You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ja...@apache.org on 2023/11/07 20:25:22 UTC

(solr) branch branch_9x updated: SOLR-16907: Fail when parsing an invalid custom permission definition from security.json (#2040)

This is an automated email from the ASF dual-hosted git repository.

janhoy pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9x by this push:
     new ce1935ff8bc SOLR-16907: Fail when parsing an invalid custom permission definition from security.json (#2040)
ce1935ff8bc is described below

commit ce1935ff8bc9024327f40ecfe48f39d7b249f39b
Author: Jan Høydahl <ja...@apache.org>
AuthorDate: Tue Nov 7 17:27:13 2023 +0100

    SOLR-16907: Fail when parsing an invalid custom permission definition from security.json (#2040)
    
    (cherry picked from commit 2062d057c003e4113b09b8e6aab49caa134b4a7c)
---
 solr/CHANGES.txt                                   |  4 +-
 .../java/org/apache/solr/security/Permission.java  | 23 ++++++----
 .../org/apache/solr/security/PermissionTest.java   | 49 ++++++++++++++++++++++
 3 files changed, 68 insertions(+), 8 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index ba59b59bcd5..42e53988f3c 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -18,6 +18,8 @@ Improvements
 * SOLR-16924: RESTORECORE now sets the UpdateLog to ACTIVE state instead of requiring a separate
   REQUESTAPPLYUPDATES call in Collection restore.  (Julia Lamoine, David Smiley)
 
+* SOLR-16907: Fail when parsing an invalid custom permission definition from security.json (janhoy, Uwe Schindler)
+
 * SOLR-17046: SchemaCodecFactory is now the implicit default codec factory.  (hossman)
 
 * SOLR-16943: Extend Solr client tracing coverage to both Jetty Client and Apache HttpClient (Alex Deparvu, David Smiley)
@@ -35,7 +37,7 @@ Bug Fixes
 
 * SOLR-17039: Entropy calculation in bin/solr script fails in Docker due to missing 'bc' cmd (janhoy)
 
-* SOLR-17045: DenseVectorField w/ vectorDimension > 1024 now work automatically with _default configset, due to 
+* SOLR-17045: DenseVectorField w/ vectorDimension > 1024 now work automatically with _default configset, due to
   implicit use of SchemaCodecFactory.  (hossman)
 
 Dependency Upgrades
diff --git a/solr/core/src/java/org/apache/solr/security/Permission.java b/solr/core/src/java/org/apache/solr/security/Permission.java
index 95e83f0d5e4..a93020b7bf6 100644
--- a/solr/core/src/java/org/apache/solr/security/Permission.java
+++ b/solr/core/src/java/org/apache/solr/security/Permission.java
@@ -31,7 +31,9 @@ import java.util.Set;
 import java.util.function.Function;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import org.apache.solr.common.SolrException;
+import org.apache.solr.common.params.CommonParams;
 import org.apache.solr.common.util.Utils;
 
 class Permission {
@@ -52,18 +54,20 @@ class Permission {
     p.role = readValueAsSet(m, "role");
     if (PermissionNameProvider.Name.get(name) != null) {
       p.wellknownName = PermissionNameProvider.Name.get(name);
-      HashSet<String> disAllowed = new HashSet<>(knownKeys);
-      disAllowed.remove("role"); // these are the only
-      disAllowed.remove(NAME); // allowed keys for well-known permissions
-      disAllowed.remove("collection"); // allowed keys for well-known permissions
-      disAllowed.remove("index");
-      for (String s : disAllowed) {
+      for (String s : customPermissionAdditionalKeys) {
         if (m.containsKey(s))
           throw new SolrException(
               SolrException.ErrorCode.BAD_REQUEST,
               s + " is not a valid key for the permission : " + name);
       }
+    } else if (!m.containsKey(CommonParams.PATH)) {
+      throw new SolrException(
+          SolrException.ErrorCode.BAD_REQUEST,
+          "Permission with name "
+              + name
+              + " is neither a pre-defined permission nor qualifies as a custom permission");
     }
+
     p.name = name;
     p.path = readSetSmart(name, m, "path");
     p.collections = readSetSmart(name, m, "collection");
@@ -160,7 +164,12 @@ class Permission {
     return Utils.toJSONString(originalConfig);
   }
 
+  static final Set<String> predefinedPermissionAllowedKeys =
+      Set.of("collection", "role", NAME, "index");
+  static final Set<String> customPermissionAdditionalKeys = Set.of("method", "path", "params");
   static final Set<String> knownKeys =
-      Set.of("collection", "role", "params", "path", "method", NAME, "index");
+      Stream.concat(
+              predefinedPermissionAllowedKeys.stream(), customPermissionAdditionalKeys.stream())
+          .collect(Collectors.toUnmodifiableSet());
   public static final Set<String> HTTP_METHODS = Set.of("GET", "POST", "DELETE", "PUT", "HEAD");
 }
diff --git a/solr/core/src/test/org/apache/solr/security/PermissionTest.java b/solr/core/src/test/org/apache/solr/security/PermissionTest.java
new file mode 100644
index 00000000000..4d44cb30dfb
--- /dev/null
+++ b/solr/core/src/test/org/apache/solr/security/PermissionTest.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.solr.security;
+
+import java.util.Map;
+import java.util.Set;
+import org.apache.solr.SolrTestCaseJ4;
+import org.apache.solr.common.SolrException;
+
+public class PermissionTest extends SolrTestCaseJ4 {
+
+  public void testLoad() {
+    // Valid, currently predefined permissions
+    for (String name : Set.of("read", "zk-read")) {
+      Permission.load(Map.of("name", name, "role", "admin"));
+    }
+    // Invalid custom permissions (some of which were old valid predefined)
+    for (String name :
+        Set.of("metrics-history-read", "autoscaling-read", "autoscaling-write", "invalid-custom")) {
+      SolrException e =
+          assertThrows(
+              SolrException.class, () -> Permission.load(Map.of("name", name, "role", "admin")));
+      assertTrue(
+          e.getMessage()
+              .contains(
+                  "Permission with name "
+                      + name
+                      + " is neither a pre-defined permission nor qualifies as a custom permission"));
+    }
+    // Valid custom permissions
+    for (String name : Set.of("valid-custom")) {
+      Permission.load(Map.of("name", name, "role", "admin", "path", "/foo"));
+    }
+  }
+}