer;
@@ -134,7 +137,7 @@ public class DataImportHandler extends RequestHandlerBase implements
if (DataImporter.SHOW_CONF_CMD.equals(command)) {
String dataConfigFile = params.get("config");
- String dataConfig = params.get("dataConfig");
+ String dataConfig = params.get("dataConfig"); // needn't check dataConfigParam_enabled; we don't execute it
if(dataConfigFile != null) {
dataConfig = SolrWriter.getResourceAsString(req.getCore().getResourceLoader().openResource(dataConfigFile));
}
@@ -151,6 +154,12 @@ public class DataImportHandler extends RequestHandlerBase implements
return;
}
+ if (params.get("dataConfig") != null && dataConfigParam_enabled == false) {
+ throw new SolrException(SolrException.ErrorCode.FORBIDDEN,
+ "Use of the dataConfig param (DIH debug mode) requires the system property " +
+ ENABLE_DIH_DATA_CONFIG_PARAM + " because it's a security risk.");
+ }
+
rsp.add("initArgs", initArgs);
String message = "";
diff --git a/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/AbstractDataImportHandlerTestCase.java b/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/AbstractDataImportHandlerTestCase.java
index 7b8ff88..3674a3d 100644
--- a/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/AbstractDataImportHandlerTestCase.java
+++ b/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/AbstractDataImportHandlerTestCase.java
@@ -39,7 +39,7 @@ import org.apache.solr.update.MergeIndexesCommand;
import org.apache.solr.update.RollbackUpdateCommand;
import org.apache.solr.update.processor.UpdateRequestProcessor;
import org.apache.solr.update.processor.UpdateRequestProcessorFactory;
-import org.junit.Before;
+import org.junit.BeforeClass;
/**
* <p>
@@ -60,13 +60,10 @@ public abstract class AbstractDataImportHandlerTestCase extends
FileUtils.copyDirectory(getFile("dih/solr"), testHome);
initCore(config, schema, testHome.getAbsolutePath());
}
-
- @Override
- @Before
- public void setUp() throws Exception {
- super.setUp();
- File home = createTempDir("dih-properties").toFile();
- System.setProperty("solr.solr.home", home.getAbsolutePath());
+
+ @BeforeClass
+ public static void baseBeforeClass() {
+ System.setProperty(DataImportHandler.ENABLE_DIH_DATA_CONFIG_PARAM, "true");
}
protected String loadDataConfig(String dataConfigFileName) {
diff --git a/solr/core/src/java/org/apache/solr/core/PluginBag.java b/solr/core/src/java/org/apache/solr/core/PluginBag.java
index abd1a44..4eb3f2d 100644
--- a/solr/core/src/java/org/apache/solr/core/PluginBag.java
+++ b/solr/core/src/java/org/apache/solr/core/PluginBag.java
@@ -393,7 +393,7 @@ public class PluginBag<T> implements AutoCloseable {
this.core = core;
this.resourceLoader = loader;
if (loader instanceof MemClassLoader) {
- if (!"true".equals(System.getProperty("enable.runtime.lib"))) {
+ if (!RuntimeLib.isEnabled()) {
String s = "runtime library loading is not enabled, start Solr with -Denable.runtime.lib=true";
log.warn(s);
solrException = new SolrException(SolrException.ErrorCode.SERVER_ERROR, s);
@@ -493,6 +493,10 @@ public class PluginBag<T> implements AutoCloseable {
}
}
+ public static boolean isEnabled() {
+ return Boolean.getBoolean("enable.runtime.lib");
+ }
+
public String getName() {
return name;
}
diff --git a/solr/licenses/simple-xml-LICENSE-ASL.txt b/solr/licenses/simple-xml-safe-LICENSE-ASL.txt
similarity index 100%
rename from solr/licenses/simple-xml-LICENSE-ASL.txt
rename to solr/licenses/simple-xml-safe-LICENSE-ASL.txt
diff --git a/solr/solr-ref-guide/src/uploading-structured-data-store-data-with-the-data-import-handler.adoc b/solr/solr-ref-guide/src/uploading-structured-data-store-data-with-the-data-import-handler.adoc
index 37c949a..b859d95 100644
--- a/solr/solr-ref-guide/src/uploading-structured-data-store-data-with-the-data-import-handler.adoc
+++ b/solr/solr-ref-guide/src/uploading-structured-data-store-data-with-the-data-import-handler.adoc
@@ -116,7 +116,7 @@ This example shows how to extract fields from four tables defining a simple prod
Datasources can still be specified in `solrconfig.xml`. These must be specified in the defaults section of the handler in `solrconfig.xml`. However, these are not parsed until the main configuration is loaded.
-The entire configuration itself can be passed as a request parameter using the `dataConfig` parameter rather than using a file. When configuration errors are encountered, the error message is returned in XML format.
+The entire configuration itself can be passed as a request parameter using the `dataConfig` parameter rather than using a file. When configuration errors are encountered, the error message is returned in XML format. Due to security concerns, this only works if you start Solr with `-Denable.dih.dataConfigParam=true`.
A `reload-config` command is also supported, which is useful for validating a new configuration file, or if you want to specify a file, load it, and not have it reloaded again on import. If there is an `xml` mistake in the configuration a user-friendly message is returned in `xml` format. You can then fix the problem and do a `reload-config`.