You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by sn...@apache.org on 2016/11/13 12:06:29 UTC
[3/6] cassandra git commit: Prevent reloading of logback.xml from UDF
sandbox
Prevent reloading of logback.xml from UDF sandbox
patch by Robert Stupp; reviewed by Carl Yeksigian for CASSANDRA-12535
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/8f15eb1b
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/8f15eb1b
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/8f15eb1b
Branch: refs/heads/trunk
Commit: 8f15eb1b717548816a9ee8314269d4d1e2ee7084
Parents: d6a3ef4
Author: Robert Stupp <sn...@snazy.de>
Authored: Sun Nov 13 12:39:02 2016 +0100
Committer: Robert Stupp <sn...@snazy-ds15.fritz.box>
Committed: Sun Nov 13 12:39:02 2016 +0100
----------------------------------------------------------------------
CHANGES.txt | 1 +
.../functions/ThreadAwareSecurityManager.java | 43 ++++++++++++++++++++
.../validation/operations/AggregationTest.java | 4 +-
3 files changed, 47 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8f15eb1b/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index eb53d02..2c3c60e 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.0.10
+ * Prevent reloading of logback.xml from UDF sandbox (CASSANDRA-12535)
* Disallow offheap_buffers memtable allocation (CASSANDRA-11039)
* Fix CommitLogSegmentManagerTest (CASSANDRA-12283)
* Pass root cause to CorruptBlockException when uncompression failed (CASSANDRA-12889)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8f15eb1b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
index b96c80f..676117d 100644
--- a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
+++ b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
@@ -29,6 +29,14 @@ import java.security.ProtectionDomain;
import java.util.Collections;
import java.util.Enumeration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import ch.qos.logback.classic.LoggerContext;
+import ch.qos.logback.classic.spi.TurboFilterList;
+import ch.qos.logback.classic.turbo.ReconfigureOnChangeFilter;
+import ch.qos.logback.classic.turbo.TurboFilter;
+
/**
* Custom {@link SecurityManager} and {@link Policy} implementation that only performs access checks
* if explicitly enabled.
@@ -69,9 +77,44 @@ public final class ThreadAwareSecurityManager extends SecurityManager
if (installed)
return;
System.setSecurityManager(new ThreadAwareSecurityManager());
+
+ Logger l = LoggerFactory.getLogger(ThreadAwareSecurityManager.class);
+ ch.qos.logback.classic.Logger logbackLogger = (ch.qos.logback.classic.Logger) l;
+ LoggerContext ctx = logbackLogger.getLoggerContext();
+
+ TurboFilterList turboFilterList = ctx.getTurboFilterList();
+ for (int i = 0; i < turboFilterList.size(); i++)
+ {
+ TurboFilter turboFilter = turboFilterList.get(i);
+ if (turboFilter instanceof ReconfigureOnChangeFilter)
+ {
+ ReconfigureOnChangeFilter reconfigureOnChangeFilter = (ReconfigureOnChangeFilter) turboFilter;
+ turboFilterList.set(i, new SMAwareReconfigureOnChangeFilter(reconfigureOnChangeFilter));
+ break;
+ }
+ }
+
installed = true;
}
+ /**
+ * The purpose of this class is
+ */
+ private static class SMAwareReconfigureOnChangeFilter extends ReconfigureOnChangeFilter
+ {
+ SMAwareReconfigureOnChangeFilter(ReconfigureOnChangeFilter reconfigureOnChangeFilter)
+ {
+ setRefreshPeriod(reconfigureOnChangeFilter.getRefreshPeriod());
+ }
+
+ protected boolean changeDetected(long now)
+ {
+ if (isSecuredThread())
+ return false;
+ return super.changeDetected(now);
+ }
+ }
+
static
{
//
http://git-wip-us.apache.org/repos/asf/cassandra/blob/8f15eb1b/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
----------------------------------------------------------------------
diff --git a/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java b/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
index 2e7dc1a..485a19b 100644
--- a/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
+++ b/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
@@ -1797,7 +1797,8 @@ public class AggregationTest extends CQLTester
" STYPE map<text,bigint>\n" +
" INITCOND { };");
- for (int i = 0; i < 1000; i++)
+ long tEnd = System.currentTimeMillis() + 150;
+ while (System.currentTimeMillis() < tEnd)
{
execute("SELECT " + releasesByCountry + "(country,title) FROM %s WHERE year=1980");
}
@@ -1820,6 +1821,7 @@ public class AggregationTest extends CQLTester
if (turboFilter instanceof ReconfigureOnChangeFilter)
{
ReconfigureOnChangeFilter reconfigureFilter = (ReconfigureOnChangeFilter) turboFilter;
+ reconfigureFilter.setContext(ctx);
reconfigureFilter.setRefreshPeriod(millis);
reconfigureFilter.stop();
reconfigureFilter.start(); // start() sets the next check timestammp