You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by us...@apache.org on 2018/02/18 21:42:33 UTC
lucene-solr:branch_7x: SOLR-11971: Don't allow referal to external
resources in DataImportHandler's dataConfig request parameter
Repository: lucene-solr
Updated Branches:
refs/heads/branch_7x a9435219d -> 739a79338
SOLR-11971: Don't allow referal to external resources in DataImportHandler's dataConfig request parameter
Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/739a7933
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/739a7933
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/739a7933
Branch: refs/heads/branch_7x
Commit: 739a79338856599084617d44b6a1b424af059aa1
Parents: a943521
Author: Uwe Schindler <us...@apache.org>
Authored: Sun Feb 18 22:41:06 2018 +0100
Committer: Uwe Schindler <us...@apache.org>
Committed: Sun Feb 18 22:42:15 2018 +0100
----------------------------------------------------------------------
solr/CHANGES.txt | 3 +++
.../solr/handler/dataimport/DataImporter.java | 17 +++++++++++++----
.../handler/dataimport/TestErrorHandling.java | 20 ++++++++++++++++++++
3 files changed, 36 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/739a7933/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index de1a65d..55e38de 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -194,6 +194,9 @@ Bug Fixes
* SOLR-11988: Fix exists() method in EphemeralDirectoryFactory/MockDirectoryFactory to prevent false positives (hossman)
+* SOLR-11971: Don't allow referal to external resources in DataImportHandler's dataConfig request parameter.
+ (麦 香浓郁, Uwe Schindler)
+
Optimizations
----------------------
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/739a7933/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImporter.java
----------------------------------------------------------------------
diff --git a/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImporter.java b/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImporter.java
index a49b4f6..4825fd1 100644
--- a/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImporter.java
+++ b/solr/contrib/dataimporthandler/src/java/org/apache/solr/handler/dataimport/DataImporter.java
@@ -16,6 +16,7 @@
*/
package org.apache.solr.handler.dataimport;
+import org.apache.solr.common.EmptyEntityResolver;
import org.apache.solr.common.SolrException;
import org.apache.solr.core.SolrCore;
import org.apache.solr.schema.IndexSchema;
@@ -178,11 +179,11 @@ public class DataImporter {
/**
* Used by tests
*/
- public void loadAndInit(String configStr) {
+ void loadAndInit(String configStr) {
config = loadDataConfig(new InputSource(new StringReader(configStr)));
}
- public void loadAndInit(InputSource configFile) {
+ void loadAndInit(InputSource configFile) {
config = loadDataConfig(configFile);
}
@@ -191,8 +192,10 @@ public class DataImporter {
DIHConfiguration dihcfg = null;
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setValidating(false);
- // only enable xinclude, if a a SolrCore and SystemId is present (makes no sense otherwise)
+ // only enable xinclude, if XML is coming from safe source (local file)
+ // and a a SolrCore and SystemId is present (makes no sense otherwise):
if (core != null && configFile.getSystemId() != null) {
try {
dbf.setXIncludeAware(true);
@@ -203,8 +206,14 @@ public class DataImporter {
}
DocumentBuilder builder = dbf.newDocumentBuilder();
- if (core != null)
+ // only enable xinclude / external entities, if XML is coming from
+ // safe source (local file) and a a SolrCore and SystemId is present:
+ if (core != null && configFile.getSystemId() != null) {
builder.setEntityResolver(new SystemIdResolver(core.getResourceLoader()));
+ } else {
+ // Don't allow external entities without having a system ID:
+ builder.setEntityResolver(EmptyEntityResolver.SAX_INSTANCE);
+ }
builder.setErrorHandler(XMLLOG);
Document document;
try {
http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/739a7933/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestErrorHandling.java
----------------------------------------------------------------------
diff --git a/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestErrorHandling.java b/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestErrorHandling.java
index 74eaf9e..1ea1ad4 100644
--- a/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestErrorHandling.java
+++ b/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestErrorHandling.java
@@ -89,6 +89,13 @@ public class TestErrorHandling extends AbstractDataImportHandlerTestCase {
assertQ(req("*:*"), "//*[@numFound='3']");
}
+ public void testExternalEntity() throws Exception {
+ StringDataSource.xml = wellformedXml;
+ // This should not fail as external entities are replaced by an empty string during parsing:
+ runFullImport(dataConfigWithEntity);
+ assertQ(req("*:*"), "//*[@numFound='3']");
+ }
+
public static class StringDataSource extends DataSource<Reader> {
public static String xml = "";
@@ -157,6 +164,19 @@ public class TestErrorHandling extends AbstractDataImportHandlerTestCase {
" </document>\n" +
"</dataConfig>";
+ private String dataConfigWithEntity = "<!DOCTYPE dataConfig [\n" +
+ " <!ENTITY internalTerm \"node\">\n" +
+ " <!ENTITY externalTerm SYSTEM \"foo://bar.xyz/external\">\n" +
+ "]><dataConfig>\n" +
+ " <dataSource name=\"str\" type=\"TestErrorHandling$StringDataSource\" />" +
+ " <document>\n" +
+ " <entity name=\"&internalTerm;\" dataSource=\"str\" processor=\"XPathEntityProcessor\" url=\"test\" forEach=\"/root/node\" onError=\"skip\">\n" +
+ " <field column=\"id\" xpath=\"/root/node/id\">&externalTerm;</field>\n" +
+ " <field column=\"desc\" xpath=\"/root/node/desc\" />\n" +
+ " </entity>\n" +
+ " </document>\n" +
+ "</dataConfig>";
+
private String malformedXml = "<root>\n" +
" <node>\n" +
" <id>1</id>\n" +