You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by li...@apache.org on 2019/01/24 01:40:53 UTC
[incubator-iotdb] branch fix_sonar updated: fix vulnera of
pathPrivilege
This is an automated email from the ASF dual-hosted git repository.
liurui pushed a commit to branch fix_sonar
in repository https://gitbox.apache.org/repos/asf/incubator-iotdb.git
The following commit(s) were added to refs/heads/fix_sonar by this push:
new f5955aa fix vulnera of pathPrivilege
new dd90d8b Merge branch 'fix_sonar' of github.com:apache/incubator-iotdb into fix_sonar
f5955aa is described below
commit f5955aaeb73bd5370bbaec9def31ef9b5f8eaaa3
Author: liuruiyiyang <24...@qq.com>
AuthorDate: Wed Jan 23 19:57:19 2019 +0800
fix vulnera of pathPrivilege
---
.../apache/iotdb/db/auth/entity/PathPrivilege.java | 26 ++++++++++++++---
.../java/org/apache/iotdb/db/auth/entity/Role.java | 4 +--
.../java/org/apache/iotdb/db/auth/entity/User.java | 4 +--
.../iotdb/db/auth/user/LocalFileUserAccessor.java | 7 ++++-
.../org/apache/iotdb/db/concurrent/HashLock.java | 8 ++---
.../strategy/MaxDiskUsableSpaceFirstStrategy.java | 4 +--
.../iotdb/db/qp/executor/OverflowQPExecutor.java | 6 ++--
.../java/org/apache/iotdb/db/utils/AuthUtils.java | 34 +++++++++++-----------
.../java/org/apache/iotdb/db/utils/IOUtils.java | 8 ++---
.../iotdb/db/auth/LocalFIleRoleAccessorTest.java | 2 +-
.../iotdb/db/auth/LocalFileRoleManagerTest.java | 2 +-
.../iotdb/db/auth/LocalFileUserAccessorTest.java | 2 +-
.../iotdb/db/auth/LocalFileUserManagerTest.java | 2 +-
13 files changed, 66 insertions(+), 43 deletions(-)
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/PathPrivilege.java b/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/PathPrivilege.java
index 8496491..2ae6900 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/PathPrivilege.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/PathPrivilege.java
@@ -30,13 +30,31 @@ import java.util.concurrent.atomic.AtomicInteger;
*/
public class PathPrivilege {
+ private Set<Integer> privileges;
+ private String path;
+
/**
* Sort PathPrivilege by referenceCnt in descent order.
*/
- public static Comparator<PathPrivilege> referenceDescentSorter = (o1,
- o2) -> -Integer.compare(o1.referenceCnt.get(), o2.referenceCnt.get());
- public Set<Integer> privileges;
- public String path;
+ public static final Comparator<PathPrivilege> referenceDescentSorter = (o1, o2) -> -Integer.
+ compare(o1.referenceCnt.get(), o2.referenceCnt.get());
+
+ public Set<Integer> getPrivileges() {
+ return privileges;
+ }
+
+ public void setPrivileges(Set<Integer> privileges) {
+ this.privileges = privileges;
+ }
+
+ public String getPath() {
+ return path;
+ }
+
+ public void setPath(String path) {
+ this.path = path;
+ }
+
/**
* This field records how many times this privilege is referenced during a life cycle (from being
* loaded to being discarded). When serialized to a file, this determines the order of
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/Role.java b/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/Role.java
index 9dddd4d..a8317ce 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/Role.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/Role.java
@@ -57,8 +57,8 @@ public class Role {
*/
public void setPrivileges(String path, Set<Integer> privileges) {
for (PathPrivilege pathPrivilege : privilegeList) {
- if (pathPrivilege.path.equals(path)) {
- pathPrivilege.privileges = privileges;
+ if (pathPrivilege.getPath().equals(path)) {
+ pathPrivilege.setPrivileges(privileges);
}
}
}
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/User.java b/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/User.java
index 9f1b85b..34f85b9 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/User.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/auth/entity/User.java
@@ -75,8 +75,8 @@ public class User {
*/
public void setPrivileges(String path, Set<Integer> privileges) {
for (PathPrivilege pathPrivilege : privilegeList) {
- if (pathPrivilege.path.equals(path)) {
- pathPrivilege.privileges = privileges;
+ if (pathPrivilege.getPath().equals(path)) {
+ pathPrivilege.setPrivileges(privileges);
}
}
}
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessor.java b/iotdb/src/main/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessor.java
index c061352..b843422 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessor.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/auth/user/LocalFileUserAccessor.java
@@ -34,6 +34,8 @@ import org.apache.iotdb.db.auth.entity.PathPrivilege;
import org.apache.iotdb.db.auth.entity.User;
import org.apache.iotdb.db.conf.IoTDBConstant;
import org.apache.iotdb.db.utils.IOUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* This class loads a user's information from the corresponding file.The user file is a sequential
@@ -51,6 +53,7 @@ public class LocalFileUserAccessor implements IUserAccessor {
private static final String TEMP_SUFFIX = ".temp";
private static final String STRING_ENCODING = "utf-8";
+ private static final Logger LOGGER = LoggerFactory.getLogger(LocalFileUserAccessor.class);
private String userDirPath;
/**
@@ -78,7 +81,9 @@ public class LocalFileUserAccessor implements IUserAccessor {
File newProfile = new File(
userDirPath + File.separator + username + IoTDBConstant.PROFILE_SUFFIX + TEMP_SUFFIX);
if (newProfile.exists() && newProfile.isFile()) {
- newProfile.renameTo(userProfile);
+ if(!newProfile.renameTo(userProfile)) {
+ LOGGER.error("New profile renaming not succeed.");
+ }
userProfile = newProfile;
} else {
return null;
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/concurrent/HashLock.java b/iotdb/src/main/java/org/apache/iotdb/db/concurrent/HashLock.java
index 5b9f9fc..7e8c783 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/concurrent/HashLock.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/concurrent/HashLock.java
@@ -53,19 +53,19 @@ public class HashLock {
}
public void readLock(Object obj) {
- this.locks[Math.abs(obj.hashCode()) % lockSize].readLock().lock();
+ this.locks[Math.abs(obj.hashCode() % lockSize)].readLock().lock();
}
public void readUnlock(Object obj) {
- this.locks[Math.abs(obj.hashCode()) % lockSize].readLock().unlock();
+ this.locks[Math.abs(obj.hashCode() % lockSize)].readLock().unlock();
}
public void writeLock(Object obj) {
- this.locks[Math.abs(obj.hashCode()) % lockSize].writeLock().lock();
+ this.locks[Math.abs(obj.hashCode() % lockSize)].writeLock().lock();
}
public void writeUnlock(Object obj) {
- this.locks[Math.abs(obj.hashCode()) % lockSize].writeLock().unlock();
+ this.locks[Math.abs(obj.hashCode() % lockSize)].writeLock().unlock();
}
/**
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/conf/directories/strategy/MaxDiskUsableSpaceFirstStrategy.java b/iotdb/src/main/java/org/apache/iotdb/db/conf/directories/strategy/MaxDiskUsableSpaceFirstStrategy.java
index abdb9ff..bda3d6e 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/conf/directories/strategy/MaxDiskUsableSpaceFirstStrategy.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/conf/directories/strategy/MaxDiskUsableSpaceFirstStrategy.java
@@ -26,7 +26,7 @@ import java.util.Random;
public class MaxDiskUsableSpaceFirstStrategy extends DirectoryStrategy {
// disk space is measured by MB
- private final long dataSizeShift = 1024 * 1024;
+ private static final double DATA_SIZE_SHIFT = 1024D * 1024;
@Override
public int nextFolderIndex() {
@@ -60,7 +60,7 @@ public class MaxDiskUsableSpaceFirstStrategy extends DirectoryStrategy {
}
private long getUsableSpace(String path) {
- double freespace = new File(path).getUsableSpace() / dataSizeShift;
+ double freespace = new File(path).getUsableSpace() / DATA_SIZE_SHIFT;
return (long) freespace;
}
}
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/qp/executor/OverflowQPExecutor.java b/iotdb/src/main/java/org/apache/iotdb/db/qp/executor/OverflowQPExecutor.java
index e2d3009..52cd307 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/qp/executor/OverflowQPExecutor.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/qp/executor/OverflowQPExecutor.java
@@ -437,7 +437,7 @@ public class OverflowQPExecutor extends QueryProcessExecutor {
if (role != null) {
for (PathPrivilege pathPrivilege : role.privilegeList) {
if (nodeName == null || AuthUtils
- .pathBelongsTo(nodeName.getFullPath(), pathPrivilege.path)) {
+ .pathBelongsTo(nodeName.getFullPath(), pathPrivilege.getPath())) {
msg.append(pathPrivilege.toString());
}
}
@@ -455,7 +455,7 @@ public class OverflowQPExecutor extends QueryProcessExecutor {
msg.append("From itself : {\n");
for (PathPrivilege pathPrivilege : user.privilegeList) {
if (nodeName == null || AuthUtils
- .pathBelongsTo(nodeName.getFullPath(), pathPrivilege.path)) {
+ .pathBelongsTo(nodeName.getFullPath(), pathPrivilege.getPath())) {
msg.append(pathPrivilege.toString());
}
}
@@ -466,7 +466,7 @@ public class OverflowQPExecutor extends QueryProcessExecutor {
msg.append("From role ").append(roleN).append(" : {\n");
for (PathPrivilege pathPrivilege : role.privilegeList) {
if (nodeName == null
- || AuthUtils.pathBelongsTo(nodeName.getFullPath(), pathPrivilege.path)) {
+ || AuthUtils.pathBelongsTo(nodeName.getFullPath(), pathPrivilege.getPath())) {
msg.append(pathPrivilege.toString());
}
}
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java b/iotdb/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
index 592a625..a830ca3 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/utils/AuthUtils.java
@@ -185,14 +185,14 @@ public class AuthUtils {
}
for (PathPrivilege pathPrivilege : privilegeList) {
if (path != null) {
- if (pathPrivilege.path != null && AuthUtils.pathBelongsTo(path, pathPrivilege.path)) {
- if (pathPrivilege.privileges.contains(privilegeId)) {
+ if (pathPrivilege.getPath() != null && AuthUtils.pathBelongsTo(path, pathPrivilege.getPath())) {
+ if (pathPrivilege.getPrivileges().contains(privilegeId)) {
return true;
}
}
} else {
- if (pathPrivilege.path == null) {
- if (pathPrivilege.privileges.contains(privilegeId)) {
+ if (pathPrivilege.getPath() == null) {
+ if (pathPrivilege.getPrivileges().contains(privilegeId)) {
return true;
}
}
@@ -215,12 +215,12 @@ public class AuthUtils {
Set<Integer> privileges = new HashSet<>();
for (PathPrivilege pathPrivilege : privilegeList) {
if (path != null) {
- if (pathPrivilege.path != null && AuthUtils.pathBelongsTo(path, pathPrivilege.path)) {
- privileges.addAll(pathPrivilege.privileges);
+ if (pathPrivilege.getPath() != null && AuthUtils.pathBelongsTo(path, pathPrivilege.getPath())) {
+ privileges.addAll(pathPrivilege.getPrivileges());
}
} else {
- if (pathPrivilege.path == null) {
- privileges.addAll(pathPrivilege.privileges);
+ if (pathPrivilege.getPath() == null) {
+ privileges.addAll(pathPrivilege.getPrivileges());
}
}
}
@@ -238,7 +238,7 @@ public class AuthUtils {
public static boolean hasPrivilege(String path, int privilegeId,
List<PathPrivilege> privilegeList) {
for (PathPrivilege pathPrivilege : privilegeList) {
- if (pathPrivilege.path.equals(path) && pathPrivilege.privileges.contains(privilegeId)) {
+ if (pathPrivilege.getPath().equals(path) && pathPrivilege.getPrivileges().contains(privilegeId)) {
pathPrivilege.referenceCnt.incrementAndGet();
return true;
}
@@ -255,12 +255,12 @@ public class AuthUtils {
*/
public static void addPrivilege(String path, int privilgeId, List<PathPrivilege> privilegeList) {
for (PathPrivilege pathPrivilege : privilegeList) {
- if (pathPrivilege.path.equals(path)) {
+ if (pathPrivilege.getPath().equals(path)) {
if (privilgeId != PrivilegeType.ALL.ordinal()) {
- pathPrivilege.privileges.add(privilgeId);
+ pathPrivilege.getPrivileges().add(privilgeId);
} else {
for (PrivilegeType privilegeType : PrivilegeType.values()) {
- pathPrivilege.privileges.add(privilegeType.ordinal());
+ pathPrivilege.getPrivileges().add(privilegeType.ordinal());
}
}
return;
@@ -268,10 +268,10 @@ public class AuthUtils {
}
PathPrivilege pathPrivilege = new PathPrivilege(path);
if (privilgeId != PrivilegeType.ALL.ordinal()) {
- pathPrivilege.privileges.add(privilgeId);
+ pathPrivilege.getPrivileges().add(privilgeId);
} else {
for (PrivilegeType privilegeType : PrivilegeType.values()) {
- pathPrivilege.privileges.add(privilegeType.ordinal());
+ pathPrivilege.getPrivileges().add(privilegeType.ordinal());
}
}
privilegeList.add(pathPrivilege);
@@ -288,14 +288,14 @@ public class AuthUtils {
List<PathPrivilege> privilegeList) {
PathPrivilege emptyPrivilege = null;
for (PathPrivilege pathPrivilege : privilegeList) {
- if (pathPrivilege.path.equals(path)) {
+ if (pathPrivilege.getPath().equals(path)) {
if (privilgeId != PrivilegeType.ALL.ordinal()) {
- pathPrivilege.privileges.remove(privilgeId);
+ pathPrivilege.getPrivileges().remove(privilgeId);
} else {
privilegeList.remove(pathPrivilege);
return;
}
- if (pathPrivilege.privileges.size() == 0) {
+ if (pathPrivilege.getPrivileges().size() == 0) {
emptyPrivilege = pathPrivilege;
}
break;
diff --git a/iotdb/src/main/java/org/apache/iotdb/db/utils/IOUtils.java b/iotdb/src/main/java/org/apache/iotdb/db/utils/IOUtils.java
index d644ab3..6b3ba36 100644
--- a/iotdb/src/main/java/org/apache/iotdb/db/utils/IOUtils.java
+++ b/iotdb/src/main/java/org/apache/iotdb/db/utils/IOUtils.java
@@ -129,7 +129,7 @@ public class IOUtils {
int privilegeNum = inputStream.readInt();
PathPrivilege pathPrivilege = new PathPrivilege(path);
for (int i = 0; i < privilegeNum; i++) {
- pathPrivilege.privileges.add(inputStream.readInt());
+ pathPrivilege.getPrivileges().add(inputStream.readInt());
}
return pathPrivilege;
}
@@ -148,9 +148,9 @@ public class IOUtils {
String encoding,
ThreadLocal<ByteBuffer> encodingBufferLocal)
throws IOException {
- writeString(outputStream, pathPrivilege.path, encoding, encodingBufferLocal);
- writeInt(outputStream, pathPrivilege.privileges.size(), encodingBufferLocal);
- for (Integer i : pathPrivilege.privileges) {
+ writeString(outputStream, pathPrivilege.getPath(), encoding, encodingBufferLocal);
+ writeInt(outputStream, pathPrivilege.getPrivileges().size(), encodingBufferLocal);
+ for (Integer i : pathPrivilege.getPrivileges()) {
writeInt(outputStream, i, encodingBufferLocal);
}
}
diff --git a/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFIleRoleAccessorTest.java b/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFIleRoleAccessorTest.java
index 7f8ab49..5fdaee5 100644
--- a/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFIleRoleAccessorTest.java
+++ b/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFIleRoleAccessorTest.java
@@ -58,7 +58,7 @@ public class LocalFIleRoleAccessorTest {
roles[i] = new Role("role" + i);
for (int j = 0; j <= i; j++) {
PathPrivilege pathPrivilege = new PathPrivilege("root.a.b.c" + j);
- pathPrivilege.privileges.add(j);
+ pathPrivilege.getPrivileges().add(j);
roles[i].privilegeList.add(pathPrivilege);
}
}
diff --git a/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java b/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java
index 11049e2..db607ea 100644
--- a/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java
+++ b/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileRoleManagerTest.java
@@ -57,7 +57,7 @@ public class LocalFileRoleManagerTest {
roles[i] = new Role("role" + i);
for (int j = 0; j <= i; j++) {
PathPrivilege pathPrivilege = new PathPrivilege("root.a.b.c" + j);
- pathPrivilege.privileges.add(j);
+ pathPrivilege.getPrivileges().add(j);
roles[i].privilegeList.add(pathPrivilege);
}
}
diff --git a/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java b/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java
index 6fbbf4f..4a05ded 100644
--- a/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java
+++ b/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileUserAccessorTest.java
@@ -59,7 +59,7 @@ public class LocalFileUserAccessorTest {
users[i] = new User("user" + i, "password" + i);
for (int j = 0; j <= i; j++) {
PathPrivilege pathPrivilege = new PathPrivilege("root.a.b.c" + j);
- pathPrivilege.privileges.add(j);
+ pathPrivilege.getPrivileges().add(j);
users[i].privilegeList.add(pathPrivilege);
users[i].roleList.add("role" + j);
}
diff --git a/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java b/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java
index 4cb3dcd..3bb022a 100644
--- a/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java
+++ b/iotdb/src/test/java/org/apache/iotdb/db/auth/LocalFileUserManagerTest.java
@@ -59,7 +59,7 @@ public class LocalFileUserManagerTest {
users[i] = new User("user" + i, "password" + i);
for (int j = 0; j <= i; j++) {
PathPrivilege pathPrivilege = new PathPrivilege("root.a.b.c" + j);
- pathPrivilege.privileges.add(j);
+ pathPrivilege.getPrivileges().add(j);
users[i].privilegeList.add(pathPrivilege);
users[i].roleList.add("role" + j);
}