You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@linkis.apache.org by pe...@apache.org on 2022/06/08 09:59:46 UTC
[incubator-linkis] branch dev-1.1.3 updated: linkis-jobhistory - add name check for params "creator" and "executeApplicationName" in method "list" (#2248)
This is an automated email from the ASF dual-hosted git repository.
peacewong pushed a commit to branch dev-1.1.3
in repository https://gitbox.apache.org/repos/asf/incubator-linkis.git
The following commit(s) were added to refs/heads/dev-1.1.3 by this push:
new 61c7e5633 linkis-jobhistory - add name check for params "creator" and "executeApplicationName" in method "list" (#2248)
61c7e5633 is described below
commit 61c7e5633b1f57a8ad949eb39271d94af0820dac
Author: Alexyang <xu...@qq.com>
AuthorDate: Wed Jun 8 17:59:39 2022 +0800
linkis-jobhistory - add name check for params "creator" and "executeApplicationName" in method "list" (#2248)
---
.../apache/linkis/jobhistory/restful/api/QueryRestfulApi.java | 11 +++++++++++
.../scala/org/apache/linkis/jobhistory/util/QueryUtils.scala | 9 +++++++++
2 files changed, 20 insertions(+)
diff --git a/linkis-public-enhancements/linkis-publicservice/linkis-jobhistory/src/main/java/org/apache/linkis/jobhistory/restful/api/QueryRestfulApi.java b/linkis-public-enhancements/linkis-publicservice/linkis-jobhistory/src/main/java/org/apache/linkis/jobhistory/restful/api/QueryRestfulApi.java
index a6cb35752..ede73423f 100644
--- a/linkis-public-enhancements/linkis-publicservice/linkis-jobhistory/src/main/java/org/apache/linkis/jobhistory/restful/api/QueryRestfulApi.java
+++ b/linkis-public-enhancements/linkis-publicservice/linkis-jobhistory/src/main/java/org/apache/linkis/jobhistory/restful/api/QueryRestfulApi.java
@@ -134,6 +134,17 @@ public class QueryRestfulApi {
}
if (StringUtils.isEmpty(creator)) {
creator = null;
+ } else {
+ if (!QueryUtils.checkNameValid(creator)) {
+ return Message.error("Invalid creator : " + creator);
+ }
+ }
+ if (!StringUtils.isEmpty(executeApplicationName)) {
+ if (!QueryUtils.checkNameValid(executeApplicationName)) {
+ return Message.error("Invalid applicationName : " + executeApplicationName);
+ }
+ } else {
+ executeApplicationName = null;
}
Date sDate = new Date(startDate);
Date eDate = new Date(endDate);
diff --git a/linkis-public-enhancements/linkis-publicservice/linkis-jobhistory/src/main/scala/org/apache/linkis/jobhistory/util/QueryUtils.scala b/linkis-public-enhancements/linkis-publicservice/linkis-jobhistory/src/main/scala/org/apache/linkis/jobhistory/util/QueryUtils.scala
index 27e3a7d05..d3cdf4a71 100644
--- a/linkis-public-enhancements/linkis-publicservice/linkis-jobhistory/src/main/scala/org/apache/linkis/jobhistory/util/QueryUtils.scala
+++ b/linkis-public-enhancements/linkis-publicservice/linkis-jobhistory/src/main/scala/org/apache/linkis/jobhistory/util/QueryUtils.scala
@@ -35,6 +35,8 @@ import org.apache.linkis.storage.utils.{FileSystemUtils, StorageUtils}
import org.apache.commons.io.IOUtils
import org.apache.commons.lang.time.DateFormatUtils
+import java.util.regex.Pattern
+
object QueryUtils extends Logging {
private val CODE_STORE_PREFIX = CommonVars("wds.linkis.query.store.prefix", "hdfs:///apps-data/bdp-ide/")
@@ -45,6 +47,8 @@ object QueryUtils extends Logging {
private val CHARSET = "utf-8"
private val CODE_SPLIT = ";"
private val LENGTH_SPLIT = "#"
+ private val NAME_REGEX = "^[a-zA-Z\\d_\\.]+$"
+ private val nameRegexPattern = Pattern.compile(NAME_REGEX)
private val dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS")
@@ -137,4 +141,9 @@ object QueryUtils extends Logging {
def dateToString(date: Date): String = {
dateFormat.format(date)
}
+
+ def checkNameValid(param: String): Boolean = {
+ nameRegexPattern.matcher(param).find()
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@linkis.apache.org
For additional commands, e-mail: commits-help@linkis.apache.org